You are here

SSB - "access denied" error

Submitted by phillies40 on Wed, 04/14/2010 - 09:25

Hi all

We are now back to upgrading and migrating luminis 3 to 4 project. We are now in Banner SSB module. We keep getting "Access Denied" error even the Authentication service is running. What could I miss? Please someone help because the logs is empty! :(

Alan
PCOM

Luminis Version:

Channels:

CodeStorm:

Hack Type:

Modification:

Comments

You can enable DEBUG by changing the following within $CP_WEBINF/config/cplog4j.properties file:

log4j.rootLogger=ERROR, file

to

log4j.rootLogger=DEBUG, file

Save and wait about 60 sec for changes to take effect. You should then see DEBUG entries within cp.log file.

This setting should be reverted back to ERROR as soon as error is captured. DEBUG logging can cause performance degradation especially if the system is under load.

Hi Scott

It is authen.log in Banner SSB directory I was talking about. I found the following in cp.log after I turned the DEBUG mode on:
*** Pool Statistics ***
Time : Wed Apr 14 09:42:15 EDT 2010
Unique Pool Identifier : jdbc:oracle:thin:@banner-test.pcom.edu:1525:LMIV
Min pool size : 5
Max pool size : 50
# of Connections in pool : 4
# Max wait timeouts : 0

Connection # (1)ID: 1271185695700 In use: true Last use : 67034 seconds ago
Connection # (2)ID: 1271185695701 In use: false Last use : 32 seconds ago
Connection # (3)ID: 1271185695705 In use: false Last use : 11 seconds ago
Connection # (4)ID: 1271185695699 In use: false Last use : 7 seconds ago
[2010-04-14 09:46:15,273] [DEBUG](RDBMDistributedLayoutStore.java:418) {DLM Fragment Updater (working)} [org.jasig.portal.layout.dlm.RDBMDistributedLayoutStore.fragments]: Evaluating fragment cache needs.
[2010-04-14 09:46:15,304] [DEBUG](RDBMDistributedLayoutStore.java:418) {DLM Fragment Updater (working)} [org.jasig.portal.layout.dlm.RDBMDistributedLayoutStore.fragments]: Evaluating fragment cache needs.......

All I can find in authen.log is the following:

Logging set to d:\sct\logs\auth.log, local.properties loaded , successfully obtained database connection. SCT authentication service (2.0) is Ready. Shutdown hook.

Any idea? Thanks!

Alan

For my clarification: you're logging into Luminis as an end user (not the default admin account) and clicking on a link from within Luminis that should perform an SSO into SSB?

What is the output from the following commands:

cpver
configman -g es.systems
configman -g pipeline.datasources.bannerPooled.user
configman -g pipeline.datasources.bannerPooled.host
configman -g pipeline.datasources.bannerPooled.name
configman -g pipeline.datasources.bannerPooled.port
configman -g es.sct.host
configman -g es.sct.port
configman -g es.sct.banner.vpath
configman -g sct.role.* | grep url

Hi Scott

I got the output for your questions! Again, thanks so much for your help!

Alan

$ cpver
Luminis Platform 4.0.0.0 build 3593

lumadmin@lum-res-d ~
$ configman -g es.systems
bb8 cal sct is epos trackit ezproxy citrix groupwise gtmb blackboard PMM

