Applies to:
Siebel System Software - Version 7.8.2.3 [19221] and later
z*OBSOLETE: Microsoft Windows 2000
Product Release: V7 (Enterprise)
Version: 7.8.2.3 [19221]
Database: Oracle 9.2.0.6
Application Server OS: Microsoft Windows 2000 Advanced Server SP 4
Database Server OS: Sun Solaris 2.7
This document was previously published as Siebel SR 38-3110496831.
Symptoms
While invoking inbound web services using WS-Security (with Active
Directory), when the login used to invoke the web service was rejected,
for example the password had expired, the EAI Object Manager contained
several errors :-
SBL-DAT-00701: The administrator have checked 'User must change password at next logon' for you. Please change your password.
SBL-SEC-10018: The administrator have checked 'User must change password
at next logon' for you. Please change your password.(SBL-DAT-00701)
SBL-SEC-10005: Your password has expired. Please change your password.
SBL-EAI-05163: Either an invalid user name or password was specified in the request for operation, 'MyOperation'.However, the SOAP document returned did not contain all the errors, only the last SBL-EAI-05163, for example :-
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Either an invalid user name or password was specified in the request for operation, 'MyOperation'.
(SBL-EAI-05163)</faultstring>
<detail>
<siebelf:errorstack xmlns:siebelf="http://www.siebel.com/ws/fault">
<siebelf:error>
<siebelf:errorsymbol>IDS_EAI_WS_RELOGIN_FAILURE</siebelf:errorsymbol>
<siebelf:errormsg>Either an invalid user name or password was specified in the request for operation, 'MyOperation'.
(SBL-EAI-05163)</siebelf:errormsg>
</siebelf:error>
</siebelf:errorstack>
</detail>
</SOAP-ENV:Fault>The requirement was for the other errors, in particular the error the SBL-SEC-10005 error to be returned in the SOAP resoponse.
Cause
Currently this is expected behavior. The application is working as designed.
Solution
BUG: 10511385
has been logged to request the other errors are also returned, in
addition to the final error. This change request will be reviewed and
prioritized for possible inclusion in a later release.
Applies to:
Siebel System Software - Version: 8.1.1.2 and later [Release: V8 and later ]
Information in this document applies to any platform.
Symptoms
ENVIRONMENT
Siebel 8.1.1.2 / Windows 2003
STEPS
Siebel registered users are not able to modify their passwords once
expired in Siebel Financial Services application version 8.1.1.2 being
authenticated by a Custom Security Adapter on Windows. Rather than being
presented with a Siebel screen view to modify the password, an error is
presented to the user [1]. The Siebel application object manager (AOM)
logfiles clearly indicate that the password for the Siebel user has
expired. In the Siebel Dedicated Client the behavior is different - for
user accounts with expired passwords - a popup dialog box is presented
allowing the Siebel registered user to modify the password.
EXPECTED BEHAVIOR
It is expected that the user is
automatically directed to the Siebel View "Change Password View (SWE)".
This behavior is controlled by the application object manager hidden
parameter ChangePasswordView, which is set to "Change Password View
(SWE)" by default.
ERROR MESSAGES
1) SBL-UIF-00272: The user ID or password that you entered is incorrect. Please check the spelling and try again.
2) SBL-SEC-10018: SecurityLogin(): AuthenticationClient Error: 80050010 : AuthenticationService::ExpiredCredentials.
3) SBL-SEC-10005: Your password has expired. Please change your password.
4) SBL-UIF-00425: Your password has expired, please change it to enter the system.
Cause
Bug 10512510
(Change Request 12-1T2II25) was logged to address a Product Defect
where no error or warning was displayed when an account password had
expired in an external directory. This is specific to database
authentication and not external authentication.
Bug 12820579 has been logged to address an additional Product Defect specific to external authentication.
Solution
Bug 10512510
(Change Request 12-1T2II25) has been fixed in Siebel 8.1.1.1 [21211]
QF0154 as part of Fix Request 12-1WF6XDZ. This Quick Fix has since been
accumulated into Siebel Fix Pack 8.1.1.3 as per the latest Maintenance
Release Guide and available for download under
Patch Number 9882361.
NOTE: Only applicable for DB authentication (DB2)
Bug 12820579 is still open for external authentication.
Applies to:
Siebel System Software - Version: 7.8.2 SIA [19213] and later [Release: V7 and later ]
z*OBSOLETE: Microsoft Windows 2000
Product Release: V7 (Enterprise)
Version: 7.8.2 [19213] Life Sci
Database: Oracle 9.2.0.6
Application Server OS: Microsoft Windows 2000 Server SP 4
Database Server OS: HP 9000 Series HP-UX
This document was previously published as Siebel SR 38-3099895901.
