Unless otherwise marked the technical whitepapers in the table below are applicable for the following products (with versions):
- Oracle Utilities Customer Care And Billing (V2 and above)
- Oracle Utilities Meter Data Management (V2 and above)
- Oracle Utilities Mobile Workforce Management (V2 and above)
- Oracle Utilities Smart Grid Gateway (V2 and above) – All Adapters
- Oracle Utilities Operational Device Management (V2 and above)
- Oracle Utilities Work and Asset Management (V2 and above)
- Oracle Public Service Revenue Management (all versions)
- Oracle Revenue Management and Billing (all versions)
This whitepaper currently only applies to the following products:
- Oracle Utilities Customer Care And Billing
- Oracle Enterprise Taxation Management
- Oracle Public Service Revenue Management
- Oracle Revenue Management and Billing
Note: ConfigLab is no longer supported in CCB 2.5.x, Use Configuration Migration Assistant instead.
- Concepts - General Concepts and Performance Troublehooting processes
- Client Troubleshooting - General troubleshooting of the browser client with common issues and resolutions.
- Network Troubleshooting - General troubleshooting of the network with common issues and resolutions.
- Web Application Server Troubleshooting - General troubleshooting of the Web Application Server with common issues and resolutions.
- Server Troubleshooting - General troubleshooting of the Operating system with common issues and resolutions.
- Database Troubleshooting - General troubleshooting of the database with common issues and resolutions.
- Batch Troubleshooting - General troubleshooting of the background processing component of the product with common issues and resolutions.
A set of whitepapers on how to manage customization (code and data) using the tools provided with the framework. Topics include Revision Control, SDK Migration/Utilities, Bundling and Configuration Migration Assistant. The individual whitepapers are as follows:
- Concepts - General concepts and introduction.
- Environment Management - Principles and techniques for creating and managing environments.
- Version Management - Integration of Version control and version management of configuration items.
- Release Management - Packaging configuration items into a release.
- Distribution - Distribution and installation of releases across environments
- Change Management - Generic change management processes for product implementations.
- Status Accounting - Status reporting techniques using product facilities.
- Defect Management - Generic defect management processes for product implementations.
- Implementing Single Fixes - Discussion on the single fix architecture and how to use it in an implementation.
- Implementing Service Packs - Discussion on the service packs and how to use them in an implementation.
- Implementing Upgrades - Discussion on the the upgrade process and common techniques for minimizing the impact of upgrades.
This is a guidelines whitepaper for products shipping with the Multi-Purpose Listener.
This whitepaper currently only applies to the following products:
- Oracle Utilities Customer Care And Billing
- Oracle Enterprise Taxation Management
- Oracle Public Service Revenue Management
- Oracle Revenue Management and Billing
Note: MPL has been deprecated in latest releases. Please use Oracle Service Bus as an alternative
This whitepaper covers the Configuration Migration Assistant available for Oracle Utilities Application Framework V22.214.171.124.0. This replaces ConfigLab for some products.
1506855.1 Integration Reference Solutions
This whitepaper covers the various Oracle technologies you can use with the Oracle Utilities Application Framework. 1544969.1 Native Installation Oracle Utilities Application Framework This whitepaper describes the process of installing Oracle Utilities Application Framework based products natively within Oracle WebLogic. 1558279.1 Oracle Service Bus Integration This whitepaper describes direct integration with Oracle Service Bus including the new Oracle Service Bus protocol adapters available. Customers using the MPL should read this whitepaper as the Oracle Service Bus replaces MPL in the future and this whitepaper outlines how to manually migrate your MPL configuration into Oracle Service Bus.
Note: In Oracle Utilities Application Framework V126.96.36.199.0, Oracle Service Bus Adapters for Outbound Messages and Notification/Workflow are available 1561930.1 Using Oracle Text for Fuzzy Searching This whitepaper describes how to use the Name Matching and fuzzy operator facilities in Oracle Text to implemement fuzzy searching using the @fuzzy helper fucntion available in Oracle Utilities Application Framework V188.8.131.52.0 1606764.1
Audit Vault Integration This whitepaper describes the integration with Oracle Audit Vault to centralize and separate Audit information from OUAF products. Audit Vault integration is available in OUAF 184.108.40.206.0 and above only.
Migrating XAI to IWS
Migration from XML Application Integration to the new native Inbound Web Services in Oracle Utilities Application Framework 220.127.116.11.0 and above.
Private Cloud Planning Guide
Planning Guide for implementing Oracle Utilities products on Private Clouds using Oracle's Cloud Foundation set of products.
ILM Planning Guide
Planning Guide for Oracle Utilities new ILM based data management and archiving solution.
ILM Implementation Guide for Oracle Utilities Customer Care and Billing
Implementation Guide for the ILM based solution for the Oracle Utilities Customer Care And Billing.
Client / Server Interoperability Support Matrix
Cache Nodes Configuration using BatchEdit utility
Using the new Batch Edit Wizard to configure batch quickly and easily
Overview and Guidelines for Managing Business Exceptions and Errors
Best Practices for To Do Management
Oracle Functional/Load Testing Advanced Pack for Oracle Utilities Overview
Overview of the new Oracle Utilities testing solution
ConfigTools Best Practices
Best Practices for using the configuration tools facility
Oracle Utilities Application Framework - Keystore Configuration
Managing the keystore
The Oracle Functional Testing Advanced Pack for Oracle Utilities provides the content to use Oracle Application Testing Suite to verify your business processes via flows using your test data for multiple scenarios.
Customers have asked the relationship with the tools in the Oracle Application Testing Suite. Here is the clarification:
- The Oracle Functional Testing Advanced Pack for Oracle Utilities is loaded into the Oracle Flow Builder component of the Oracle Application Testing Suite Functional Testing product. The components represent all the functions within the product.
- You build a flow, using drag and drop, sequencing the provided components that matches the business process you want to verify. If there is no component we ship that covers your extensions then you can use a supplied component builder to build a meta data based service component. If you want to model a user interface then OpenScript can be used to record a component to add to the component library.
- You then can attach your test data. There are a number of techniques available for that. You can natively input the data if you wish into the component, generate a spreadsheet to fill in the data (and attach it after you filled it out) or supply a CSV data file that represents the data in the flow.
- You generate (not code) a script. No additional coding is required. As part of the license you can code OpenScript if you have developers for any work if you wish but it is typically not required.
- You then have a choice to execute the script.
- You can execute the script from the OpenScript tool in Eclipse (if you are a developer for example).
- You can execute the script from a command line (for example you can do this from a third party test manager if you wish)
- You can automatically execute the script from Oracle Test Manager. This will allow groups of script to be scheduled and it reports on the results for you.
- You can load the script into the Oracle Load Testing toolset and include it in a performance test suite of tests.
Remember our testing pack is service based not user interface based. You will need to make sure that the Web Services Accelerator is installed.
Essentially Flow Builder builds the flow and script from the components in the pack, Openscript or Oracle Test Manager executes it for you.
An updated version of the Oracle Functional/Load Testing Advanced Pack for Oracle Utilities has been released on My Oracle Support at Doc Id: 2014163.1. The updates to the whitepaper include updates for the 18.104.22.168.0 release with the following information:
- Updates for the new content for Oracle Mobile Workforce Management, Oracle Real Time Scheduler, Oracle Utilities Application Framework, Oracle Utilities Customer Care and Billing and Oracle Work And Asset Management.
- Updates for the new Component Builder and Component Verifier utilities that allow the addition of new custom components.
- Updates to the Frequently Asked Questions covering licensing and the common implementation questions you may have about the Advanced Pack.
