Monday, January 20, 2014

EBS-- Authorization Required , mod_plsql, fil, custom_auth

This problem arises in EBS, when the mod_plsql is in use. In my case, the victim was an Oracle Form that was trying to use mod_plsql to display some data..  (Note that , you can encounter this error in Apex, or in any Oracle Product that is using Oracle Application Server and mod_plsql..

The problematic web page was producing the following error in a little windows message box , which made me think it is a client error, in first sight.

Authorization Required

The error is similar to the following;
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password), or
your browser doesn't understand how to supply the credentials required.

In addition , the Apache error log was displaying the following error.
HTTP-401 Authorization Required' error message

After some analysis, it could be figured out that, the problem was caused in the mod_plsql layer..
So lets describe what are the configuration file that is used by the mod_plsql to operate..

The file is where the DADs (Database Access Descriptors) are defined.. Using DADs, PL/SQL gateway(mod_plsql) can connect to the relevant databases..
Mod_plsql, in other words PLSQL gateway; is a part of Oracle HTTP Server (in this case Apache). Using mod_plsql ; a URL sent by a browser is interpreted, the associated plsql programs are called and the response is returned to calling browser..

Following describes the flow in mod plsql processing;
  • The Oracle HTTP Server receives a request containing a virtual path, which is configured to be serviced by mod_plsql.
  • The Oracle HTTP Server routes the request to mod_plsql.
  • By using the configuration information stored in your DAD, mod_plsql connects to the database. The request is forwarded by mod_plsql to the Oracle Database.
  • mod_plsql prepares the call parameters, and invokes the PL/SQL procedure in the application.
  • The PL/SQL procedure generates an HTML page using data and the PL/SQL Web Toolkit accessed from the database.
  • The response is returned to mod_plsql.
  • The Oracle HTTP Server sends the response to the client browser.
Okay, lets come back to our subject.. file..

Here is an example for file;

defaultDAD      = ERM
administrators  = system
adminPath       = /admin_/
custom_auth     = CUSTOM
connect_string  = PROD,REQUEST_PROTOCOL=http,SERVER_PORT=8000,
input_filtering = Yes
connect_string  = ERM
password        = erman
username        = APPS
default_page    =
document_table  = APPS.fnd_lobs_document
document_path   = docs
document_proc   =
upload_as_long_raw =
upload_as_blob  = *
reuse           = Yes
connmax         = 10
pathalias       = fndgfm
pathaliasproc   = fnd_gfm.dispatch
enablesso       = No,REQUEST_PROTOCOL=http,SERVER_PORT=8000,
input_filtering = Yes

Anyways, I will keep it short. 
Pay attention to the custom_auth parameter above, because that parameter is the cause of the error. This parameter is used  for custom authentication and is an old configuration used in ias and it causes problems with later mod_plsql applications.
For the solution, comment out the custom_auth parameter by putting a ";" character at the beginning of the line and bounce Oracle HTTP Server.

No comments :

Post a Comment