Article Number | 000033058 |
Applies To | RSA Product Set: RSA Via Lifecycle and Governance, Identity Management and Governance RSA Product/Service Type: Enterprise Software RSA Version/Condition: 7.0 |
Issue | The error (Unable to check Database. java.lang.SecurityException: PBOX000016: Access denied: authentication failed) is displayed both on the screen when attempting to access the Web Administration page for RSA Via Lifecycle and Governance and in the /home/oracle/wildfly/standalone/log/server.log. In the UI, the error shows as:
 Below is a snippet from the /home/oracle/wildfly/standalone/log/server.log:
2016-05-05 10:04:41,660 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84) at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1184) at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1179) at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79] at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1178) at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:637) at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:283) at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:310) at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:124) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_79] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_79] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]
|
Cause | This error is caused when one or more passwords are either corrupt or incorrect in the following configuration file:
/home/oracle/wildfly/standalone/configuration/aveksa-standalone-full.xml
|
Workaround | The steps below show how to check current passwords that are encrypted within the Aveksa_System.cfg against what is within the aveksa-standalone-full.xml:
- Login or change user to oracle.
cd deploy ./generateLoginKey <username>
- Check the return value against the password stored in aveksa-standalone-full.xml.Here is an example of the process:
- If an entry that was from the generateLoginKey does not match the output of the grep command, edit the aveksa-standalone-full.xml for the given username/password pair and update the value to match. Here is a grep of the username/password value pairs from the aveksa-standalone-full.xml.
 |
Notes | If the passwords match and the error still displays, the issue may be that the encrypted password is inaccurate within the Aveksa_System.cfg. Steps for changing or updating the password are documented in the RSA Via Lifecycle and Governance Installation Guide V7.0. Here is a snippet. Use sqlplus to verify the username / password combination. Edit the /home/oracle/Aveksa_System.cfg and replace the encrypted password with a clear-text password. Running generateLoginKey will replace the clear-text password with its encrypted equivalent and echo the password that would be used in the aveksa-standalone-full.xml. |