IBM Support

DASH users with admin roles suddenly unable to log into WAS Admin Console

Troubleshooting


Problem

Users that had previously been able to log into the WAS Admin Console for the Dashboard Application Services Hub (DASH) component of Jazz for Service Management (JazzSM) are getting "Invalid username or password" messages when trying to log in.

Symptom

The issue surfaced while trying to configure SSO

Cause

The realm name for the Federated Repository in DASH was changed but the requisite updates to the admin-authz.xml entries did not occur. The reason the updates did not occur is unknown.

Diagnosing The Problem

Review the <JazzSM home>/profile/logs/server1/SystemOut.log messages from around the failed login attempt to see if the following message is present:

###
[2/19/15 14:05:43:318 CST] 000001b0 WebCollaborat A   SECJ0129E: Authorization failed for user <userID:<realm name> while invoking GET on admin_host:/ibm/console/secure/securelogon.do, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody
###

Compare the realm name given in the above error with the user ID entries in the <Jazz SM Home>/profile/config/cells/JazzSMNode01Cell/admin-authz.xml file. The entries in the file look like:

###
<users xmi:id="UserExt_1424454565226" name="test" accessId="user:<realm name>/uid=test,o=defaultWIMFileBasedRealm"/>
###

Resolving The Problem

  1. Disable security. Instructions for disabling security when logins to the Admin Console are not working are available here:
    http://www.ibm.com/support/docview.wss?uid=swg21697809
  2. Revert the realm name change. (Security > Global Security, and click on the "Configure" button next to the "Available Realm Definitions" drop-down.)
  3. Enable security. (See step 6 from the technical note in step 1)
  4. Restart the DASH instance.
  5. Log into the Websphere Admin Console and remove admin roles in the console for all users. (Users and Groups > Administrative User Roles)
  6. Change the realm name again to the new realm name. (Security > Global Security, and click on the "Configure" button next to the "Available Realm Definitions" drop-down)
  7. Restart the DASH instance.
  8. As the primary admin user, log back into the admin console and assign admin roles again. (Users and Groups > Administrative User Roles)

User admin console access should work with the new realm name in place.

[{"Product":{"code":"SSRLR8","label":"Tivoli Components"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Jazz for Service Management","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.0.1;1.1.0.2;1.1.0.3;1.1.1.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018

UID

swg21697498

Page Feedback