APAR status
Closed as program error.
Error description
USERS AFFECTED: InfoSphere Information Server 11.3 and 11.5 installations in a WebSphere cluster configuration. PROBLEM DESCRIPTION: For InfoSphere Information Server 11.3 & 11.5, the installation configures a separate security domain for the InfoSphere Information Server applications. However, the security domain during the applications initialization is set to the global security administrator domain. The background scheduler threads are created during the initialization phase and they inherit the global security administrator domain and that setting does not get changed after initialization. As a consequence, if a background task needs to validate that the user who submitted the task has the proper roles, that user is checked against the global registry and if it is not configured to be the same as the IBM_Information_Server_sd security domain, the user may not be found. If this happens, you will see errors like this in the WebSphere application server profile's SystemOut.log like this: [5/6/15 12:24:00:330 EDT] 000000b4 ASBHelper E Failed to login to execute task for schedule [d70c6594.80cb2b5c.323kon42a.vf9sgpq.flj5a9.kkbagc5g9mrs52cv66nh k], execution ID is [mysystem1001Node01_dev/myprofile-d70c6594.80cb2b5c.323kon42a.vf 9sgpq.flj5a9.kkbagc5g9mrs52cv66nhk-a59b8c6a-e83f-4e2f-a004-61b5f c0c6421], execution date is [05/06/15 12:24:00:2 PM], scheduled execution date is [05/06/15 12:24:00:0 PM], service name is [EventHandlerTaskExecutionService]: User [myuser] is not found in the repository Another symptom of this problem is when the background task fails and in the SystemOut.log file you find errors like this: [8/21/15 10:34:01:217 EDT] 000000bd WASJ2EEDirect W com.ibm.iis.isf.j2ee.impl.was.security.WASJ2EEDirectoryImpl getVmmUsers NOT RE-THROWN java.security.PrivilegedActionException: com.ibm.websphere.wim.exception.WIMException where you see in the stack trace: Caused by: java.lang.NullPointerException at org.eclipse.emf.ecore.impl.EClassImpl.getFeatureID(EClassImpl.ja va:894)
Local fix
This problem can be fixed by going into the WebSphere administration console: Click Security > Global security > Custom Properties and add the com.ibm.websphere.security.useAppContextForServletInit custom property and set it to true. Restart the entire cluster including the deployment manager and node agents. Note that this is a cell wide setting. The long term fix will be a code change that will limit the setting to InfoSphere. Problem conclusion: Set the setting com.ibm.websphere.security.useAppContextForServletInit in the global security configuration or apply the APAR fix when it is available.
Problem summary
**************************************************************** USERS AFFECTED: 11.3 & 11.5 installations in a WebSphere cluster configuration **************************************************************** PROBLEM DESCRIPTION: For InfoSphere Information Server 11.3 & 11.5, the installation configures a separate security domain for the InfoSphere Information Server applications. However, the security domain during the applications initialization is set to the global security administrator domain. The background scheduler threads are created during the initialization phase and they inherit the global security administrator domain and that setting does not get changed after initialization. As a consequence, if a background task needs to validate that the user who submitted the task has the proper roles, that user is checked against the global registry and if it is not configured to be the same as the IBM_Information_Server_sd security domain, the user may not be found. If this happens, you will see errors like this in the WebSphere application server profile's SystemOut.log like this: [5/6/15 12:24:00:330 EDT] 000000b4 ASBHelper E Failed to login to execute task for schedule [d70c6594.80cb2b5c.323kon42a.vf9sgpq.flj5a9.kkbagc5g9mrs52cv66nh k], execution ID is [mysystem1001Node01_dev/myprofile-d70c6594.80cb2b5c.323kon42a.vf 9sgpq.flj5a9.kkbagc5g9mrs52cv66nhk-a59b8c6a-e83f-4e2f-a004-61b5f c0c6421], execution date is [05/06/15 12:24:00:2 PM], scheduled execution date is [05/06/15 12:24:00:0 PM], service name is [EventHandlerTaskExecutionService]: User [myuser] is not found in the repository Another symptom of this problem is when the background task fails and in the SystemOut.log file you find errors like this: [8/21/15 10:34:01:217 EDT] 000000bd WASJ2EEDirect W com.ibm.iis.isf.j2ee.impl.was.security.WASJ2EEDirectoryImpl getVmmUsers NOT RE-THROWN java.security.PrivilegedActionException: com.ibm.websphere.wim.exception.WIMException where you see in the stack trace: Caused by: java.lang.NullPointerException at org.eclipse.emf.ecore.impl.EClassImpl.getFeatureID(EClassImpl.ja va:894) **************************************************************** RECOMMENDATION: Change the WAS setting described in Local Fix or apply the fix included in ISF 11.3 rollup patch 3, or ISF 11.5 rollup patch 8, or Information Server 11.5 Service Pack 2. ****************************************************************
Problem conclusion
Change code to limit the setting of useAppContextForServletInit to InfoSphere
Temporary fix
Comments
APAR Information
APAR number
JR54206
Reported component name
WIS INFORM ANAL
Reported component ID
5724Q36IA
Reported release
B30
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-09-04
Closed date
2015-10-20
Last modified date
2017-09-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WIS INFORM ANAL
Fixed component ID
5724Q36IA
Applicable component levels
RB30 PSY
UP
RB31 PSY
UP
RB50 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSZJLG","label":"InfoSphere Information Analyzer"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B30"}]
Document Information
Modified date:
14 October 2021