Search This Blog

SBL-SEC-10005: Your password has expired. Please change your password.


Applies to:

Siebel System Software - Version 7.8.2.3 [19221] and later
z*OBSOLETE: Microsoft Windows 2000
Product Release: V7 (Enterprise)
Version: 7.8.2.3 [19221]
Database: Oracle 9.2.0.6
Application Server OS: Microsoft Windows 2000 Advanced Server SP 4
Database Server OS: Sun Solaris 2.7

This document was previously published as Siebel SR 38-3110496831.


Symptoms

While invoking inbound web services using WS-Security (with Active Directory), when the login used to invoke the web service was rejected, for example the password had expired, the EAI Object Manager contained several errors :-

SBL-DAT-00701: The administrator have checked 'User must change password at next logon' for you. Please change your password.
SBL-SEC-10018: The administrator have checked 'User must change password at next logon' for you. Please change your password.(SBL-DAT-00701)
SBL-SEC-10005: Your password has expired. Please change your password.
SBL-EAI-05163: Either an invalid user name or password was specified in the request for operation, 'MyOperation'.

However, the SOAP document returned did not contain all the errors, only the last SBL-EAI-05163, for example :-
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Server</faultcode>
<faultstring>Either an invalid user name or password was specified in the request for operation, 'MyOperation'.
(SBL-EAI-05163)</faultstring>
<detail>
<siebelf:errorstack xmlns:siebelf="http://www.siebel.com/ws/fault">
<siebelf:error>
<siebelf:errorsymbol>IDS_EAI_WS_RELOGIN_FAILURE</siebelf:errorsymbol>
<siebelf:errormsg>Either an invalid user name or password was specified in the request for operation, 'MyOperation'.
(SBL-EAI-05163)</siebelf:errormsg>
</siebelf:error>
</siebelf:errorstack>
</detail>
</SOAP-ENV:Fault>


The requirement was for the other errors, in particular the error the SBL-SEC-10005 error to be returned in the SOAP resoponse.

Cause

Currently this is expected behavior. The application is working as designed.

Solution

BUG: 10511385 has been logged to request the other errors are also returned, in addition to the final error. This change request will be reviewed and prioritized for possible inclusion in a later release.



Applies to:

Siebel System Software - Version: 8.1.1.2 and later   [Release: V8 and later ]
Information in this document applies to any platform.

Symptoms

ENVIRONMENT
Siebel 8.1.1.2 / Windows 2003

STEPS
Siebel registered users are not able to modify their passwords once expired in Siebel Financial Services application version 8.1.1.2 being authenticated by a Custom Security Adapter on Windows. Rather than being presented with a Siebel screen view to modify the password, an error is presented to the user [1]. The Siebel application object manager (AOM) logfiles clearly indicate that the password for the Siebel user has expired. In the Siebel Dedicated Client the behavior is different - for user accounts with expired passwords - a popup dialog box is presented allowing the Siebel registered user to modify the password.

EXPECTED BEHAVIOR
It is expected that the user is automatically directed to the Siebel View "Change Password View (SWE)". This behavior is controlled by the application object manager hidden parameter ChangePasswordView, which is set to "Change Password View (SWE)" by default.

ERROR MESSAGES
1) SBL-UIF-00272: The user ID or password that you entered is incorrect. Please check the spelling and try again.
2) SBL-SEC-10018: SecurityLogin(): AuthenticationClient Error: 80050010 : AuthenticationService::ExpiredCredentials.
3) SBL-SEC-10005: Your password has expired. Please change your password.
4) SBL-UIF-00425: Your password has expired, please change it to enter the system.

Cause

Bug 10512510 (Change Request 12-1T2II25) was logged to address a Product Defect where no error or warning was displayed when an account password had expired in an external directory. This is specific to database authentication and not external authentication.

Bug 12820579 has been logged to address an additional Product Defect specific to external authentication.

Solution

Bug 10512510 (Change Request 12-1T2II25) has been fixed in Siebel 8.1.1.1 [21211] QF0154 as part of Fix Request 12-1WF6XDZ. This Quick Fix has since been accumulated into Siebel Fix Pack 8.1.1.3 as per the latest Maintenance Release Guide and available for download under Patch Number 9882361.
NOTE: Only applicable for DB authentication (DB2)

Bug 12820579 is still open for external authentication.



Applies to:

Siebel System Software - Version: 7.8.2 SIA [19213] and later   [Release: V7 and later ]
z*OBSOLETE: Microsoft Windows 2000
Product Release: V7 (Enterprise)
Version: 7.8.2 [19213] Life Sci
Database: Oracle 9.2.0.6
Application Server OS: Microsoft Windows 2000 Server SP 4
Database Server OS: HP 9000 Series HP-UX

This document was previously published as Siebel SR 38-3099895901.

