Topic
6 replies Latest Post - ‏2011-04-26T02:27:33Z by Pranam_C_S
Pranam_C_S
Pranam_C_S
5 Posts
ACCEPTED ANSWER

Pinned topic WAS Security Enablement on AIX machine

‏2011-04-20T06:46:34Z |
Hi

I installed WAS 8.0 on AIX 7.1. The Installation Manager based install did not allow security to be enabled. I went ahead and installed WAS 8 and then created a profile.
Later, I logged in and Enabled administrative security and Enabled application security. I used the federated repositories realm and configured the wasadmin username and password.
After restarting the WAS, I am unable to login. In the log I see:
"WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type"
One post suggest that I regenerate my LTPA keys. I did that but my problem was not solved.

Is there something wrong in my steps ?
Could you help ?

Regards
Pranam
Updated on 2011-04-26T02:27:33Z at 2011-04-26T02:27:33Z by Pranam_C_S
  • kark
    kark
    18 Posts
    ACCEPTED ANSWER

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-20T23:05:02Z  in response to Pranam_C_S
    Hi,

    We tried to reproduce this but we did not see any issues. We used a Beta 3 base profile using IM on AIX 7.1 (64bit).

    Can you give us more information on your setup - for eg. is it base profile? When you say IM did not allow security to be enabled, can you describe the issue? For eg. did you not see the security panel or did it not accept the information you entered? Can you provide us the security.xml file and clean security trace (com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off) when you enabled it after creating the profile?

    Also, if it is really an issue with LTPA keys, you can try removing the ltpa.jceks file (under the nodes directory - back it up somewhere outside the configuration path) and restart the server and see if it makes a difference (this file will be recreated during the server startup).

    Ajay
    Updated on 2011-04-20T23:05:02Z at 2011-04-20T23:05:02Z by kark
    • Pranam_C_S
      Pranam_C_S
      5 Posts
      ACCEPTED ANSWER

      Re: WAS Security Enablement on AIX machine

      ‏2011-04-25T02:43:53Z  in response to kark
      Hi,

      Sorry for raising a false alarm. I think I missed out on a step in between. After re-trying it works. The only difference I noted was during one of the steps the check box that selects security was un-checked. I had to check it again. In case I find more information or a set of steps that can reproduce the problem I shall post it

      Thanks and Regards
      Pranam
  • Pranam_C_S
    Pranam_C_S
    5 Posts
    ACCEPTED ANSWER

    Re: WAS Security Enablement on AIX machine

    ‏2011-04-25T03:14:53Z  in response to Pranam_C_S
    1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
    dException.
    The interesting part is that my friend from the other machine can login.

    2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.
    • Pranam_C_S
      Pranam_C_S
      5 Posts
      ACCEPTED ANSWER

      Re: WAS Security Enablement on AIX machine

      ‏2011-04-25T03:38:29Z  in response to Pranam_C_S
      Attaching the logs and security.xml file

      Attachments

    • kark
      kark
      18 Posts
      ACCEPTED ANSWER

      Re: WAS Security Enablement on AIX machine

      ‏2011-04-25T03:50:08Z  in response to Pranam_C_S
      NameAlreadyBoundException should not typically cause any issues with logging into the console. Most of the time it is just an information message.

      What is the console exception and do you have any trace? Are you both using the same install and it works for one and not for the other for the same user credentials? What happens in the failure case? For eg, does it re-prompt you, see an unauthorized error?

      --Ajay
      • Pranam_C_S
        Pranam_C_S
        5 Posts
        ACCEPTED ANSWER

        Re: WAS Security Enablement on AIX machine

        ‏2011-04-26T02:27:33Z  in response to kark
        Hi Ajay,

        I cleared browser cache and am able to login now. I was used to the earlier versions of WAS which would say session expired. I am unable to reproduce the console exception that we saw.
        I am going to close this chain.

        Regards
        Pranam