Announcement

Collapse
No announcement yet.

[SOLVED] Issue: Changing GUEST.ADMIN Password Causes OTM Restart to Fail

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLVED] Issue: Changing GUEST.ADMIN Password Causes OTM Restart to Fail

    Just found an interesting (read PITA) issue with OTM v5.5 CU1 and up (including CU2 and CU3). If you change the password for the GUEST.ADMIN user, OTM will no longer startup correctly and you'll get the following error message when trying to bring up the login screen:
    Code:
    Error found handling the request.
    javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated. javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: GUEST.ADMIN, failed to be authenticated. at glog.database.security.jaas.ClientLoginModuleImpl.login(ClientLoginModuleImpl.java:50) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at glog.database.security.jaas.AuthenticationContext.login(AuthenticationContext.java:95) at glog.util.remote.NamingDirectory.(NamingDirectory.java:783) at glog.util.remote.NamingDirectory.get(NamingDirectory.java:199) at glog.util.remote.NamingDirectory.getForGuest(NamingDirectory.java:307) at glog.util.remote.NamingDirectory.get(NamingDirectory.java:115) at glog.util.remote.NamingDirectory.get(NamingDirectory.java:126) at glog.util.remote.SessionBeanHomeInvoker.(SessionBeanHomeInvoker.java:26) at glog.util.remote.NamingDirectory.get(NamingDirectory.java:170) at glog.util.remote.NamingDirectory.get(NamingDirectory.java:225) at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:283) at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:316) at glog.util.remote.NamingDirectory.getForSystem(NamingDirectory.java:320) at glog.util.uom.UOMLoader.loadFromServer(UOMLoader.java:92) at glog.webserver.util.BaseServlet.service(BaseServlet.java:585) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at glog.webserver.screenlayout.ClientSessionTracker.doFilter(ClientSessionTracker.java:54) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)


    This issue occurs because of some code changes necessary to support OAS (Oracle Application Server). In order to resolve this issue you need to add a parameter to your tomcat configuration file, with the Base64 encoded value of your new GUEST.ADMIN password. For this example, I'm going to change the password of the GUEST.ADMIN user to "GUESTPASSWORD".

    NOTE: While testing this - I found that if your password contains non-alpha-numeric characters, this won't work. So don't include characters like: !, @, #, $, %, ^, &, *, (, ), etc...

    First, login to OTM and change the GUEST.ADMIN password to GUESTPASSWORD. Then, shutdown OTM.

    In order to get the Base64 encoded version of your password, you can either:
    1) Login to your OTM web server and run:
    Code:
    cd <otm_home_dir>/install
    . ./gc3env.sh
    java glog.util.appclass.Base64Encoding GUESTPASSWORD
    2) Open a web browser and go to: Base64 Encoder and Decoder

    Either way, you'll get an encoded version that looks like:
    R1VFU1RQQVNTV09SRA==
    Now, on your OTM web server(s) edit your <otm_home_dir>/tomcat/bin/tomcat.conf file and append the following line to the "# Java Additional Parameters" section:
    Code:
    wrapper.java.additional.18=-DGuestEncodedPassword=R1VFU1RQQVNTV09SRA==
    Ensure that the number (18 in this example) is the next consecutive number within that section. For our example, the section would look like:
    Code:
    # Java Additional Parameters
    wrapper.java.additional.1=-jrockit
    wrapper.java.additional.2=-Xms1025m
    wrapper.java.additional.3=-Xmx1025m
    wrapper.java.additional.4=-Xgcprio:pausetime
    wrapper.java.additional.5=-Xverbose:memory
    wrapper.java.additional.6=-Xnoclassgc
    wrapper.java.additional.7=-DGC3EncodedPassword=Q0hBTkdFTUU=
    wrapper.java.additional.8=-Dglog.properties=glog.tomcat.properties
    wrapper.java.additional.9=-Dglog.home=%GLOG_HOME%/glog/config
    wrapper.java.additional.10=-Duser.home=%GLOG_HOME%/glog/config
    wrapper.java.additional.11=-Djava.io.tmpdir=%GLOG_HOME%/temp
    wrapper.java.additional.12=-Djava.awt.headless=true
    wrapper.java.additional.14=-Dweblogic.ThreadPoolSize=15
    wrapper.java.additional.15=-Djava.endorsed.dirs=%GLOG_HOME%/tomcat/common/endorsed
    wrapper.java.additional.16=-Dcatalina.base=%GLOG_HOME%/tomcat
    wrapper.java.additional.17=-Dcatalina.home=%GLOG_HOME%/tomcat
    wrapper.java.additional.18=-DGuestEncodedPassword=R1VFU1RQQVNTV09SRA==
    Finally, restart OTM and everything should work.

    References: While investigating this issue, I found related information in the following Oracle Metalink Docs: Note:392713.1 and Note:422201.1.

    Hope this helps!

    --Chris
    Chris Plough
    twitter.com/chrisplough
    MavenWire
Working...
X