Explanation | The method caught an exception that is most likely an internal error. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: http://www.ibm.com/software/webservers/appserv/was/support/ WebSphere Application Server for z/OS Support page: http://www.ibm.com/software/webservers/appserv/zos_os390/support/ . |
Explanation | The JASPIC callback handler of the WorkManager failed to populate the principal or custom credentials of the execution subject because an exception occurred while processing the JASPIC callbacks supplied by the resource adapter. |
Action | Check the FFDC and server logs that were emitted immediately prior to message J2CA0672E to determine the cause. If the cause cannot be determined from the prior error messages, collect diagnostic data and visit the IBM support web site for more information. |
Explanation | The WorkManager encountered a problem while establishing and setting up the security context for the inbound Work request. |
Action | Check the FFDC and server logs for messages J2CA0668E and J2CA0669E to determine the cause. |
Explanation | The WorkManager encountered an exception while handling the JASPIC callbacks provided by the resource adapter within the transferred security context. The exception can be of the following cases: 1) A CallerPrincipalCallback provided a principal with a user name that does not exist in the user registry. 2) A PasswordValidationCallback provided a invalid user name or password. 3) A CallerPrincipalCallback and a PasswordValidationCallback provided different user names. 4) The resource adapter provided a callback that the application server does not currently support. 5) The resource adapter provided more than one CallerPrincipalCallback. 6) The WorkManager encountered an unexpected error. |
Action | If the exception message has an error code then check the user action for that error code. If the exception is an UnsupportedCallbackException then contact the resource adapter vendor because the JASPIC callback handler of the WorkManager does not currently support the provided callback. If the exception is not any of the problems mentioned, collect diagnostic data and refer to the IBM support site for additional information. |
Explanation | The instance of the execution subject provided by the WorkManager to establish the security context of the Work instance is not the same instance obtained from the respective callback. The WorkManager ignored the subject obtained from the callback and continued to establish the security context using the instance it provided. |
Action | Contact the resource adapter vendor to modify the JASPIC callback's getSubject() method to return the execution subject provided to the SecurityContext instance through the call to method setupSecurityContext. |
Explanation | The user name and password do not exist in the user registry of the realm that is configured for the security domain associated with the application. |
Action | Configure the resource adapter and enterprise information system to use a valid user name and password. |
Explanation | User names provided by the PasswordValidationCallback and the CallerPrincipalCallback must match. |
Action | Contact the resource adapter vendor and the system administrator to ensure that the resource adapter is designed and configured to return the same user name from the two callbacks. |
Explanation | The security context transferred with the work instance provided a group name that does not exist in the realm (user registry) of the security domain associated to the application. The WorkManager obtained the invalid group name from an instance of a JASPIC GroupPrincipalCallback, whenever an instance is supplied by the resource adapter. |
Action | Check if the group is from the same realm by confirming the group existence in the user registry for that realm.If the group is from a different realm, contact the resource adapter vendor because the WorkManager does not support groups from different realms. |
Explanation | The security context transferred with the work instance provided a user that does not belong to any of the groups defined in the user registry. |
Action | There is no user action required. |
Explanation | The WorkManager was not able to validate the user name and password that is provided by the PasswordValidationCallback because of a CustomRegistryException. This exception is caused by an invalid password or a problem with the user registry for that application realm. |
Action | If the cause of the CustomRegistryException is an invalid password, configure the resource adapter or enterprise information system to use a valid user name and password combination. Otherwise resolve the problem with the user registry. |