lumadmin@lum-res-d ~
$ configman -g pipeline.datasources.*
pipeline.datasources.bannerPooled.connectionLifetime=0
pipeline.datasources.bannerPooled.connectionMaxLockTime=30
pipeline.datasources.bannerPooled.connectionMaxUses=0
pipeline.datasources.bannerPooled.driver=oracle.jdbc.driver.OracleDriver
pipeline.datasources.bannerPooled.driver.property.oracle.net.crypto_checksum.types_client=(MD5)
pipeline.datasources.bannerPooled.driver.property.oracle.net.crypto_checksum_client=required
pipeline.datasources.bannerPooled.driver.property.oracle.net.encryption_client=required
pipeline.datasources.bannerPooled.driver.property.oracle.net.encryption_types_client=(RC4_40,DES40C)
pipeline.datasources.bannerPooled.driver.trace.enabled=false
pipeline.datasources.bannerPooled.host=banner-test.pcom.edu
pipeline.datasources.bannerPooled.inactiveTimeout=60
pipeline.datasources.bannerPooled.maxConnections=50
pipeline.datasources.bannerPooled.minConnections=5
pipeline.datasources.bannerPooled.name=TEST
pipeline.datasources.bannerPooled.password=
pipeline.datasources.bannerPooled.port=1525
pipeline.datasources.bannerPooled.url=jdbc:oracle:thin:@banner-test.pcom.edu:1525:TEST
pipeline.datasources.bannerPooled.user=integmgr
pipeline.datasources.bannerPooled.validateconnections=true
pipeline.datasources.cp.driver=com.campuspipeline.rdb.conn.ConnectionPoolDriver
pipeline.datasources.cp.url=jdbc:cp:Driver
pipeline.datasources.documentum.session.maximum=30
pipeline.datasources.documentum.session.minimum=1
pipeline.datasources.documentum.session.timeout=300
pipeline.datasources.uPortalPooled.connectionLifetime=0
pipeline.datasources.uPortalPooled.connectionMaxLockTime=30
pipeline.datasources.uPortalPooled.connectionMaxUses=0
pipeline.datasources.uPortalPooled.driver=oracle.jdbc.driver.OracleDriver
pipeline.datasources.uPortalPooled.inactiveTimeout=60
pipeline.datasources.uPortalPooled.maxConnections=50
pipeline.datasources.uPortalPooled.minConnections=5
pipeline.datasources.uPortalPooled.validateconnections=true

$ configman -g es.sct.*
es.sct.api.admnmenu.cfg=http://banner-web.pcom.edu:7781/pls/pcom2?tserve_tip_read_destroy&tserve...||WID|SID|PI
&tserve_trans_config=admnmenu.cfg&tserve_host_code=${SCT_TSERVE_HOST_CODE}&tserve_tiphost_code=${SCT_TSERVE_TIPHOST_COD
}
es.sct.api.afseltrm.cfg=http://banner-web.pcom.edu:7781${SCT_WEB_FAC_VPATH}?tserve_tip_read_destroy&tserve_tip_write=||
ID|SID|PIN&tserve_trans_config=afseltrm.cfg&tserve_host_code=${SCT_TSERVE_HOST_CODE}&tserve_tiphost_code=${SCT_TSERVE_T
PHOST_CODE}
es.sct.api.amenu.P_AluMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twgkwbis.P_GenMenu?name=amenu....
es.sct.api.amenu.P_FacMainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twgkwbis.P_GenMenu?name=amenu....
es.sct.api.amenu.P_GenMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twgkwbis.P_GenMenu?name=amenu....
es.sct.api.amenu.P_StuMainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twgkwbis.P_GenMenu?name=amenu....
es.sct.api.bmenu.P_AluMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_DevOffMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_Dev_Off_Mnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_FacMainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_FinanceMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_FriMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_GenMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_MainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_StuMainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.P_WebTailorMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=bmenu....
es.sct.api.bmenu.WebExecAdminMnu=http://wfe_url
es.sct.api.empver2.cfg=http://banner-web.pcom.edu:7781${SCT_WEB_EMP_VPATH}?tserve_tip_read_destroy&tserve_tip_write=||W
D|SID|PIN|Corp&tserve_trans_config=empver2.cfg&tserve_host_code=${SCT_TSERVE_HOST_CODE}&tserve_tiphost_code=${SCT_TSERV
_TIPHOST_CODE}
es.sct.api.ewgkexec.P_StartExecInterface=http://wfe_url
es.sct.api.hmenu.P_MainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twgkwbis.P_GenMenu?name=hmenu....
es.sct.api.pmenu.P_MainMnu=http://banner-web.pcom.edu:7781/pls/pcom2/twbkwbis.P_GenMenu?name=pmenu....
es.sct.authen.host=nucleus5.pcom.edu
es.sct.authen.port=5123
es.sct.autosync=false
es.sct.banner.vpath=/pls/test
es.sct.class=com.pipeline.sdk.cpip.SCTExternalSystemV1
es.sct.createonlogin=0
es.sct.db.jdbcurl=jdbc:cp:bannerPooled
es.sct.doGMTOffset=false
es.sct.host=http://banner-web.pcom.edu:7880
es.sct.port=80
es.sct.role.append=true
es.sct.role.update=append
es.sct.sendcpuid=true
es.sct.sendltc=true
es.sct.sendtimeout=true
es.sct.sharedCookieDomain=.pcom.edu
es.sct.sharedCookieName=CPSESSID
es.sct.sharedCookiePath=/
es.sct.shortcircuitlogin=true
es.sct.systemdescription=Banner
es.sct.type=banner

