IBM Support

Collecting Data for ITAM: WebSEAL (content issues)

Product Documentation


Abstract

This document describes the specific data needed for problem determination for content issues, including password authentication issues, regarding the WebSEAL component of the IBM Tivoli Access Manager for e-Business product.

Content

  1. If there are multiple WebSEAL instances, and it is not possible to recreate the problem by using only a single WebSEAL instance, all data must be collected concurrently from all WebSEAL instances involved.
  2. Ensure that 'requests = yes' in the [logging] stanza, and 'text/html = -1' at the beginning of the [compress-mime-types] stanza, of the webseald.conf file. If the settings are changed, restart the WebSEAL instance.
  3. Create a 'traces' directory under the WebSEAL server var directory (/var/pdweb/www-default for the default instance), or in another temporary storage location, and make it writable by the WebSEAL user (ivmgr by default). If the directory exists, ensure that previous trace files have been removed. The full path to this directory is referred to as <traces>.
  4. Enable WebSEAL tracing.
    • pdadmin> server task <webseald-instance> trace set pdweb.debug 9 file path=<traces>/pdweb.debug.txt,rollover_size=100000000
    • pdadmin> server task <webseald-instance> trace set pdweb.snoop 9 file path=<traces>/pdweb.snoop.txt,rollover_size=100000000
  5. Recreate the problem. If possible, use a new browser after clearing the browser cache.
  6. Wait 1 minute, then disable WebSEAL tracing.
    • pdadmin> server task <webseald-instance> trace set pdweb.debug 0
    • pdadmin> server task <webseald-instance> trace set pdweb.snoop 0
The following data must be collected in a compressed archive using the Case number in the file name (<Case number>-<date>.tar.gz, i.e., T000012345-20170212.tar.gz):
  1. Information from the WebSEAL environment
    1. The output of the `pdversion` and `gsk7ver` commands on the policy server system (all output should be captured as text, not as screen shots).
    2. The output of the `pdversion`, `gsk7ver`, and `/opt/pdweb/bin/webseald -version` commands on the WebSEAL server system.
    3. The webseald.conf file from the WebSEAL instance.
    4. The junction XML files from the junction-db directory specified in the webseald.conf file.
    5. The fsso.conf files for any FSSO junctions.
    6. If used, the jmt-map (jmt.conf) and/or dynurl-map (dynurl.conf) files specified in the webseald.conf file.
    7. If requested, the pd.conf and ldap.conf files from /opt/PolicyDirector/etc
  2. WebSEAL traces from the <traces> directory.
  3. The requests-file (request.log), and server-log (msg__webseald.log) files specified in the webseald.conf file. If the server-log is large, please include only the last 30000 lines (`tail -30000 msg__webseald.log > msg__webseald-tail.log`). These logs must be concurrent with the WebSEAL traces.
  4. The WebSEAL user ID used to recreate the problem
  5. The IP address from the client system
  6. The time the problem was recreated
  7. The exact URI used for recreating the problem.

If traces have been submitted previously for the current Case, only a single Access Manager WebSEAL environment is involved, and there have been no configuration changes, item A does not need to be collected.

The secure data upload methods from the Access Manager MustGather document should be used to submit the compressed archive for the PMR.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"WebSEAL","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1;6.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ITAM;TAM;ITAM for ebu;ITAM for e-business;WebSeal;IBM Tivoli Access Manager for e-business;TAM for ebu

Document Information

Modified date:
19 February 2019

UID

swg27013204

Page Feedback