Oracle Database Collector fails with "ORA-01017:invalid username/password" in RSA Identity Governance & Lifecycle
Originally Published: 2019-05-08
Article Number
Applies To
RSA Version/Condition: 7.0.2, 7.1.0, 7.1.1
Issue
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
The /home/oracle/wildfly-8.2.0.Final/standalone/log/aveksaServer.log shows the following ERROR level log message:
05/08/2019 15:16:27.292 ERROR (Thread-6499 (HornetQ-client-global-threads-1354152125)) [com.aveksa.server.utils.NodeMessageBroker] Exception while getting test data from collector com.aveksa.server.runtime.ServerException: com.aveksa.sdk.collector.CollectionException: com.aveksa.common.DataReadException: ERROR: Could not get accounts data: . Caused by com.aveksa.common.DataReadException: ERROR: Could not get accounts data: . Caused by java.sql.SQLException: ORA-01017: invalid username/password; logon denied .. Caused by: java.sql.SQLException: ORA-01017: invalid username/password; logon denied
Cause
This is a known issue if the Oracle bind password contains certain special characters. RSA Identity Governance & Lifecycle currently sanitizes input in the Password dialog box of the collector to prevent potential scripting attacks. Although these characters are valid characters allowed by Oracle as part of the Oracle password, they cannot be used in the password dialog box.
The list of characters currently known to cause this issue are the following.
- # - number sign, also known as pound or hash character
- $ - dollar sign
- _ - underscore or underline
Resolution
Workaround
- # - number sign, also known as pound or hash character
- $ - dollar sign
- _ - underscore or underline
