|
| Problem | When starting up the administrative server, Administrative Console, or other Java™ client, you receive the following error message:
- For V3.5: "Authorization failed for / while invoking (Home) ClientAccessHome"
- For V4.0: "Authorization failed for /UNAUTHENTICATED while invoking (Home)ClientAccessHome"
| | | | Solution | The following error shows up in the tracefile:
For releases of WebSphere Application Server V3.5
Creating unauthenticated BasicAuth credentials.
3438> Thu Apr 19 09:56:45 CDT 2001 - PrincipalAuthenticatorImpl.createUnauthenticatedCred, Thread[Pooled
ORB request dispatch WorkerThread,5,ORB thread pool]:
Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for / while invoking(Home)ClientAccessHome create
For releases of WebSphere Application Server V4.0, V5.x
Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for /UNAUTHENTICATED while invoking(Home)ClientAccessHome
create
There are a number of things that can cause these messages
- If you get this exception when starting up the administrative server this might be as a result of running the server asnon-rootand using the registry of the local operating system instead of using LDAP. In WebSphere® Application Server V3.5.2 and earlier, a bug existed that allowed you to use the local operating system; however, this has been fixed.
- If the administrative server starts without any problems, but when you try to start the Administrative Console or other Java™ client you get the Authorization failed for / messages, check to insure that the sas.client.props file has the following setting:
com.ibm.CORBA.securityEnabled=true
Also make sure you are using the same SSL key ring and password.
For example: com.ibm.CORBA.SSLKeyRingPassword=WebAS
com.ibm.CORBA.SSLKeyRing=com.ibm.websphere.DummyKeyring
- If there is a space character "" after:
com.ibm.CORBA.securityEnabled=true
in the sas.client.props file, the administrative client fails to see the true and defaults to false. This is a bug.
Other things to look for
- Check that the sas.client.props is using the same SSLServerKeyRing and SSLServerKeyRingPassword password.
For example: com.ibm.CORBA.SSLServerKeyRing=com.ibm.websphere.DummyKeyring
com.ibm.CORBA.SSLServerKeyRingPassword=WebAS
- Check that the sas.server.props is using the same SSLClientKeyRing and SSLClientKeyRingPassword.
For example: com.ibm.CORBA.SSLClientKeyRingPassword=WebAS
com.ibm.CORBA.SSLClientKeyRing=com.ibm.websphere.DummyKeyring
- Also check that the ConfigURL syntax is correct in the setupCmdLine.bat file for Windows®.
For example: SET CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
WebSphere/AppServer/properties/sas.client.props
SET SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
WebSphere/AppServer/properties/sas.server.props
orsetupCmdLine.sh for UNIX®:
For example: CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
/AppServer/properties/sas.client.props
export CLIENTSAS
SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
/AppServer/properties/sas.server.props
export SERVERSAS
| |
| |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Administrative Console (all non-scripting) Operating system(s): Multi-Platform Software version: 3.5, 4.0, 5.0 Software edition: Standard, Advanced Reference #: 1030480 IBM Group: Software Group Modified date: 2004-04-23
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|