Topic
  • 3 replies
  • Latest Post - ‏2019-08-06T08:35:57Z by bender10
bender10
bender10
8 Posts

Pinned topic Problem connecting TDI 7.1.1 with ISIM 7.0.1.3 API

‏2019-08-02T08:51:19Z |

Hi!

 

I'm trying to connect my TDI 7.1.1 with my ISIM API. Here is my code to get the context and the subject:

 

function getContext()
{
    var appServerURL = "corbaloc:iiop:10.211.1.28:9067,:10.211.1.29:9067";
    var platformContextFactory = "com.ibm.itim.apps.impl.websphere.WebSpherePlatformContextFactory";
    var ejbUser = "isimsystem@itimCustomRealm";
    var ejbPwd = "**********"
    var itimRealm = "itimCustomRealm";
    
    system.setJavaProperty("java.security.auth.login.config", "E:/IBM/ISIMAPI/jaas_login_was.conf");
    system.setJavaProperty("com.ibm.CORBA.ConfigURL", "file:E:/IBM/ISIMAPI/sas.client.props");
    system.setJavaProperty("com.ibm.CORBA.securityServerHost", "10.211.1.28,10.211.1.29");
    system.setJavaProperty("com.ibm.CORBA.securityServerPort", "9067");
    system.setJavaProperty("com.ibm.SSL.ConfigURL", "file:E:/IBM/ISIMAPI/ssl.client.props");    

    var env = new Packages.java.util.Hashtable();
    env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.CONTEXT_FACTORY, platformContextFactory);
    env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_URL, appServerURL);
    env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_PRINCIPAL, ejbUser);
    env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_CREDENTIALS, ejbPwd);
    env.put(Packages.com.ibm.itim.apps.InitialPlatformContext.PLATFORM_REALM, itimRealm);

    var platform = null;
    
    try
    {
        platform = new Packages.com.ibm.itim.apps.InitialPlatformContext(env);
        task.logmsg("Successfully got platform context");
    }
    catch(e)
    {
        task.logmsg("Error Class: " + e.getClass());
        task.logmsg("Error Message: " + e.getMessage());
        task.logmsg("Error LocalizedMessage: " + e.getLocalizedMessage());
    
        var stack = e.getStackTrace();
        var i = 0;
        for(i = 0; i < stack.length; i++) {
            task.logmsg(stack[i].toString());
        }
    }

    return platform;
}

function getSubject()
{
    var itimUser = "itim manager";
    var itimPwd = "********";
    var itimRealm = "itimCustomRealm"
    var handler = Packages.com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl(itimUser, itimRealm, itimPwd);
    var loginContext = Packages.javax.security.auth.login.LoginContext("WSLogin", handler);
    
    try
    {
        loginContext.login();
        task.logmsg("Logged in");
    }
    catch(e)
    {
        task.logmsg("Error Class: " + e.getClass());
        task.logmsg("Error Message: " + e.getMessage());
        task.logmsg("Error LocalizedMessage: " + e.getLocalizedMessage());
        var stack = e.getStackTrace();
        var i = 0;
        for(i = 0; i < stack.length; i++) {
            task.logmsg(stack[i].toString());
        }    
    }
    
    return loginContext.getSubject();
}
    
var itimPlatform = getContext();
var subject = getSubject();

 

I have copied the jaas_login_was.conf, sas.client.props and ssl.client.props from mi VA machines, and edited the content of sas.clients.props as follows:

 

com.ibm.CORBA.securityServerHost=10.211.1.28,10.211.1.29
com.ibm.CORBA.securityServerPort=9067

 

where 10.211.1.28 and 10.211.1.29 are my ITIM Admin console IPs (not my VA IPs).

 

When using the above code, I'm getting the following error:

SECJ0395E: Could not locate the SecurityServer at host/port: 10.211.1.28,10.211.1.29/9067 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in ${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file.

 

I have enabled the CORBA debug, and there I can see the attached log.

 

I have also seen that TDI is using JRE 1.6.0 IBM J9 2.4 Windows Server 2008 amd64-64 jvmwa6460sr10-20111207_96808 and in VA I can see /opt/IBM/WebSphere/AppServer/java_1.7.1_64/bin/java. Could be that version missmatch the problem?

