Oracle passwords usually expire after a number of days. There is a known situation where the ODS password used for all OID functionality can expire after so many days. If you run into a situation where your server with OID/OAM had to be restarted due to applying a patch, power outage, etc. and all login attempts to your application can result in failing with “Invalid username or password” resulting in a showstopping situation. To resolve this problem, an ODS password reset will be required as the OID processes cannot start up until the schema’s password is reset.
When this happens, if you check OPMN for your OID Oracle Instance, it should show that everything associated with the process “oid1” is either in a “Down” or “Stop” state.
Also, if you look in %OID_ORACLE_INSTANCE%\diagnostics\logs\OID\oid1 at the bottom of the file “oidmon-0000.log”, you will notice the following:
This means that the root cause proves that ODS needs to have its password reset. You can use the following steps to do this:
1. Go to %OID_ORACLE_INSTANCE%\bin and run “opmnctl stopall” to stop OPMN for OID.
Example: cd D:\Oracle\Middleware\oid_inst_1\bin, opmnctl stopall
2. Log into sqlplus using the ods user (sqlplus ods/ods_password@db_name)
Example: sqlplus ods/password@orcl
3. When logging in, you should see the ORA-28002 error appear. However, you will still connect without failure.
4. Change the password for ods to the same password from before: alter user ods identified by ods_password;
Example: alter user ods identified by password;
5. If successful, it should say “User altered” which means that the password has been updated.
6. Repeat steps 2-5 for the following users:
NOTE: The passwords for the above three users will be the same as ODS
NOTE: If the password has expired, you will be required to type in a password. You may use the same password from before.
7. Start up OPMN for OID (opmnctl startall)
Example: cd D:\Oracle\Middleware\asinst_idm\bin, opmnctl startall
8. Verify with opmnctl status that everything is in an “Alive” state.
9. Start up the WebLogic servers for OID and OAM. They should start up without error.
10. You should be able to successfully log into the SSO-protected application.
NOTE: The ODS user should have sufficient privileges to change its own password. If for some strange reason in step 4 that you get an “Insufficient privileges” error, I would repeat steps 1-4 except you should log in with a sysdba user (sys for example).