This new version now only adds new content and new capabilities but utilizes the power and facilities of the Oracle Application Testing Suite (Oracle Flow Builder, OpenScript and Oracle Load Testing) to deliver the ability to rapidly test, implement and upgrade Oracle Utilities products.
The latest release of the Oracle Functional/Load Testing Advanced Pack for Oracle Utilities is now available from the Oracle Delivery Cloud. This is the new version of a testing accelerator available for Oracle Utilities products.
The tool allows implementations to reduce testing time significantly by:
- Provide a prebuilt multi-product component library representing the scope of testing in an implementation. This component library can be used in Oracle Flow Builder.
- Allow implementations to model business processes for verification by supporting the building of flows inside Oracle Flow Builder. This means business processes can be orchestrated instead of built using a programming resource. Flows can be reused for different testing scenarios and are built independently of the data used.
- Allow implementations to attach databanks in the form of direct input, CSV files or Excel Spreadheets.
- Generate the testing script for use in OpenScript, Oracle Test Manager or Oracle Load Testing. This is generated not developed. Again data can be attached at generation time or even post generation.
The testing accelerator consists of the following:
- A comprehensive library of testing components that have been prebuilt and precertified for Oracle Utilities products in one pack. These components contain interface logic, prevalidations, preverifications and logic to test a particular feature of the product. These components are the same components used by our product Quality Assurance. We ship components for the following products:
- Oracle Utilities Customer Care and Billing V22.214.171.124.0
- Oracle Utilities Mobile Workforce Management V126.96.36.199.x
- Oracle Real Time Scheduler V188.8.131.52.x
- Oracle Utilities Work And Asset Management V2.1.x
- Oracle Utilities Application Framework V184.108.40.206.x
- We will be adding the following products in the 220.127.116.11.0 release in late November (subject to approvals):
- Oracle Utilities Customer Care and Billing V18.104.22.168.0
- Oracle Utilities Meter Data Management V2.1.x
- Oracle Utilities Smart Grid Gateway (all adapters) V2.1.x
- Oracle Utilities Operational Device Management V2.1.x
- A set of utilities to allow implementations and partners to generate and verify custom components for any functionality not covered by the shipped components. These components have the same structure and features of the shipped components but cover any custom tables, custom structure etc you implemented. These custom components are then available in the component library.
- As set of sample flows to illustrates the components and their use. These samples can be run against the standard demonstration set of data for training purposes.
- A set of documentation covering installation, best practices and component library information.
The testing accelerator has the following features:
- Component based approach that are service based. This isolates testing from changes to the user interface. This means reduction in maintaining testing scripts as any screen changes will be covered by the service based component.
- Components cover online, web services and batch components.
- Components will be shipped with each new release of supported products including service packs.
- Customers who have validations in the user interface, which is not usually recommended from an architectural point of view, can use Oracle Application Testing Suite's user interface component generator to add the user interface based component to the library.
- Components can be cloned and altered or generated from our meta data using our component builder.
- Components can be grouped into Component Groups to support re usability across flows.
- Flows map your business processes and can support multiple scenarios.
- Flows can cross product boundaries and even across pack boundaries. This means if you have more than one Oracle Utilities product, flows can be built that cover all the Oracle Utilities products involved in a business process, including integrations. This extends to other OATS packs such as Oracle eBusiness Suite etc..For example, it is possible to construct a flow that tests the acceptable of a payment, its processing through your payment processing and tracked to the ERP records in your general ledger.
- We supply components to communicate testing results. By default, we supply components that summarize the outcomes from a flow. This can be altered to send more information, send information to alternative locations or even send results to third party testing tools.
- Data for databanks can entered natively against the components (with intelligent defaulting), from a CSV based file or even a spreadsheet.
- Flows are generated into Openscript with databanks without the need for any additional programming. It is possible to use OpenScript to add new functionality, if desired, but it is not required.
- When the script is generated, the databank is separated out, as a CSV, to allow implementations to use alternative databanks without the need for regeneration.
