An application returns an error of the formjava.sql.SQLException: ORA-01017: invalid username/password; logon denied. This can occur when performing certain actions or testing the connection.
Diagnosis
The error is being returned by the underlying Oracle DB, and IdentityIQ is reporting the failure. The best first step to resolving this error is to ensure the underlying database is functioning correctly, and that the application definition in IdentityIQ is correct.
Attempt to access the underlying Oracle DB directly, or through a tool outside of IdentityIQ.
Verify the configuration details of the application are correctly recorded in the application definition.
Check the credentials stored in the application definition. Ensure they are typed correctly and that the corresponding account has sufficient access to the DB.
If these steps identify the problem, correct the issue and verify the connection works as expected.
Solution
If the prior steps have not identified the problem, it's likely your local machine has cached the credentials incorrectly in the browser. You can take a further step to verify this by logging into IdentityIQ in a private browser session and testing the connection to the application.
It is best practice to ensure your browser never caches or otherwise stores usernames or passwords for either IdentityIQ or the underlying applications it connects to. Browsers attempting to autocomplete forms with incorrect credentials is a frequent cause of connection failure.
Refer to your browser documentation for help clearing any stored credentials and disabling this feature going forward.
Further issues
Though the described solution resolves most instances of this issue, further steps can be taken if it has not been resolved.
From the IdentityIQ debug page, open the application definition in the Object Editor.
Locate the user/password used to connect to the database. It should look similar to
From the terminal, run the command "iiq encrypt <password>" where <password> is the password you previously verified is functional for the account specified.
Copy and paste the returned value into the Object Editor and save the file.
From the terminal, run the following commands to test the connection: iiq console connectorDebug <appname> test
The console should return "Test Succeeded."
Connection issues caused by failed decrypts are typically the result of keystore configuration issues. For more information about how the IdentityIQ keystore works, refer to the technical whitepaper, Using the IdentityIQ Keystore.