 

I have also tested that I can reach 10.211.1.28:9067 and 10.211.1.29:9067 from my TDI machine!

 

Thanks in advance!!

 

 

 

Attachments

Updated on 2019-08-02T08:54:24Z at 2019-08-02T08:54:24Z by bender10
  • franzw
    franzw
    511 Posts

    Re: Problem connecting TDI 7.1.1 with ISIM 7.0.1.3 API

    ‏2019-08-02T10:36:15Z  

    I love it when I have to do a CORBA trace to have ISIM Java API to work....

    Setting this up with TDI to ISIM VA is not something for the fainthearted - I have only done this once - and as far as I can see you have you things correct assuming you have loaded the correct jar files in the correct sequence as there is a class conflict between on of the required WAS libraries and the included Eclipse http classes - go figure. To ensure this is not the problem you should load the WAS classes as early as possible - jar files are loaded alphabetically from the TDI jars directory - so a folder starting with "00" removes the problem....

    I have a document that a coworker did some time ago - it is different from what I normally do (ISIM 6ish)  - so I have not been able to spot what is missing/wrong here...

    It would be nice if you had the time to raise a case (known as PMR in older days) and have IBM Support help you through - if we are luck they could update the half baked Technotes that exists for setting this....

    Regards

    Franz Wolfhagen

    PS. I am investigating to do a "zero conf" setup of this to basically eliminate all TDI setup - alas due to the conflicting class this requires some class loader magic that I do not understand - but else it should be possible - so if somebody wants to chime in on this we may be able to accelerate this - this would of course be a public domain thing...

     

  • bender10
    bender10
    8 Posts

    Re: Problem connecting TDI 7.1.1 with ISIM 7.0.1.3 API

    ‏2019-08-02T12:34:42Z  

    Hi franzw and thanks for your help!!


    Now I have my jars in a folder named 00isimapi inside the jar folder of TDI (E:\IBM\TDI\V7.1.1\jars\00isimapi). I have dropped here the following jars:


    api_ejb.jar (obtained from /opt/ibm/isim/lib)

    itim_api.jar (obtained from /opt/ibm/isim/lib)

    itim_common.jar (obtained from /opt/ibm/isim/lib)

    itim_server.jar (obtained from /opt/ibm/isim/lib)

    itim_server_api.jar (obtained from /opt/ibm/isim/lib)

    jlog.jar (obtained from /opt/ibm/isim/lib)

    com.ibm.cv.kmip.ext.jar (obtained from /opt/ibm/isim/lib)

    com.ibm.ws.ejb.portable_8.5.0.jar (obtained from /opt/ibm/WebSphere/AppServer/runtimes) In the doc that I have followed, it says that this jar should be on /opt/ibm/WebSphere/AppServer/plugins, but I have only found it in the path I mentioned

    com.ibm.ws.emf.jar (obtained from /opt/ibm/WebSphere/AppServer/plugins)

    com.ibm.ws.runtime (obtained from /opt/ibm/WebSphere/AppServer/plugins)

    com.ibm.ws.admin.client_8.5.0.jar (obtained from /opt/ibm/WebSphere/AppServer/runtimes)


    But I'm still getting the same error :(


    In the log, I can see the following line: 14:29:11.831 com.ibm.rmi.iiop.Connection createInputStream:1429 RT=0:P=951674:O=0:TCPTransportConnection[addr=10.211.1.28,port=9067,local=56828] ORBRas[default] Entry


    It's trying to connect to the correct IP and port (one of them), but after a few lines, I can see the following error:


