| Article Number | 000033058 |
| Applies To | RSA Product Set: RSA Via Lifecycle and Governance, Identity Management and Governance
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0 |
| Issue | The error (Unable to check Database. java.lang.SecurityException: PBOX000016: Access denied: authentication failed) is displayed both on the screen when attempting to access the Web Administration page for RSA Via Lifecycle and Governance and in the /home/oracle/wildfly/standalone/log/server.log.
In the UI, the error shows as:
Below is a snippet from the /home/oracle/wildfly/standalone/log/server.log:
2016-05-05 10:04:41,660 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer]
(MSC service thread 1-2) Exception during createSubject()PBOX000016: Access denied: authentication failed:
java.lang.SecurityException: PBOX000016: Access denied: authentication failed
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1184)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1179)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1178)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:637)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:283)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:310)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:124)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_79]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]
|
| Cause | This error is caused when one or more passwords are either corrupt or incorrect in the following configuration file:
/home/oracle/wildfly/standalone/configuration/aveksa-standalone-full.xml
|
| Workaround | The steps below show how to check current passwords that are encrypted within the Aveksa_System.cfg against what is within the aveksa-standalone-full.xml:
- Login or change user to oracle.
cd deploy
./generateLoginKey <username>
- Check the return value against the password stored in aveksa-standalone-full.xml.Here is an example of the process:
- If an entry that was from the generateLoginKey does not match the output of the grep command, edit the aveksa-standalone-full.xml for the given username/password pair and update the value to match. Here is a grep of the username/password value pairs from the aveksa-standalone-full.xml.
|
| Notes | If the passwords match and the error still displays, the issue may be that the encrypted password is inaccurate within the Aveksa_System.cfg.
Steps for changing or updating the password are documented in the RSA Via Lifecycle and Governance Installation Guide V7.0. Here is a snippet.
Use sqlplus to verify the username / password combination. Edit the /home/oracle/Aveksa_System.cfg and replace the encrypted password with a clear-text password.
Running generateLoginKey will replace the clear-text password with its encrypted equivalent and echo the password that would be used in the aveksa-standalone-full.xml. |
on Jun 14, 2016
