Wednesday, August 20, 2008

SSO Login failure: Is it a problem with the username or the password ?

We are working on a proof of concept instance to evaluate integrating E-Business Suite login information with the corporate LDAP directory (In our case, it is the MS Active Directory). Users are currently getting authenticated using the local fnd_user table in the E-Business Suite database. The project aims to use the corporate user repository (MS Active Directory) for authenticating the E-Business Suite users, enabling single sign on (SSO) for all Oracle E-Business suite of Applications in the enterprise.

I had a tough time testing login failures after the SSO integration with E-Business Suite. The login page does not reveal if it is an invalid User Name or an invalid Password. All i get is "Error: Authentication failed. Please try again".

I turned to the $ORACLE_HOME/sso/log/ssoServer.log for help. The ssoServer.log provides additional error information only for invalid User Names. In the below error message, the stack trace reveals the problem is with the username sramineni@mycompany.com , meaning this username does not exist in the Oracle Internet Directory (and MS Active Directory).

Wed Aug 20 23:47:41 CDT 2008 [ERROR] AJPRequestHandler-ApplicationServerThread-7 Could not get attributes for user, sramineni@mycompany.com oracle.ldap.util.NoSuchUserException: User does not exist - SIMPLE NAME = sramineni@mycompany.com at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1160)

Now, if i enter a valid User Name,but invalid password, Oracle fails to update ssoServer.log with any error/stack trace. Oracle keeps you guessing on this aspect.

Monday, August 18, 2008

Database and archive log backup in one RUN command

Introduction


We went live with 10.2.0.4 Oracle CRS this weekend, completing the 5 month 9i to 10g database upgrade project. I also verified the first RMAN backup job after the upgrade and it completed successfully. A known issue with the backup job in 9i no longer exists after the 10g upgrade, acting as an additional bonus of the upgrade !

Problem


We take full database backups always without any incremental backups. Though the below run block contains two backup commands, one for the database backup and the other for the archive log backup, the latter never used to get picked up in 9i. In this older version, Oracle always skipped the second backup command in the below run block without reporting any error messages or warnings.

connect rcvcat 'rmanprod/*****@catdb'
connect target '/'


run {
allocate channel t1 type 'SBT_TAPE';
allocate channel t2 type 'SBT_TAPE';
backup
format 'prod_bk_%s_%p_%t'
(database include current controlfile);
# backup all archive logs
backup
skip inaccessible
format 'prod_al_%s_%p_%t'
(archivelog all
delete input);
release channel t1;
release channel t2;
}
allocate channel for maintenance type 'SBT_TAPE';
crosscheck backup of database;
delete expired backup;
release channel;


Solution

Since we have a different backup job to backup only archive logs, we did not pursue this problem with Oracle Support. I am not sure if this is a known issue in 9i version, but pleasantly surprised to find this problem go away in 10g. The first backup job that we run after the 10g upgrade successfully processed both the database backup command and archive log backup command in the same RUN block. The 9i mystery seems to have gone away in 10g. I am interested to know if some of you observed the same issue with 9i before ?