MustGather: Web services security (WS-Security) problems with WebSphere Application Server V6.1, V6.0, V5.1 and V5.0
 Technote (troubleshooting)
 
Problem(Abstract)
MustGather for problems with IBM® WebSphere® Application Server versions 6.1, 6.0, 5.1, and 5.0 using Web services security. Gathering this MustGather information before calling IBM support will help you understand the problem and save time analyzing the data.
 
Resolving the problem

Do you want to automate the collection of MustGather data?
You can automatically collect this data using IBM Support Assistant (ISA) Lite - a special offering that contains the data collector component of the IBM Support Assistant Workbench.

For a full range of problem-solving features, install the IBM Support Assistant Workbench - your support workbench for finding answers and solving problems. The workbench contains all the data collection capability of ISA Lite plus much more!



If you have already contacted support, continue on to the component-specific MustGather information. Otherwise, click: MustGather: Read first for all WebSphere Application Server products.


Web services security (WS-Security) specific MustGather
Web services security problems can be difficult to troubleshoot. In order to help aid problem determination, collect the following:
  1. Provide a simplified test case which demonstrates the problem. Include step-by-step instructions for running the test case. Due to the complex nature of Web services security problems, the fastest way for us to resolve your issue is through a test case.
    If a test case is not available, provide an EAR file from both the Web service provider and Web service client or provide a Project Interchange file exported from Rational® Application Developer.

  2. Clear, specific problem description, including specific usage information and error scenario.

  3. Did this work at one time before changes were made? Please explain.

  4. What is the Web service client (for example, a servlet running on WebSphere Application Server, a standalone Java™ application, .NET client, and so on)?

  5. What is the Web service provider (WebSphere Application Server, .NET, unknown third party)?

  6. Is the failure reported in the logs from the Web service client or the Web service provider?

  7. When does the problem occur?

  8. How often does the problem occur?

  9. Is SSL being used?

  10. Enable Web services security tracing and reproduce the problem. If possible, enable tracing on both the Web service client and the Web service provider:
    • For WebSphere Application Server V6.0 and V6.1:


      a. In the Administrative Console, expand Troubleshooting and select Logs and Trace.


      b. In the Logging and Tracing page, select your server and then Diagnostic Trace.


      c. Ensure that Enable Log is selected.


      d. Under Trace Output, select File, and accept the defaults.


      e. Click OK and save your configuration.


      f. Again expand Troubleshooting and select Logs and Trace.


      g. In the Logging and Tracing page, select your server and then Change Log Detail Levels.


      h. Enter the following trace string:


      For WebSphere Application Server V6.1 JAX-WS and JAX-RPC Web Services applications when Web Services Feature Pack is installed, enter the following trace string:

      *=info: com.ibm.ws.webservices.wssecurity.*=all
      com.ibm.wsspi.wssecurity.*=all
      com.ibm.ws.wssecurity.*=all
      com.ibm.xml.soapsec.*=all
      com.ibm.ws.webservices.trace.*=all
      com.ibm.ws.websvcs.trace.*=all

      For WebSphere Application Server V6.0 and V6.1 JAX-RPC Web Services applications when Web Services Feature Pack is NOT installed, enter the following trace string:

      *=info: com.ibm.ws.webservices.wssecurity.*=all
      com.ibm.wsspi.wssecurity.*=all
      com.ibm.ws.wssecurity.*=all
      com.ibm.xml.soapsec.*=all
      com.ibm.ws.webservices.trace.*=all


      Note: The preceding trace specifications should be entered as 1 line with no breaks or spaces.

      i. Click OK and save your configuration.


      j. Restart the Application server.


      k. Reproduce the problem.

    • For WebSphere Application Server; all releases of V5.0 and V5.1:


      a. In the Administrative Console, expand Troubleshooting and select Logs and Trace.


      b. In the Logging and Tracing page, select your server and then Diagnostic Trace.


      c. Ensure that Enable trace with the following specification is selected.


      d. In the Trace Specification field, enter the following:

      com.ibm.ws.webservices.wssecurity.*=all=enabled
      com.ibm.wsspi.wssecurity.*=all=enabled
      com.ibm.ws.wssecurity.*=all=enabled
      com.ibm.xml.soapsec.*=all=enabled

      Note: The preceding trace specification should be entered as 1 line with no breaks or spaces.

      e. Under Trace Output, select File, and accept the defaults.


      f. Click OK and save your configuration.


      g. Restart the Application server.


      h. Reproduce the problem.

  11. Run the collector tool which will produce a JAR file containing your WebSphere Application Server configuration files, above traces, and other logs that are useful to the WebSphere Application Server support team.
  12. Follow instructions to send diagnostic information to IBM support to send the files mentioned in the preceding steps.

For a listing of all technotes, downloads, and educational materials specific to the Web Services Security component, search the WebSphere Application Server support site.
 
Related information
Submitting information to IBM support
Steps to getting support
MustGather: Read first
Troubleshooting guide
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services Security
Operating system(s): Windows
Software version: 6.1
Software edition:
Reference #: 1199335
IBM Group: Software Group
Modified date: May 23, 2005