Topic
  • 6 replies
  • Latest Post - ‏2011-04-26T02:27:33Z by Pranam_C_S
Pranam_C_S
Pranam_C_S
5 Posts

Pinned topic WAS Security Enablement on AIX machine

‏2011-04-20T06:46:34Z |
Hi

I installed WAS 8.0 on AIX 7.1. The Installation Manager based install did not allow security to be enabled. I went ahead and installed WAS 8 and then created a profile.
Later, I logged in and Enabled administrative security and Enabled application security. I used the federated repositories realm and configured the wasadmin username and password.
After restarting the WAS, I am unable to login. In the log I see:
"WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type"
One post suggest that I regenerate my LTPA keys. I did that but my problem was not solved.

Is there something wrong in my steps ?
Could you help ?

Regards
Pranam
Updated on 2011-04-26T02:27:33Z at 2011-04-26T02:27:33Z by Pranam_C_S
  • kark
    kark
    18 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-20T23:05:02Z  
    Hi,

    We tried to reproduce this but we did not see any issues. We used a Beta 3 base profile using IM on AIX 7.1 (64bit).

    Can you give us more information on your setup - for eg. is it base profile? When you say IM did not allow security to be enabled, can you describe the issue? For eg. did you not see the security panel or did it not accept the information you entered? Can you provide us the security.xml file and clean security trace (com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off) when you enabled it after creating the profile?

    Also, if it is really an issue with LTPA keys, you can try removing the ltpa.jceks file (under the nodes directory - back it up somewhere outside the configuration path) and restart the server and see if it makes a difference (this file will be recreated during the server startup).

    Ajay
    Updated on 2011-04-20T23:05:02Z at 2011-04-20T23:05:02Z by kark
  • Pranam_C_S
    Pranam_C_S
    5 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-25T02:43:53Z  
    • kark
    • ‏2011-04-20T18:49:30Z
    Hi,

    We tried to reproduce this but we did not see any issues. We used a Beta 3 base profile using IM on AIX 7.1 (64bit).

    Can you give us more information on your setup - for eg. is it base profile? When you say IM did not allow security to be enabled, can you describe the issue? For eg. did you not see the security panel or did it not accept the information you entered? Can you provide us the security.xml file and clean security trace (com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off) when you enabled it after creating the profile?

    Also, if it is really an issue with LTPA keys, you can try removing the ltpa.jceks file (under the nodes directory - back it up somewhere outside the configuration path) and restart the server and see if it makes a difference (this file will be recreated during the server startup).

    Ajay
    Hi,

    Sorry for raising a false alarm. I think I missed out on a step in between. After re-trying it works. The only difference I noted was during one of the steps the check box that selects security was un-checked. I had to check it again. In case I find more information or a set of steps that can reproduce the problem I shall post it

    Thanks and Regards
    Pranam
  • Pranam_C_S
    Pranam_C_S
    5 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-25T03:14:53Z  
    1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
    dException.
    The interesting part is that my friend from the other machine can login.

    2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.
  • Pranam_C_S
    Pranam_C_S
    5 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-25T03:38:29Z  
    1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
    dException.
    The interesting part is that my friend from the other machine can login.

    2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.
    Attaching the logs and security.xml file

    Attachments

  • kark
    kark
    18 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-25T03:50:08Z  
    1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
    dException.
    The interesting part is that my friend from the other machine can login.

    2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.
    NameAlreadyBoundException should not typically cause any issues with logging into the console. Most of the time it is just an information message.

    What is the console exception and do you have any trace? Are you both using the same install and it works for one and not for the other for the same user credentials? What happens in the failure case? For eg, does it re-prompt you, see an unauthorized error?

    --Ajay
  • Pranam_C_S
    Pranam_C_S
    5 Posts

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-26T02:27:33Z  
    • kark
    • ‏2011-04-25T03:50:08Z
    NameAlreadyBoundException should not typically cause any issues with logging into the console. Most of the time it is just an information message.

    What is the console exception and do you have any trace? Are you both using the same install and it works for one and not for the other for the same user credentials? What happens in the failure case? For eg, does it re-prompt you, see an unauthorized error?

    --Ajay
    Hi Ajay,

    I cleared browser cache and am able to login now. I was used to the earlier versions of WAS which would say session expired. I am unable to reproduce the console exception that we saw.
    I am going to close this chain.

    Regards
    Pranam