    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection <init> (client-side):244 AssemblyLines/ Update Organizational Structure ORBRas[default] Entry, p1=key=[com.ibm.rmi.transport.ConnectionKeyImpl@b22022ae, host=10.211.1.28, port=0]
    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection <init> (client-side):261 AssemblyLines/ Update Organizational Structure ORBRas[default] Exit, p1=localHost=null
    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection <init> (client-side):104 AssemblyLines/ Update Organizational Structure ORBRas[default] connectionKey=[com.ibm.rmi.transport.ConnectionKeyImpl@b22022ae, host=10.211.1.28, port=0]
    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection createSocket:137 AssemblyLines/ Update Organizational Structure ORBRas[default] Entry
    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection createSocket:152 AssemblyLines/ Update Organizational Structure ORBRas[default] connecting socket to /10.211.1.28:0 with timeout=0
    14:29:11.862 com.ibm.rmi.transport.TCPTransportConnection connect:406 AssemblyLines/ Update Organizational Structure ORBRas[default]  java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:381)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:243)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:230)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:377)
        at java.net.Socket.connect(Socket.java:539)
        at com.ibm.rmi.transport.TCPTransportConnection.createSocket(TCPTransportConnection.java:155)
        at com.ibm.rmi.transport.TCPTransportConnection.createSocket(TCPTransportConnection.java:167)
        at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:357)


    It looks like it's trying to connect to port 0....


    May be a problem with the balanced environment? There's something additional that I can do to log my error?

     

    I'm attaching my ssl.client.props, sas.client.props and jaas_login_was.conf


    I'm trying to connect the API to update the organizational structure reading it from a database. My other option is to update the organizational structure directly in the ISIM LDAP, but I don't know if generating random globalids and creating new organizational structure through LDAP directly will cause any issue.

    Updated on 2019-08-02T12:45:40Z at 2019-08-02T12:45:40Z by bender10
  • bender10
    bender10
    8 Posts

    Re: Problem connecting TDI 7.1.1 with ISIM 7.0.1.3 API

    ‏2019-08-06T08:35:57Z  

    UPDATE:

     

    I have noticed that I missed the orb.properties file inside my JVM. Now, with this file, I'm getting the following error:

     