$ configman -g sct.role.* | grep url
sct.role.admin.url=/cp/ip/login?sys=sct&api=amenu.P_MainMnu
sct.role.alumni.url=/cp/ip/login?sys=sct&api=bmenu.P_AluMnu
sct.role.developmentofficer.url=/cp/ip/login?sys=sct&api=bmenu.P_Dev_Off_Mnu
sct.role.employee.url=/cp/ip/login?sys=sct&api=pmenu.P_MainMnu
sct.role.executive.url=
sct.role.executiveadmin.url=/cp/ip/login?sys=sct&api=bmenu.WebExecAdminMnu
sct.role.faculty.url=/cp/ip/login?sys=sct&api=bmenu.P_FacMainMnu
sct.role.finance.url=/cp/ip/login?sys=sct&api=bmenu.P_FinanceMnu
sct.role.friends.url=/cp/ip/login?sys=sct&api=bmenu.P_AluMnu
sct.role.personal.url=/cp/ip/login?sys=sct&api=bmenu.P_GenMnu
sct.role.student.url=/cp/ip/login?sys=sct&api=bmenu.P_StuMainMnu
sct.role.wtailoradmin.url=/cp/ip/login?sys=sct&api=bmenu.P_WebTailorMnu

Please remove your bannerPooled password from this debug output. None of us want to know...

You cannot delete the message, only edit it. Just click the little "edit" link next to "reply", then wipe out anything you don't want.

Hi all

I see the following error in cpip.log:

