Topic
1 reply Latest Post - ‏2012-11-15T04:23:07Z by SystemAdmin
SystemAdmin
SystemAdmin
9855 Posts
ACCEPTED ANSWER

Pinned topic TSPM / TIP connectivity issue (related to certificates?)

‏2012-11-14T23:25:28Z |
Hi Folks,

I see the following exception in SystemOut.log of TIP when I login to TIP and Click on "Services" or "Policies". TIP and TSPM/WAS are on the same host. Please help!

Caused by: org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=70d2cbc3, host=JVTSPM) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No



11/14/12 15:18:55:094 PST 00000035 ExceptionHand E CTGVR0001E An application fault was detected. The stack trace: com.ibm.tspm.datamodel.exception.TSPMRuntimeException: CTGVG0263E The Tivoli Security Policy Manager cannot be reached. Contact the system administrator, or review the logs on the WebSphere Application Server where the Tivoli Security Policy Manager Console is installed.
at com.ibm.tspm.mgmt.tasks.impl.util.ServiceLocator.getService(ServiceLocator.java:170)
at com.ibm.tspm.mgmt.tasks.impl.TaskManagerFactory.getAdminTaskManager(TaskManagerFactory.java:514)
at com.ibm.tspm.console.utils.AdminDelegationUtils.arePermissionsGranted(AdminDelegationUtils.java:126)
at com.ibm._jsp._TSPMObjectEditor1._jspService(_TSPMObjectEditor1.java:1072)
at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:87)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1096)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:570)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:226)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3444)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:815)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1466)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:119)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
Caused by: javax.naming.NoPermissionException: NO_PERMISSION exception caught [Root exception is org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=70d2cbc3, host=JVTSPM) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No
>> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processIdentityToken(CSIServerRIBase.java:2047)
>> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.receive_request(CSIServerRI.java:524)
>> at com.ibm.rmi.pi.InterceptorManager.invokeInterceptor(InterceptorManager.java:624)
>> at com.ibm.rmi.pi.InterceptorManager.iterateServerInterceptors(InterceptorManager.java:510)
>> at com.ibm.rmi.pi.InterceptorManager.iterateReceiveRequest(InterceptorManager.java:770)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:611)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:475)
>> at com.ibm.rmi.iiop.ORB.process(ORB.java:504)
>> at com.ibm.CORBA.iiop.ORB.process(ORB.java:1571)
>> at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2771)
>> at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2640)
>> at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
>> at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
>> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
>> SERVER (id=70d2cbc3, host=JVTSPM) TRACE END.
vmcid: 0x49424000 minor code: 30D completed: No]
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1933)
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1866)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt(CNContextImpl.java:1556)
at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl.java:1358)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:172)
at javax.naming.InitialContext.lookup(InitialContext.java:363)
at com.ibm.tspm.mgmt.tasks.impl.util.ServiceLocator.getService(ServiceLocator.java:154)
... 27 more
Caused by: org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=70d2cbc3, host=JVTSPM) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No
>> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processIdentityToken(CSIServerRIBase.java:2047)
>> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.receive_request(CSIServerRI.java:524)
>> at com.ibm.rmi.pi.InterceptorManager.invokeInterceptor(InterceptorManager.java:624)
>> at com.ibm.rmi.pi.InterceptorManager.iterateServerInterceptors(InterceptorManager.java:510)
>> at com.ibm.rmi.pi.InterceptorManager.iterateReceiveRequest(InterceptorManager.java:770)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:611)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:475)
>> at com.ibm.rmi.iiop.ORB.process(ORB.java:504)
>> at com.ibm.CORBA.iiop.ORB.process(ORB.java:1571)
>> at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2771)
>> at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2640)
>> at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
>> at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
>> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
>> SERVER (id=70d2cbc3, host=JVTSPM) TRACE END.
vmcid: 0x49424000 minor code: 30D completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:522)
at com.ibm.rmi.iiop.ReplyMessage._getSystemException(ReplyMessage.java:242)
at com.ibm.rmi.iiop.ReplyMessage.getSystemException(ReplyMessage.java:190)
at com.ibm.rmi.iiop.ClientResponseImpl.getSystemException(ClientResponseImpl.java:232)
at com.ibm.rmi.corba.ClientDelegate.intercept(ClientDelegate.java:968)
at com.ibm.rmi.corba.ClientDelegate.invoke(ClientDelegate.java:447)
at com.ibm.CORBA.iiop.ClientDelegate.invoke(ClientDelegate.java:1185)
at com.ibm.rmi.corba.ClientDelegate.invoke(ClientDelegate.java:764)
at com.ibm.CORBA.iiop.ClientDelegate.invoke(ClientDelegate.java:1215)
at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:484)
at com.ibm.WsnOptimizedNaming._NamingContextStub.resolve_complete_info(_NamingContextStub.java:490)
at com.ibm.ws.naming.jndicos.CNContextImpl.cosResolve(CNContextImpl.java:4375)
at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1905)
... 33 more
Updated on 2012-11-15T04:23:07Z at 2012-11-15T04:23:07Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    9855 Posts
    ACCEPTED ANSWER

    Re: TSPM / TIP connectivity issue (related to certificates?)

    ‏2012-11-15T04:23:07Z  in response to SystemAdmin
    Here are the specs:

    TSPM v7.1.0.4
    DB2 v9.7
    WAS-NDM 7.0.0.25
    Windows 2003 SP2