Banner SSB "break-in attempt" error?
Hi all
We kept getting the following error and tried all the solutions suggested by Sungard HE web site but still could not solve the problem! Please anybody help?? Thanks!
Alan
PCOM
"A break-in attempt was detected.
Contents of the CPSESSID cookie:
SCT (type 03): BPN77A54058
Last Activity Time (type 01): 20100610134526
Total number of cookie sections found: 2 "
![Syndicate content](/misc/feed.png "Comments for \"Banner SSB "break-in attempt" error?\""){kind=small}
Are you (or the user) currently logged in to Luminis while tryin
Are you (or the user) currently logged in to Luminis while trying to get into SSB seperately (other than through Luminis itself)
Users can not have an instance of SSB open and then open Luminis and login as the SSB instance will become flaky.
Either use Luminis exclusively, or inform users that trying to use both at the same time will cause this "issue"
If this is not the scneraio you are involved in then I am sorry for the reply... but that is the only reason for the issue at our institution.
Thanks for Reply.
Hi Joseph
We are trying to create a new link in Banner SSB and put it in the page.
Everything is going through luminis. :(
Alan
Cookies and more ideas
Agreed, the first thing to try is using a fresh browser window. Close all browser windows, clear cookies, clear cache etc and then try again.
If you still have this problem in a clean browser, then check the server time on the luminis server and the banner server, they must be within a couple of seconds of each other (optimally, they are both using the same NTP server for syncing).
After that, check the response back from your banner server when looking at the config in your web browser. The URL will be something like this:
https://ssb.your.edu:9000/bandev/gokssso.P_GetConfigVersion2?oid=1
The URL can be obtained from configman -g es.sctssb.configURL but you must append the "?oid=1" yourself. Check the response for mismatched banner instance ID, port numbers, and protocols.
Then you need to look at your LDAP configuration. Can banner connect up to the Luminis LDAP? If so, use an LDAP explorer to navigate through the tree under o=Banner, o=SCTSSOapplications looking for missing or incorrect values. I am assuming that you are using the MidTier single sign-on, not the old (Luminis 3) style.
Then lastly, look at your SSO URLs, and do an HTTP request trace as you click one of them.
Good luck!
Todd
Thanks for the reply.
Hi Todd
Update.
I deleted everything in the browser and still got the error.
I ran "configman -g es.sctccb.* and I do not see the link you post! should I add the property in? Thanks!
Alan
CPIP system name
What is your CPIP system name? If you have followed Sungard's instructions, then I think it should be "sctssb". But check that first, if you have some other system name for SSO to Banner, then use that system name. For sure, you need to have some configURL set for whichever system it is.
(and I assume your "sctccb" was just a typo)
So go back and re-read the integration instructions, maybe you didn't follow all of them?
Todd
break in attempt
Normally I only see the 'break in attempt' message when my Luminis system has a configman values set to say, a PROD system, but the links to click are set to TEST, or vice versa.
configman -g es.sctssb.configURL
It'll be something like https://selfservice.school.edu/PROD/gokssso.P_GetConfigVersion2_sserv
But your link you are clicking is:
http://portal.school.edu/cp/ip/login?sys=sctssb&url=https://selfservice.school.edu/TEST/somepackage
Reply
Hi Todd
I just read the old menu of setting up Banner SSB, everything is written in "es.sct.*"!
We'd had this setup and running since 2006!
Hi Jason, thanks for reply.
We checked that already too! :(
Alan
More question
Hi Todd and Jason
Could the error be related with a customized link I am trying to put on Banner SSB page?
Please see my another question: http://www.lumdev.net/node/3622
Thanks!
Alan
SSO
Does SSO work otherwise? Is it only in the new links that you are trying to make that SSO does not work?
If so, then you simply have the wrong link format, and need to keep trying. :) Use the HTTP live headers when you click a link that does work, and see the difference between working and not working.
Todd
Reply
Hi Todd and Jason
We use SCT EVENT Authentification service to authenticate Banner SSB instead of CPIP.
I just made the changes to use CPIP but got different error now:
CPIP Notification: Unsupported OID service
I am now working on solving it, thanks!
Alan
Solution
Hi
At Victoria University of Wellington, New Zealand we experience the same issues. They are simple to resolve;
Unsupported OID means the portal servers are unable to contact the SSO server using the GetConfigVersion2 url. If it's happening to Banner SSO i.e INB SSO then there is a problem contacting the banner server from the portal. ie. https://server:port/pls/webprod/gokssso.P_GetConfigVersion2?oid=1234
check to see what your GetConfigVersion2 url is by typing as luminis user;
configman -g es.sctinb.* or configman -g es.sctssb.*
The break in attempt means either;
Your account in banner is either disabled, doesnt have a PIN set, or PIN has expired. I would try getting the user to log into student records (SSB) and verify they can access the system directly. Once their access is sorted and they can log in directly then SSO will start to function again... Also another cause of the break in attempt is when your network password in Active directory does not conform to oracle password constraints. Users can press Alt ctrl and delete in Windows and get around password policys ie. min length etc... then when you try to log in the break in attempt message shows. Simply get them to change the password to something that oracle will accept...