[2010-04-15 16:21:27,998] [DEBUG] (pool-1-thread-19) [com.pipeline.gist.ExternalSystemManagerImpl]: IN LOGIN exMANAGER system sct : 'sct' : '1' : 'com.pipeline.sdk.cpip.SCTExternalSystemV1@18d3d6c' : 'class=com.pipeline.bom.Person_3Impl, key=uid=alanya,ou=People,o=pcom.edu,o=pcom.edu, mEntry=uid=alanya,ou=People,o=pcom.edu,o=pcom.edu com.pipeline.bom.ModifiedAttributeSet: uid=alanya,ou=People,o=pcom.edu,o=pcom.edu
attrs=LDAPAttributeSet: LDAPAttribute {type='uid', values='alanya'} LDAPAttribute {type='pdsLoginId', values='alanya'} LDAPAttribute {type='pdsLoginAlias', values='alanya'} LDAPAttribute {type='objectClass', values='top,person,organizationalPerson,inetorgperson,pdsPersonOC,pdsAccountOC,pdsGroupMemberOC,icsCalendarUser,nsManagedPerson,inetUser,inetSubscriber,inetMailUser,inetLocalMailRecipient,ipUser,userPresenceProfile'} LDAPAttribute {type='pdsPssEntry', values='$SecretStore$.backup.key |V2 |RC4 |0 |cw+uxId2zVa/NAYKMXxc4IOixMLkClaK00BAw6uU8XdRRt31peHiXqZu5Zo= |,email.nucleus,gwmail.pcom.edu,2 |V2 |RC4 |4 |cw+uxId2zVa/NAYQH+y2OtFnldyNnM+foO05wJqUw3diRt31peHiXqZu5Zo= |BLY+xvNBbwtNy2UL3AXSSwIUxnr1lIWRqQPBkNIimewwBCiJd0Cdae/yDPg= |,cpip.groupwise |V2 |RC4 |4 |cw+uxId2zVa/NAYdonO0VMEVyO3QnKGfye1KwA== |BLY+xvNBbwtNy2UGYZrQJRJmm0uolOuRwAOykA== |,cpip.bb8 |V2 |RC4 |4 |cw+uxId2zVa/NAYR1SHjAp1n+NzknKGfye1KwA== |BLY+xvNBbwtNy2UKFsiHc04Uq3qclOuRwAOykA== |,cpip.blackboard |V2 |RC4 |4 |cw+uxId2zVa/NAYR1SHjAp1n+NzknKGfye1KwA== |BLY+xvNBbwtNy2UKFsiHc04Uq3qclOuRwAOykA== |,cpip.sct |V2 |RC4 |4 |cw+uxId2zVa/NAYQ0CvqA5Fe+NzknKGfye1KwA== |BLY+xvNBbwtNy2ULE8KOckItq3qclOuRwAOykA== |'} LDAPAttribute {type='cn', values='Alan Yang'} LDAPAttribute {type='displayName', values='Alan Yang'} LDAPAttribute {type='pdsIMSEnterpriseSourcedId', values='PCOM SCT Banner,$15'} LDAPAttribute {type='mail', values='alanya@pcom.edu'} LDAPAttribute {type='pdsDateOfBirth', values='0247'} LDAPAttribute {type='pdsExternalSystemID', values='alanya::citrix,alanya::ezproxy,alanya::bb8,alanya::groupwise,alanya::blackboard,900053989::sct'} LDAPAttribute {type='givenName', values='Jun Lin'} LDAPAttribute {type='sn', values='Yang'} LDAPAttribute {type='pdsEmailAccount', values='//5HAHIAbwB1AHAAdwBpAHMAZQA=,2,gwmail.pcom.edu,alanya@pcom.edu,nucleus,4,0'} LDAPAttribute {type='pdsEmailDefaultAccount', values='Groupwise'} LDAPAttribute {type='pdsEmailAutoForwardEnabled', values='true'} LDAPAttribute {type='mailDeliveryOption', values='forward'} LDAPAttribute {type='mailForwardingAddress', values='alanya@pcom.edu'} LDAPAttribute {type='pdsEmailDefaultAddress', values='alanya@pcom.edu'} LDAPAttribute {type='pdsEmailStockFolderAccount', values='Groupwise'} LDAPAttribute {type='pdsPssConfig', values='V1 |1 |cn=SecretStoreService,ou=SecretStore,ou=Services,o=pcom.edu,o=pcom.edu |1 |shamir |1 |* |14 |'} LDAPAttribute {type='pdsPssBackupKeyShare', values='cn=SecretStoreService,ou=SecretStore,ou=Services,o=pcom.edu,o=pcom.edu |V2 |RC4 |1 |0lG71BRyskz3DyLvs251hgIXBtOJgl3S1zur+wEIUQUQnaZA88NtKk/KKEy5Tvigc0O2JSeWgWY67XViqpP30zscK5FakxGMRUUO8gMWkJrr0aQPtWj3d9ZIv/0= |'} LDAPAttribute {type='icsCalendar', values='alanya'} LDAPAttribute {type='icsSubscribed', values='alanya$Jun Lin Yang'} LDAPAttribute {type='icsCalendarOwned', values='alanya$Jun Lin Yang'} LDAPAttribute {type='pdsAccountStatus', values='enabled'} LDAPAttribute {type='userPassword', values='{SSHA}kvSjjA5Wqv0RI/Ih8ja3IayadyIeI7E6Wjb2Aw=='} LDAPAttribute {type='pdsCredentialExpired', values='false'} LDAPAttribute {type='pdsAccountCredentialChanged', values='2010-04-08 17:44:04.0248Z'} LDAPAttribute {type='pdsPssSRS', values='V1 |2010-04-08 17:44:05.0983Z |success |1 |1 |cn=secretstoreservice,ou=secretstore,ou=services,o=pcom.edu,o=pcom.edu |co |0 |0 |'} LDAPAttribute {type='pdsRole', values='admin,helpdeskadmin,student,employee,developmentofficer,contentviewer,sysadmin,syssupport,creator,accountadmin,administrator,bannerinb,staff_pa,staff,studentaffairs'} LDAPAttribute {type='pdsLoginSuccess', values='2010-04-15 20:20:12.0748Z'} LDAPAttribute {type='pdsLoginFailure', values='2009-10-05 23:32:59.0651Z'}'
[2010-04-15 16:21:27,998] [INFO] (pool-1-thread-19) [com.pipeline.sdk.cpip.ExternalSession]: session data not found: es.sct
[2010-04-15 16:21:27,998] [INFO] (pool-1-thread-19) [com.pipeline.sdk.cpip.ExternalUser]: val: sct es: sct sisname: sct usesIt: false cfgValue: null
[2010-04-15 16:21:27,998] [DEBUG] (pool-1-thread-19) [com.pipeline.gist.ExternalSystemManagerImpl]: IN LOGIN not created on external system or cp
[2010-04-15 16:21:27,998] [INFO] (pool-1-thread-19) [com.pipeline.sdk.cpip.ExternalUser]: val: sct es: sct sisname: sct usesIt: false cfgValue: null
[2010-04-15 16:21:27,998] [DEBUG] (pool-1-thread-19) [com.sct.pipeline.sis.BannerAuthentication]: Executing database procedure twbkauth.F_CPAuthenticate. Arguments: id = yyyyyyyyy pin = xxxxxx
[2010-04-15 16:21:28,029] [ERROR] (pool-1-thread-19) [com.sct.pipeline.sis.BannerAuthentication]: Exception caught trying to execute CallableStatement while authenticating to Banner: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

