I was developing Ruby on Rails application that access data from existing Oracle E-Business Suite application and I wanted to add to this application possibility for users to authenticate themselves by their existing Oracle E-Business Suite user names and passwords.
Oracle is not publicly providing algorythms which are used for user passwords encryption (which are stored in FND_USER table) and therefore some googling was necessary. I was lucky to find Jira eBusiness Suite Authenticator with full source code in Java which also included all Oracle E-Business Suite password encryption / decryption functions. Actually it seems that the >1000 lines source code is decompiled from Oracle Java classes as there are no comments and variable names don’t tell anything.
But as I did not have any better source material I started Ruby rewrite of this code and happily managed to finish it in couple of days. As a result I created Oracle EBS Authentication plugin and you can find out in README file how to install it.
Usage of this plugin is quite simple – here is an example:
database_name = ActiveRecord::Base.connection.current_database
authenticator = OracleEbsAuthentication::Authenticator.new(database_name)
if authenticator.validate_user_password(login, password)
# user authenticated
if authenticator.user_reponsibilities.include? "System Administrator"
# user has System Administrator role
end
# ...
else
# authentication failed
end
BTW Oracle EBS password encryption approach has quite a lot of weaknesses. So if you provide SQL*Net access to your Oracle EBS database then anyone with valid Oracle EBS user name and password can decrypt APPS database user password and also can decrypt passwords of all other users. You can have a deeper look in plugin source code to understand how it can be done :)
Hi,
A Quite a useful plugin.
Which Oracle eBusiness Suite Version does it support i.e., 11.5.9/11.5.10 ?
thanks
Comment by spalife — May 31, 2008 @ 5:01 am |
It is working both with 11.5.9 and 11.5.10. Have not yet tested it on release 12.
Comment by Raimonds Simanovskis — May 31, 2008 @ 10:33 pm |
thanks a lot Raimonds for the update.
I am planning to utilize it soon as an assessment for a project integration solution requirement.
Will update you soon when we get to it, on its progress.
Overall a very helpful, useful plugin which helps the current legacy (oops did i just say oracle ebusiness suite as legacy !) business infrastructure integration plugin.
Great work.
thanks
anil
Comment by spalife — June 4, 2008 @ 3:48 pm |
Any work on encrypting passwords? I’m trying to create a Ruby on Rails password recovery / reset app, and I have just about everything to finish, except I can’t reset Oracle EBS passwords. The work you’ve done and published is great, since I can at least verify the current password, but it would be really nice if I could just hash a new password and put it in the database… Any work done on an encrypt() method?
Comment by Jonathan Gnagy — November 5, 2009 @ 5:54 pm |