- The generated script can be executed from the OpenScript runtime in Eclipse or command line. It can also be executed via the Oracle Test Manager (optional) or Oracle Load Testing (optional).
- Generated test scripts can be imported into Oracle Load Testing for load and performance testing. This requires a Load testing license and a license for the Load Controller.
We see the Testing accelerator as a key option for our Oracle Utilities products that will allow our customers to go live or upgrade much quicker with lower risk and lower cost.
Oracle Functional/Load Testing Advanced Pack is available from Oracle Delivery Cloud today.
Are you attending Oracle OpenWorld 2015? Well I will be there as well. I will not be speaking this year, but I will be attending and talking to customers and partners during the conference. The Utilities team will be located at the Marriot Marquis. I will attending meetings and also running ad-hoc demonstrations of our latest releases of the Application Management Pack for Oracle Utilities and our new exciting Testing product, Oracle Functional/Load Testing Advanced Pack for Oracle Utilities.
See you there..
One of the most common user interface features in most web based applications is indicating the required fields on a screen. In past releases of Oracle Utilities Application Framework, this was difficult to implement as the context of the transaction typically dictated which fields on a screen were required. Over the last few releases, the Oracle Utilities Application Framework implemented a more schema based approach to model context more precisely and avoid issues with required fields.
In the latest release of Oracle Utilities Application Framework, the ability to display a required field indicator, usually the "*" character, is now supported by default. This use of this facility is as follows:
- Only fields marked with a "required=true" in the attribute on the schema for Business Objects only are supported.
- Screens that do not use Business Objects will not include the required field indicator included. For customers on older versions of Oracle Utilities Application Framework that used JSP based screens rather than UI Map/UI Hint style screens, do not use Business Objects so therefore are not supported.
- Lower level required fields, such as a field that is required if a particular value is populated on another element on the same schema are not supported. These are not support ed as the screen is built at transaction time and the input values are not loaded at the same time.
Here are some samples:
By default, this facility is enabled by default. If it is not to be used, then it can be disabled by setting the com.oracle.ouaf.ui.disableRequiredFieldIndicators = true in the spl.properties file according to the steps outlined in Server Administration Guide.
In last few releases of the Oracle Utilities Application Framework, a series of changes were introduced to enhance our Web Services capabilities. In summary the following changes were implemented:
- Inbound Web Services (IWS) was introduced to replace the XML Application Integration (XAI) capability. This basically allows web services to be housed and managed natively within the J2EE Web Application Server. This means that additional security and protocols are now supported for SOAP services such as Oracle Web Services Manager Support, WS-Policy Support and Web Services metrics.
- Inbound Web Services was delivered as a separately deployable component managed by the J2EE Web Application Server.
- The MPL was replaced with a set of Oracle Service Bus adapters and a native Message Driven Bean (MDB) for JMS inbound integration.
The new release extends these capabilities even further with the following enhancements:
- The Message Driven Bean (MDB) is now housed in the Inbound Web Services deployment rather than within the online server. This transforms the Inbound Web Services deployment to the role of an Integration Server. Long term technology integrations will be centralized in this Integration Server to support channel based configuration.
Note: Customers on IBM WebSphere should continue to use the current MDB implementation as the new MDB implementation is not supported on IBM WebSphere platforms.
- XAI supported legacy Maintenance Object based services, also known as Page Services, that implementations found difficult to convert to newer IWS based adapters. Inbound Web Services deployment has now been extended to automatically recognize these legacy services and make them available via the Inbound Web Services deployment. This means they can take advantage of the Inbound Web Services capabilities natively, facilitating migration from XAI to IWS. Note: This feature does not support XAI Inbound Services that use the Business Adapter as those should be converted to Inbound Web Services directly.
These are just the start on our long term plans for the Integration capability over the next few releases. Customers using XAI should migrate to the Inbound Web Services capability as soon as practical. Customers using MPL should also migrate to OSB/MDB as soon as practical. Both XAI and MPL have been announced as deprecated which freezes their functionality in anticipation of removal in a future release.