    [6/08/19 10:33:13:803 CEST] 00000026 JSSEHelper    3   SSL client config properties are missing. The property 'com.ibm.SSL.ConfigURL' may not be set properly.
    [6/08/19 10:33:13:803 CEST] 00000026 SecurityServe E   SECJ0395E: No se ha podido localizar el SecurityServer en el host/puerto: srvidigi1.test.es/9067 para validar el ID de usuario y la contraseña especificados. Puede que tenga que especificar un securityServerHost/Port válido en el archivo WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props.
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage >  getInstance Entry
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   getProperty : com.ibm.websphere.security.suppressExceptionStack
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   Property from csiv2 config is: null
    [6/08/19 10:33:13:803 CEST] 00000026 ServerStatusH 3   isRunningInServerMode=false
    [6/08/19 10:33:13:803 CEST] 00000026 ServerStatusH 3   isRunningInServerMode=false
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   getProperty is called on client, skipping SecurityConfig check.
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   Property from orb is: null, the orb: com.ibm.CORBA.iiop.ORB@30953095
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   Returning:
    [6/08/19 10:33:13:818 CEST] 00000026 SecurityObjec I   Client code attempting to load security configuration
    [6/08/19 10:33:13:803 CEST] 00000026 ContextManage 3   
                                     javax.naming.NamingException: Error getting WsnNameService properties [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No]
        at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1552)
        at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1042)
        at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:962)
        at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:614)
        at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
        at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
        at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
        at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
        at javax.naming.InitialContext.lookup(InitialContext.java:436)
        at com.ibm.WebSphereSecurityImpl.SecurityServerImpl.lookUpRemoteSecurityServer(SecurityServerImpl.java:318)
        at com.ibm.WebSphereSecurityImpl.SecurityServerImpl.doGetSecurityServer(SecurityServerImpl.java:121)
        at com.ibm.WebSphereSecurityImpl.SecurityServerImpl.getSecurityServer(SecurityServerImpl.java:107)
        at com.ibm.WebSphereSecurityImpl.SecurityServerImpl.<init>(SecurityServerImpl.java:94)
        at java.lang.J9VMInternals.newInstanceImpl(Native Method)
        at java.lang.Class.newInstance(Class.java:1345)
        at com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl.getSecurityServer(VaultImpl.java:642)
        at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2313)
        at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:393)
        at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4606)
        at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5474)
        at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5565)
        at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4604)
        at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4411)
        at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
        at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
        at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
        at java.security.AccessController.doPrivileged(AccessController.java:251)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:611)
        at com.ibm.jscript.types.JavaAccessObject.call(JavaAccessObject.java:321)
        at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
        at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:175)
        at com.ibm.jscript.ASTTree.ASTBlock.interpret(ASTBlock.java:100)
        at com.ibm.jscript.ASTTree.ASTTry.interpret(ASTTry.java:109)
        at com.ibm.jscript.std.FunctionObject._executeFunction(FunctionObject.java:261)
        at com.ibm.jscript.std.FunctionObject.executeFunction(FunctionObject.java:185)
        at com.ibm.jscript.std.FunctionObject.call(FunctionObject.java:171)
        at com.ibm.jscript.types.FBSObject.call(FBSObject.java:161)
        at com.ibm.jscript.ASTTree.ASTCall.interpret(ASTCall.java:175)
        at com.ibm.jscript.ASTTree.ASTVariableDecl.interpret(ASTVariableDecl.java:82)
        at com.ibm.jscript.ASTTree.ASTProgram.interpret(ASTProgram.java:119)
        at com.ibm.jscript.ASTTree.ASTProgram.interpretEx(ASTProgram.java:139)
        at com.ibm.jscript.JSExpression._interpretExpression(JSExpression.java:435)
        at com.ibm.jscript.JSExpression.interpretExpression(JSExpression.java:421)
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:251)
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:238)
        at com.ibm.jscript.JSExpression.evaluateValue(JSExpression.java:241)
        at com.ibm.jscript.JSInterpreter.interpret(JSInterpreter.java:57)
        at com.ibm.di.script.ScriptEngine.interpret(ScriptEngine.java:940)
        at com.ibm.di.script.ScriptEngine.exec(ScriptEngine.java:518)
        at com.ibm.di.server.AssemblyLine.runScript(AssemblyLine.java:2641)
        at com.ibm.di.server.AssemblyLine.runProlog0(AssemblyLine.java:2485)
        at com.ibm.di.server.AssemblyLine.msProlog0(AssemblyLine.java:3539)
        at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3360)
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2989)
        at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2972)
        at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:2939)
        at com.ibm.di.server.AssemblyLine.run(AssemblyLine.java:1317)
    Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1275)
        at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1330)
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1163)
        at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1296)
        at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
        at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1252)
        at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
        at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
        at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1549)
        ... 68 more
    Caused by: org.omg.CORBA.COMM_FAILURE: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET Exception=com.ibm.websphere.ssl.SSLException: CWPKI0315E: Las propiedades de configuración SSL son nulas. Podría ser un problema al analizar la configuración del cliente SSL.  vmcid: 0x49421000  minor code: 70  completed: No
        at com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket(WSSSLClientSocketFactoryImpl.java:256)
        at com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(WSSSLTransportConnection.java:236)
        at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:357)
        at com.ibm.ws.orbimpl.transport.WSTransport$1.run(WSTransport.java:503)
        at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
        at com.ibm.ws.orbimpl.transport.WSTransport.getConnection(WSTransport.java:500)
        at com.ibm.CORBA.transport.TransportBase.getConnection(TransportBase.java:187)
        at com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:89)
        at com.ibm.rmi.iiop.GIOPImpl.getConnection(GIOPImpl.java:130)
        at com.ibm.rmi.iiop.GIOPImpl.locate(GIOPImpl.java:219)
        at com.ibm.rmi.corba.ClientDelegate.locate(ClientDelegate.java:1983)
        at com.ibm.rmi.corba.ClientDelegate._createRequest(ClientDelegate.java:2008)
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1185)
        at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1271)
        ... 76 more

     

    It looks like it's not loading the ssl.client.props, but I've tried in all the possible ways. If I dont use the orb.properties file, I'm not getting any error with SSL...

    Updated on 2019-08-06T08:37:41Z at 2019-08-06T08:37:41Z by bender10