[2010-04-15 16:21:28,029] [DEBUG] (pool-1-thread-19) [com.sct.pipeline.sis.BannerAuthentication]: doAuthenticate returning: null
[2010-04-15 16:21:28,029] [INFO] (pool-1-thread-19) [com.pipeline.sdk.cpip.SCTExternalSystemV1]: setting empty role set because role retrieval failed for: alanya
[2010-04-15 16:21:28,029] [DEBUG] (pool-1-thread-19) [com.pipeline.sdk.cpip.SCTExternalSystemV1]: Authenticate STATUS_FAILURE.

my Banner ID and pin were correctly passed but I still get "access denied" error. Could someone please help???? :(

Alan

Hi all

There are 2 properties that Sungard found that do not exist in our luminis 3.3.3.64 system:

es.sct.host and es.sct.port

I am changing these properties to be the same as existing ones and see what happens.

Alan

Hello,

we refreshed the Dev environment PPRD Database and Application server from the Production without making any changes in the development Luminis server. In the dev luminis server when we point cursor on the banner portlet, it is showing the Dev PPRD appliation server url as https://iimblx07.iimb.ernet.in/render.UserLayoutRootNode.uP?uP_tparam=ut....

but when we click on banner portlet Error is triggering CPIP Notification: loginuser request failed for sctssb.

it is pointing to Production application server url http://iimberpsrv.iimb.ernet.in:9040/prod/gokssso.p_cp_login_sserv

when we check the cp.log file error is triggered as

[2017-03-22 14:23:10,353] [ERROR](MMServlet.java:329) {http-443-Processor18} [cpip]: CPIP ERROR sctssb loginuser request failed for sctssb
com.pipeline.gist.ExternalSystemException: loginuser request failed for sctssb
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.Exception: Currently unable to reach external system: http://iimberpsrv.iimb.ernet.in:9040/prod/gokssso.p_cp_login_sserv error: 1

kindly suggest where the necessary changes to be updated for the successful Luminis and ssb connectivity.