With the advent of new platforms and new user interface the latest version of Oracle Utilities Application Framework (V22.214.171.124.0) includes a series of user interface changes to reflect the latest trends and supporting increased usability.
The current release includes the following enhancements relating to the user interface:
- A new login screen - To be consistent with the Oracle Cloud and cloud implementations of the Oracle Utilities products. A new login screen in the style of the Cloud offerings from Oracle has been included as the default. For example, for Oracle Utilities Customer Care And Billing:
- Session Timeout - A non-activity session timeout is set on the session within the J2EE Web Application Server. This detects the last time the user interacts with the system. In the past releases, if the inactivity timeout was exceeded the product would jump to the login screen on the next interaction. In this release, a warning message (via Message 11001, 905) is displayed to the user prior to jumping back to the login screen. This makes the event clear to the online user. An example of the message is shown below:
- Lock in Menu - In Oracle Utilities Application Framework V126.96.36.199.1, the menu's were moved as part of the user interface refresh to be located in a more logical place. On some platforms, particularly mobile platforms, the menu's would be harder to navigate as they are designed to react to the location of the finger/mouse. To aid in usability of menu's they can be locked in place to avoid mouse or finger movements inadvertently closing the menu. Clicking the menu item will toggle the menu and lock symbol to effectively lock the menu in place. To allow fingers/mouse to be moved while keeping the menu open that is locked open as long it is locked. The lock can be toggled on or off. For example:
- Menu's can now be closed using the Esc key.
For more information about these and other enhancements refer to the online documentation provided with the product.
Oracle Utilities Application Framework V188.8.131.52.0 includes a new help engine and changes to the organization of help. The Oracle Help for Web engine is now used to display help within the product. This engine has the following exciting features for customers:
- The engine provides a cross browser more consistent interface for displaying help.
- New toolbar to allow for printing, bookmarking (on the browser) and even giving feedback on help. For example:
- All the documentation in one place for the product. Framework and Product documentation are now published together and available from the same interface. For example:
- Flexible more detailed indexing. For example:
- Flexible searching across all products installed on an environment including boolean searches and scoring. For example:
This new engine is only available to customers using Oracle WebLogic. Customers using IBM WebSphere will use the legacy help engine.
One of the new features of Oracle Utilities Application Framework is Component Installation.The Oracle Utilities Application Framework has a multi-channel multi-tiered architecture. In the past to install individual components in a distributed manner needed additional manual efforts. In the Oracle Utilities Application Framework V184.108.40.206.0 release there is a new channel (or role) based installation capability that has the following features:
- Ability to identify the channels to install on a particular installation. The component installation has three distinct channels that can be installed together in combination and/or separately:
- Online - Online Web Application (includes Business Application Server)
- Integration - Web Services and Message Driven Bean (includes Business Application Server)
- Batch - Batch Threadpool/submitter/Cluster
- When roles are chosen, those components are available for configuration and those menu options are only visible in the installation process. The utilities for the product also only recognize active roles in the installation.
- A new Environment Identifier has been introduced which allows disparate installations to be combined into a virtual environment. This is used by the patching utilities and also Oracle Enterprise Manager to collate targets into an Oracle Utilities Environment target. For example, you can have a number of installations across multiple machines that can be combined and managed as an environment. This identifier can be altered after installation to connect or disconnect an installation from an environment.
- It is possible to change the roles AFTER installation. This represents maximum flexibility. To enable or disable a role, simply start the configureEnv utility and indicate the changed roles. If a new role is added, then the configureEnv utility will prompt for the configuration settings for the new role. If you have removed a role, then the components will be disabled. For customers using native installations directly or via Oracle Enterprise Manager, may have to manually deploy or undeploy the generated files from the server domain.
- If a Batch Server is the only role, the parameters for the J2EE Web Application Server are not needed.
There are new settings in the ENVIRON.INI that covers the new facilities:
Setting Comments ENVIRONMENT_ID Generated Environment Identifier
SERVER_ROLES List of active server roles for this installation
SERVER_ROLE_BATCH Whether BATCH server role is a valid role for this environment (used internally)
SERVER_ROLE_INTEGRATION Whether INTEGRATION server role is a valid role for this environment (used internally) SERVER_ROLE_ONLINE Whether ONLINE server role is a valid role for this environment (used internally)
This is part of a larger enhancement that will simplify the overall deployment options available for installation now and in the future.
Refer to the Installation Guide and Server Administration Guide for more details of the settings.
Oracle Utilities Customer Care and Billing 220.127.116.11.0 is now available. This release includes the newest version of Oracle Utilities Application Framework (V18.104.22.168.0).
This version of the Oracle Utilities Application Framework has the following features:
- New Login Screen - A simpler login screen has been introduced with a new screen in line with Oracle's Cloud offerings.
- Session Timeout - In past releases when a session expired due to inactivity it would throw the user back to the login screen. This release now includes a popup message informing the user that the session is timed out prior to sending the user back to the login screen.
- Required Fields indicator - In line with the new interface implementation introduced in 22.214.171.124.0, required fields can be indicated with a required fields indicator: *. This only applies to newer UI hint based screens. For backward compatibility this feature can be disabled.
- Menu Behavior - Menu behavior has been tweaked to allow greater flexibility and a wide range of device support. Menu's can be locked into position to cater for user behavior.
- Toolbar History enhancements - In Oracle Utilities Application Framework 126.96.36.199.0, identifiers were recorded when using individual functions to enhance navigation. To complement this, these identifiers will be displayed in the History on the toolbar.
- Component Installation - In the past installation, required additional effort to install individual components such as channels or tiers in an installation event. This enhancement greatly simplifies this by assigning installation roles to individual installations. Upon selecting appropriate roles, only those parts of the installation are exposed and configured for that installation. It is also possible to change roles after installation for maximum flexibility. This enhancement allows disparte installations to be linked into a virtual environment and managed for patching and management from Oracle Enterprise Manager easily
- New Help Engine - This releases sees the product use the Oracle Help Engine for Web which provides greater usability, flexibility and standardization for our help. This enhancement is only available to Oracle WebLogic customers. Customers on IBM WebSphere will continue to use the legacy help engine. This also means that Framework Help is now included in Product Help.
- Enhanced OIM Integration - The Business object used for Oracle Identity Management (OIM) has been enhanced following feedback from the Oracle Cloud implementations and customers using OIM. The interface now defaults more attributes and uses the user templating functionality to reduce the amount of business rules within OIM.
- User Security Changes - To support greater levels of security, the user object now has additional security levels to control different aspects of security ralated to its maintenance. For example, it is now possible to allow specific users to administrate user group membership.
- Map XML Enhancements - A simpler approach to mapping fields has been implemented to speed up mapping XML data types including a new wizard to aid schema designers.
- XQuery engine upgraded - The latest Oracle XQuery engine has been adopted to provide new functions and reduce memory footprint needed for scripting.
- Batch Parameter Security - It is now possible to encrypt data used on individual sensitive batch parameters.
- System Heath Check - A new system wide health check API has been introduced that can be extended to verify components within the architecture to provide status information. The initial release will cover architecture and specific level of service checks. A simple user interface and web service have been included for this facility. This will be incorporated into a future Application Management Pack for Oracle Utilities release.
- Additional Sort keys on Manual To Dos - Manual To Do entries now populate the standard sort keys even if custom sort keys are populated.
- Extendable Lookup Enhancements - We have added a few new features for Extendable lookups to make them easier to use. This includes characteristic support, a new CLOB field, overriding support, action support and extended validation support.
- Support Manual Transition of Sych Requests - It is now possible to manually transition a Sync Request.
- Currency Symbol Support - Number elements may define a currency reference to automatically render the currency symbol.
- Extended Currency Support - The base classes within the framework have been extended to support a wider range of world currencies.
- Page Based Web Services - Inbound Web Services has been extended to now support legacy page based services. This will reuse the definitions in the page services to expose them as Inbound Web Services without the need for further configuration. This will aid in moving from XAI to IWS for legacy customers.
- Message Driven Bean in IWS - A new MDB implementation has now been made available in the IWS implementation to implement an Integration Server architecture. Existing MDB implementations will be supported in the short term but will need to move to this new IWS implementation long term.
More articles will be published over the next few weeks outlining more information about most of these enhancements. Refer to the product documentation and release notes for more details of each of these enhancements.
The Oracle Application Management Pack for Oracle Utilities is usually installed using the Self Update feature in Oracle Enterprise Manager. It is easiest method of installation. This requires the Oracle Management Server to be connected to the internet (directly of via proxy) which some site do not allow. Luckily Oracle Enterprise Manager has an offline mode as well and the installation of the pack can also be done offline.
Here is how you install the pack in offline mode:
- Download the pack from Oracle Software Delivery Cloud. This is known as an OPAR which is the install format for the pack.
- Transfer the OPAR to the machine housing the Oracle Management Server (OMS) component of Oracle Enterprise Manager. If your installation is multi-OMS then refer to the Oracle Enterprise Manager installation guide for more instructions. Ensure the user you are using to install has read access to the file at least.
- Logon to the OMS machine and execute the following command from the oms/bin directory.
./emcli setup -url=https://<omsserver>:<omsport>/em -username=sysman -password=<password> -trustall
<omserver> is the OMS server name
<omsport> is the administration port for the OMS
<password> is the password for the OMS administrator
- Execute the command to install the pack:
./emcli import_update -file=<oparname> -omslocal
<oparname> - Fully qualified name and path of the file you downloaded.
- Now deploy the pack on the OMS using the PlugIn maintenance from the console. This may require an outage as pack installs may change the OMR and OMS.
- Deploy the pack on agents located on the Oracle Utilities servers.
That is how you install the pack in offline mode.
In Oracle Utilities Application Framework V4.x, a new column was added to the user object to add an additional layer of security. This field is a user hash that generates on the complete user object. The idea behind the hash is that when a user logs in a hash is calculated for the session and is checked against the user record registered in the system. If the user hash generated does not match the user hash recorded on the user object then the user object may not be valid so the user cannot login.
This hash is there to detect any attempt to alter the user definition using an invalid method. If there is an alteration was not using the provided interfaces (using the online or a Web Service) then the record cannot be trusted so the user cannot use that identity. The idea is that if someone "hacks" the user definition using an invalid method, the user object will become invalid and therefore effectively locked. It protects the integrity of the user definition.
This facility typically causes no issues but here are a few guidelines to use it appropriately:
- The user object should only be modified using the online maintenance transaction, F1-LDAP job, user preferences maintenance or a Web Service against the user object. The user hash is regenerated correctly when a valid access method is used.
- If you are loading new users from a repository, the user hash must be generated. It is recommended to use a Web Services based interface to the user object to load the users to avoid the hash becoming invalid.
- If a user uses a valid identity and the valid password but gets a message Invalid Login then it is more likely the user hash compare has found an inconsistency. You might want to investigate this before resolving the user hash inconsistency.
- The user hash is generated using the keystore key used by the product installation. If the keystore or values in the keystore are changed, you will need to regenerate ALL the hash keys.
- There are two ways of addressing this use:
- A valid administrator can edit the individual user object within the product and make a simple change to force the hash key to be regenerated.
- Regenerate the hash keys globally using the commands outlined in the Security Guide. This should be done if it is a global issue or at least an issue for more than one user.
For more information about this facility and other security facilities, refer to the Security Guide shipped with your product.