Symptoms
SBL-DAT-00712, SBL-SEC-10005I recently started testing change the AllowAnonUsers parameter in the SWE section of epharma.cfg
file. By setting the parameter to false, it did prevent anonymous access. I then noticed the
behavior described in SR 38-1021293097 where the application does not bring the message about an
invalid userid/password.
The recommendation in that SR is to comment out the following
command as a workaround:
string StartCommand =
SWECmd=GotoView&SWEView=Home+Page+View+(eSales)
I went to try and configure this, but
it does not appear to be part of the epharma_enu section of the eapps_sia.cfg file. I didn't
figure adding it there and commenting it out would help the situation. It is also not in the
default section at the top of the eapps.cfg file. Is this configurable for the ePharma Object
Manager? Is so, how?
Cause
Change Request 12-198EWWW
Solution
Message 1
For the benefit of other readers,
Customer was using Siebel ADSI Security Adapter authentication version
7.8.2 and had changed parameter AllowAnonUsers to FALSE in the [swe]
section of the epharma.cfg file. After this change, a login attempt was
made, and the login page reloaded with no error messages. The ePharma
Object Manager log file had the error messages below:
“SBL-DAT-00712: Unable to retrieve credential string from user <user DN> information in Active Directory.”
“SBL-SEC-10005: Your password has expired. Please change your password.”
Error message SBL-DAT-00712 is acceptable. Service Request 38-2208858391
on SupportWeb has further information regarding this error message.
Error message SBL-SEC-10005 is usually associated with an ADSI account
with expired password. Based in this information, an internal
environment with Siebel version 7.8.2 environment, Siebel ADSI Security
Adapter authentication, and an ADSI account with expired password has
been configured. Parameter AllowAnonUsers was set to FALSE in
application cfg file. Behavior customer reported has been reproduced
using this internal environment.
When logging using an ADSI account with password expired, the ADSI
Security Adapter identifies that password is expired and redirects
Siebel Web Client to load the “Change Password View”. As this view is
loaded using Anonymous browsing, no error message is displayed and login
page is reloaded.
[Continue]
Message 2
[Continued]
Change Request 12-198EWWW has been logged to address this behavior and
provide an error message when using expired passwords and AllowAnonUsers
parameter set to FALSE.
Thank you,
pplies to:
Siebel CRM - Version: 8.1.1.2 and later [Release: V8 and later ]
Information in this document applies to any platform.
With the PasswordExpireWarnDays not set, the LDAP authentication works
fine but if the user´s password is expired, the browser shows the error
message “This Page cannot be displayed”.
We can see the errors SBL-SEC-10005 and SBL-UIF-00425 in the attached OM
log and in the SWE log files but this message is not threw to the
browser. the user to be redirected to the change password view.
Goal
Steps to replicate :
-check if password expiration would it send the change password screen automatically.
-Will
the LDAP/ADSI adapter work with enfore password change would work or
not in 8.1.1.2, and would it atleast login with valid userid password.
-Expire a userpassword to check if the change password feature.
Logs:
Tested The same as per above and got the same error message :
Noticed
that, when "force password change at next login" is checked in AD, then
the login fails and shows server busy error and the logs contain,
"Your password has expired, please change it to enter the system." as
below.
SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17
02:57:11 Create LDAP SecurityUser object: username=G1TEST1,
dn=CN=G1TEST1,OU=People,DC=d1,DC=us,DC=ts, LDAP handle=0.
SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17 02:57:11 Ldap Utility: GetPwdExpireWarnDays
SecAdptLog Debug 5 0000020a4c190b44:0 2010-06-17 02:57:11 LDAP SecurityLogin8 step 9: Clean up.
SecAdptLog 3rdpartyTrace 3 0000020a4c190b44:0 2010-06-17 02:57:11 ldap_unbind(10a4b78) returns 0.
GenericLog
GenericError 1 0000020a4c190b44:0 2010-06-17 02:57:11 (secmgr.cpp
(2717) err=4597525 sys=0) SBL-SEC-10005: Your password has expired.
Please change your password.
SecAdptLog Memory Mgmt Trace 5 0000020a4c190b44:0 2010-06-17 02:57:11 LDAP SecurityFreeUser8, Security User=c60e388.
SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17 02:57:11 Unbind from LDAP server.
ObjMgrLog
Error 1 0000020a4c190b44:0 2010-06-17 02:57:11 (swelgmgr.cpp (3769))
SBL-UIF-00425: Your password has expired, please change it to enter the
system.
ObjMgrBusServiceLog Error 1 0000020a4c190b44:0 2010-06-17
02:57:11 (swesvc.cpp (1528)) SBL-UIF-00425: Your password has expired,
please change it to enter the system.
Solution
Tested on Siebel 8.1.1.2 QF261
Opened CR# 10595512
No comments:
Post a Comment