LDAP OFSAA Users Do Not Authenticate Correctly if Multiple LDAP Directories Are Used
Last updated on MAY 10, 2017
Applies to:Oracle Financial Services Analytical Applications Infrastructure - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Analytical Applications Infrastructure (OFSAAI)
On OFSAAI 126.96.36.199.0, after applying <Patch 21106965> "ADD ABILITY TO CONFIGURE OFSAA WITH MULTIPLE LDAP DIRECTORIES" and setting up with two different LDAP directories, the LDAP users from the second added directory does not appear to be properly validating their OFSAA logins if incorrect server is selected.
It seems users recognized by LDAP can login only with AD password, but all other users setup in CSSMS_USR_PROFILE can login with any password, and date is not even checked for expiry etc. Have a merger between for two different LDAP directories. With a original LDAP user ID, if selected, it validates, but if choosing user from second LDAP directory, it allows login with any password.
Expect LDAP users from both LDAP directories to properly validate with correct password when logging into OFSAA.
The issue can be reproduced at will with the following steps:
1. Login with wrong password for second LDAP user. Find successful login.
2. Login with wrong password for second LDAP user. Find invalid username/password error.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms