Service integration bus security: Troubleshooting tips
Use this set of specific tips to help you troubleshoot problems you experience when working with a secure service integration bus.
To help you identify and resolve service integration bus security-related problems, use the WebSphere® Application Server trace and logging facilities as described in Setting up component trace (CTRACE).
SystemOut.log
file.
You can also enable the application server debug trace to provide
a detailed exception dump.WebSphere Application Server system messages are logged
from a variety of sources, including application server components
and applications. Messages logged by application server components
and associated IBM products start with a unique message identifier
that indicates the component or application that issued the message.
The prefix for the service integration bus security component is CWSII
.
The Troubleshooter reference: Messages contains information about all WebSphere Application Server messages, indexed by message prefix. For each message there is an explanation of the problem, and details of any action that you can take to resolve the problem.
Migrating a Version 5.1 application server to WebSphere Application Server Version 7.0 or later
SibMessage W [:] CWSIT0009W: A client request failed in the application
server with endpoint <endpoint_name> in bus your_bus with reason: CWSIT0016E:
The user ID null failed authentication in bus your_bus.
In WebSphere Application Server Version 7.0 or later, when you use a service integration bus and WebSphere Application Server security is enabled for the server or cell, by default the service integration bus queue destination inherits the security characteristics of the server or cell. So if the server or cell has basic authentication enabled, then the client request fails.
- Disable security.
- For an equivalent level of security to the configuration on Version 5.1, modify the settings for the service integration bus that hosts the queue destination so that bus security is disabled and therefore the bus does not inherit security characteristics from the server or cell.
- For a greater level of security than the configuration on Version 5.1, configure basic authentication on each client that uses the service.
To disable WebSphere Application Server security, refer to Enabling and disabling security using scripting, or Global security settings.
- Navigate to .
- Clear the Secure check box.
- Save your changes.
wsadmin
tool.
To complete the task by using the wsadmin
tool, see Configuring web service client port information using wsadmin scripting and use
the WebServicesClientBindPortInfo
wsadmin
task
option. To complete the task by using the administrative console,
complete the following steps:- Navigate to .
- Click HTTP basic authentication to access the Configuring HTTP basic authentication with the administrative console panel.
- Enter the values in the panel.
- Save your changes to the master configuration.
Making a connection by using a user ID in an authorized group, access is denied when using LDAP
One of the possible causes is the group name, if you are using an Lightweight Directory Access Protocol (LDAP) registry. When you specify the group authorization permissions, the distinguished name (DN) should be used as the group name. If you specify a common name (CN) for the group name users in that group cannot be authorized.
- If you have problem connecting to a service integration bus, see Administering the bus connector role, and remove any groups with CN group names, and replace them with DN group names.
- If you have problem sending a message to a destination, see Administering destination roles, and remove any groups with CN group names, and replace them with DN group names.
- If you have problems sending topics to a topic space, see Administering topic space root roles, and remove any groups with CN group names, and replace them with DN group names.
- For any other problems refer to the appropriate section on Administering authorization permissions on how to modify the group name.