Symptoms

SBL-DAT-00712, SBL-SEC-10005I recently started testing change the AllowAnonUsers parameter in the SWE section of epharma.cfg file. By setting the parameter to false, it did prevent anonymous access. I then noticed the behavior described in SR 38-1021293097 where the application does not bring the message about an invalid userid/password.

The recommendation in that SR is to comment out the following command as a workaround:

        string StartCommand = SWECmd=GotoView&SWEView=Home+Page+View+(eSales)

I went to try and configure this, but it does not appear to be part of the epharma_enu section of the eapps_sia.cfg file. I didn't figure adding it there and commenting it out would help the situation. It is also not in the default section at the top of the eapps.cfg file. Is this configurable for the ePharma Object Manager? Is so, how?

Cause


Change Request 12-198EWWW

Solution

Message 1

For the benefit of other readers,


Customer was using Siebel ADSI Security Adapter authentication version 7.8.2 and had changed parameter AllowAnonUsers to FALSE in the [swe] section of the epharma.cfg file. After this change, a login attempt was made, and the login page reloaded with no error messages. The ePharma Object Manager log file had the error messages below:

“SBL-DAT-00712: Unable to retrieve credential string from user <user DN> information in Active Directory.”

“SBL-SEC-10005: Your password has expired. Please change your password.”

Error message SBL-DAT-00712 is acceptable. Service Request 38-2208858391 on SupportWeb has further information regarding this error message.

Error message SBL-SEC-10005 is usually associated with an ADSI account with expired password. Based in this information, an internal environment with Siebel version 7.8.2 environment, Siebel ADSI Security Adapter authentication, and an ADSI account with expired password has been configured. Parameter AllowAnonUsers was set to FALSE in application cfg file. Behavior customer reported has been reproduced using this internal environment.
When logging using an ADSI account with password expired, the ADSI Security Adapter identifies that password is expired and redirects Siebel Web Client to load the “Change Password View”. As this view is loaded using Anonymous browsing, no error message is displayed and login page is reloaded.


[Continue]

Message 2

[Continued]

Change Request 12-198EWWW has been logged to address this behavior and provide an error message when using expired passwords and AllowAnonUsers parameter set to FALSE.


Thank you,







pplies to:

Siebel CRM - Version: 8.1.1.2 and later   [Release: V8 and later ]
Information in this document applies to any platform.
With the PasswordExpireWarnDays not set, the LDAP authentication works fine but if the user´s password is expired, the browser shows the error message “This Page cannot be displayed”.
We can see the errors SBL-SEC-10005 and SBL-UIF-00425 in the attached OM log and in the SWE log files but this message is not threw to the browser. the user to be redirected to the change password view.

Goal


Steps to replicate :
-check if password expiration would it send the change password screen automatically.
-Will the LDAP/ADSI adapter work with enfore password change would work or not in 8.1.1.2, and would it atleast login with valid userid password.
-Expire a userpassword to check if the change password feature.

Logs:

Tested The same as per above and got the same error message :
Noticed that, when "force password change at next login" is checked in AD, then the login fails and shows server busy error and the logs contain, "Your password has expired, please change it to enter the system." as below.


SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17 02:57:11 Create LDAP SecurityUser object: username=G1TEST1, dn=CN=G1TEST1,OU=People,DC=d1,DC=us,DC=ts, LDAP handle=0.

SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17 02:57:11 Ldap Utility: GetPwdExpireWarnDays

SecAdptLog Debug 5 0000020a4c190b44:0 2010-06-17 02:57:11 LDAP SecurityLogin8 step 9: Clean up.

SecAdptLog 3rdpartyTrace 3 0000020a4c190b44:0 2010-06-17 02:57:11 ldap_unbind(10a4b78) returns 0.

GenericLog GenericError 1 0000020a4c190b44:0 2010-06-17 02:57:11 (secmgr.cpp (2717) err=4597525 sys=0) SBL-SEC-10005: Your password has expired. Please change your password.

SecAdptLog Memory Mgmt Trace 5 0000020a4c190b44:0 2010-06-17 02:57:11 LDAP SecurityFreeUser8, Security User=c60e388.

SecAdptLog API Trace 4 0000020a4c190b44:0 2010-06-17 02:57:11 Unbind from LDAP server.

ObjMgrLog Error 1 0000020a4c190b44:0 2010-06-17 02:57:11 (swelgmgr.cpp (3769)) SBL-UIF-00425: Your password has expired, please change it to enter the system.

ObjMgrBusServiceLog Error 1 0000020a4c190b44:0 2010-06-17 02:57:11 (swesvc.cpp (1528)) SBL-UIF-00425: Your password has expired, please change it to enter the system.

Solution

Tested on Siebel 8.1.1.2 QF261
Opened CR# 10595512



No comments:

Post a Comment