WSCP Fails when Security is Enabled on V3.5.4

Technote (FAQ)
Problem
Things to check if the WebSphereŽ Control Program (wscp) tool works before enabling security, but stops working after enabling security.
Solution

Background

The WSCP tool works fine before enabling security. However, after enabling security (which by default enables SSL between the administrative tools and the administrative server) you see the following exceptions:

com.ibm.ejs.sm.client.RepositoryOpException: Failed to create
InitialContext : Error during resolve
at
com.ibm.ejs.sm.ejscp.ClientRepository.<init>(ClientRepository.java:150)
at
com.ibm.ejs.sm.ejscp.EjscpExtension.init(EjscpExtension.java:113)
at tcl.lang.JavaLoadCmd.cmdProc(JavaLoadCmd.java:129)
at tcl.lang.Parser.evalObjv(Parser.java(Compiled Code))
at tcl.lang.Parser.eval2(Parser.java(Compiled Code))
at tcl.lang.Interp.eval(Interp.java:2042)
at tcl.lang.Interp.eval(Interp.java(Compiled Code))
at com.ibm.ejs.sm.ejscp.WscpShell.main(WscpShell.java(Compiled
Code))
Failed to load extension : EjscpExtension
-
The AdminServer runs as non-root.
=============================================================

Here is the scenario:

1. Install WebSphere Application Server.
2. Create a keyring.class for the Application Server following instructions in article 5.5.7.3 of the InfoCenter. We called our keyring the DummyKeyring.class so we didn't have to change property files and the CLASSPATH should already be set correct.
3. Enable global security, forces SSL between the administrative tools and the administrative server.
4. Invoke wscp.sh -> error.

Note: LDAP has nothing to do with the problem.
Fixed the error/problem by changing the setup of the CLASSPATH in wscp.sh like this:

# Setup the classpath
WAS_CP=$WAS_HOME/lib/jacl.jar
WAS_CP=$WAS_CP:$WAS_HOME/properties <-- This line was moved up
WAS_CP=$WAS_CP:$WAS_HOME/lib/tcljava.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/ibmwebas.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/ejscp.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/xml4j.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/ujc.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/ejs.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/console.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/admin.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/repository.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/tasks.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/servlet.jar
WAS_CP=$WAS_CP:$WAS_HOME/lib/sslight.jar
WAS_CP=$WAS_CP:$JAVA_HOME/lib/classes.zip
WAS_CP=$WAS_CP:$JAVA_HOME/lib/tools.jar
export CLASSPATH=$WAS_CP

=============================================================

This error was a result of a combination of using the name 'DummyKeyring' (same as the WebSphere default name) for their keyring, and the difference in classpath settings in WebSphere:

Since they used the name DummyKeyring, they needed to have their version of DummyKeyring in the classpath before ujc.jar where the Application Server version of this file is located. In wscp.bat, properties comes after ujc.jar but in admin.config, it comes before. If a different class name had been used and the sas.server.props and sas.client.props had been updated, they would not have encountered this.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): AIX
Software version: 3.5.4
Reference #: 1047180
IBM Group: Software Group
Modified date: 2003-12-15