Authentication Issue On 3270 Terminals When Using One Time Password With Tuxedo ARTTCPL/ARTTCPH Servers

(Doc ID 2233962.1)

Last updated on FEBRUARY 21, 2017

Applies to:

Oracle Tuxedo Application Runtime for CICS and Batch - Version 12.1.3 and later
Information in this document applies to any platform.

Symptoms

Behavior is specific to 3270 terminals connection through Tuxedo ARTTCPL/ARTTCPH system servers. Authentication fails when using one time password used with 3270 terminals.

Enabling TUXEDO traces we can see authentication server called twice. The first request succeed and the second fails due to one time password:

143517.163.tuxmachine!ARTTCPH.49545974.1.-2: TRACE:at: { tpalloc("TPINIT", "", 152)
143517.163.tuxmachine!ARTTCPH.49545974.1.-2: TRACE:at: } tpalloc = 0x11010cdb8
143517.164.tuxmachine!ARTTCPH.49545974.1.-2: TRACE:ia: { tpacall("AUTHSVC", 0x11010cdb8, 7, 0x3)
143517.164.tuxmachine!ARTTCPH.49545974.1.-2: TRACE:ia: } tpacall = 17 [CLIENTID {1479994517, 0, 371}]
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:tr: dye
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:at: { tpservice({"AUTHSVC", 0x0, 0x11009e1d8, 152, 0, 2147483648, {1479994517, 0, 371}})
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: running GAUTHSVR proxy authentication, service AUTHSVC
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: usrname = 'xxxxxxx'
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: cltname = 'TN3270E'
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: passwd = ''
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: application passwd = '123456'
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: proxy athentication done (rcode: 500)
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:at: { tpreturn(2, 500, 0x0, 0, 0x0)
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:at: } tpreturn [long jump]
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:at: } tpservice
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:tr: undye
143517.164.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:tr: dye
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: TRACE:at: { tpservice({"AUTHSVC", 0x0, 0x11009ccf8, 152, 0, 2147483648, {1479994517, 0, 371}})
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: running GAUTHSVR proxy authentication, service AUTHSVC
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: usrname = 'xxxxxxx'
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: cltname = 'TN3270E'
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: passwd = ''
143517.165.tuxmachine!GAUTHSVR.52953618.1.0: application passwd = '123456'
....

162848.471.sic-tst-tmsm6!GAUTHSVR.39256228.1.0: CMDTUX_CAT:6967: ERROR: Error occurred when authenticating user xxxxxxx (detail message =<Exception dans l'unité d'exécution

"main" # START NON-TRANSLATABLEjavax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User xxxxxxx javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User
xxxxxxx denied
      at com.bea.security.providers.authentication.tuxedo.TuxedoLDAPAtnLoginModuleImpl.login(TuxedoLDAPAtnLoginModuleImpl.java:168)
      at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
      at java.security.AccessController.doPrivileged(AccessController.java:277)
      at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      at java.lang.reflect.Method.invoke(Method.java:611)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
      at java.security.AccessController.doPrivileged(AccessController.java:277)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
      at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:93)
      at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      at java.lang.reflect.Method.invoke(Method.java:611)
      at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy1.login(Unknown Source)
      at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
      at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      at java.lang.reflect.Method.invoke(Method.java:611)
      at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
      at $Proxy9.authenticate(Unknown Source)
      at CSSAuth.auth(Unknown Source)

 

When using a Tuxedo native client connected to tuxmachine there is no authentication issue using a token password.

 



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms