Showing results for 
Show  only  | Search instead for 
Did you mean: 

IdentityIQ returns Oracle error: ORA-01017: invalid username/password; logon denied

IdentityIQ returns Oracle error: ORA-01017: invalid username/password; logon denied



An application returns an error of the formjava.sql.SQLException: ORA-01017: invalid username/password; logon denied. This can occur when performing certain actions or testing the connection.



The error is being returned by the underlying Oracle DB, and IdentityIQ is reporting the failure. The best first step to resolving this error is to ensure the underlying database is functioning correctly, and that the application definition in IdentityIQ is correct.

  1. Attempt to access the underlying Oracle DB directly, or through a tool outside of IdentityIQ.
  2. Verify the configuration details of the application are correctly recorded in the application definition.
  3. Check the credentials stored in the application definition. Ensure they are typed correctly and that the corresponding account has sufficient access to the DB.

If these steps identify the problem, correct the issue and verify the connection works as expected.



If the prior steps have not identified the problem, it's likely your local machine has cached the credentials incorrectly in the browser. You can take a further step to verify this by logging into IdentityIQ in a private browser session and testing the connection to the application.

It is best practice to ensure your browser never caches or otherwise stores usernames or passwords for either IdentityIQ or the underlying applications it connects to. Browsers attempting to autocomplete forms with incorrect credentials is a frequent cause of connection failure.

Refer to your browser documentation for help clearing any stored credentials and disabling this feature going forward.


Further issues

Though the described solution resolves most instances of this issue, further steps can be taken if it has not been resolved.

  1. From the IdentityIQ debug page, open the application definition in the Object Editor.
  2. Locate the user/password used to connect to the database. It should look similar to
    <entry key="user" value="admin"/>
    <entry key="password" value="1:ACP:xP60TTmXBw9sjBAvAP5g=="/>​
  3. From the terminal, run the command "iiq encrypt <password>" where <password> is the password you previously verified is functional for the account specified.
  4. Copy and paste the returned value into the Object Editor and save the file.
  5. From the terminal, run the following commands to test the connection:
    iiq console
    connectorDebug <appname> test
  6. The console should return "Test Succeeded."

Connection issues caused by failed decrypts are typically the result of keystore configuration issues. For more information about how the IdentityIQ keystore works, refer to the technical whitepaper, Using the IdentityIQ Keystore

Labels (3)
Version history
Revision #:
3 of 3
Last update:
‎Jul 31, 2023 06:51 PM
Updated by: