Authorization failure when starting the administrative server, Administrative Console, or other Java client
 Technote (troubleshooting)
 
Problem(Abstract)
When starting up the administrative server, Administrative Console, or other Java™ client, you receive the following error message:

  • For V3.5: "Authorization failed for / while invoking (Home) ClientAccessHome"

  • For V4.0: "Authorization failed for /UNAUTHENTICATED while invoking (Home)ClientAccessHome"

 
Resolving the problem
The following error shows up in the tracefile:

For releases of WebSphere Application Server V3.5

Creating unauthenticated BasicAuth credentials.
3438> Thu Apr 19 09:56:45 CDT 2001 - PrincipalAuthenticatorImpl.createUnauthenticatedCred, Thread[Pooled
ORB request dispatch WorkerThread,5,ORB thread pool]:
Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for / while invoking(Home)ClientAccessHome create


For releases of WebSphere Application Server V4.0, V5.x

Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for /UNAUTHENTICATED while invoking(Home)ClientAccessHome
create


There are a number of things that can cause these messages:
  1. If you get this exception when starting up the administrative server this might be as a result of running the server as non-root and using the registry of the local operating system instead of using LDAP. In WebSphere® Application Server V3.5.2 and earlier, a bug existed that allowed you to use the local operating system; however, this has been fixed.

  2. If the administrative server starts without any problems, but when you try to start the Administrative Console or other Java™ client you get the Authorization failed for / messages, check to insure that the sas.client.props file has the following setting:

    com.ibm.CORBA.securityEnabled=true

    Also make sure you are using the same SSL key ring and password.

    For example:
    com.ibm.CORBA.SSLKeyRingPassword=WebAS
    com.ibm.CORBA.SSLKeyRing=com.ibm.websphere.DummyKeyring

  3. If there is a space character " " after:

    com.ibm.CORBA.securityEnabled=true

    in the sas.client.props file, the administrative client fails to see the true and defaults to false. This is a bug.

Other things to look for
  • Check that the sas.client.props is using the same SSLServerKeyRing and SSLServerKeyRingPassword password.

    For example:
    com.ibm.CORBA.SSLServerKeyRing=com.ibm.websphere.DummyKeyring
    com.ibm.CORBA.SSLServerKeyRingPassword=WebAS


  • Check that the sas.server.props is using the same SSLClientKeyRing and SSLClientKeyRingPassword.

    For example:
    com.ibm.CORBA.SSLClientKeyRingPassword=WebAS
    com.ibm.CORBA.SSLClientKeyRing=com.ibm.websphere.DummyKeyring


  • Also check that the ConfigURL syntax is correct in the setupCmdLine.bat file for Windows®.

    For example:
    SET CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
    WebSphere/AppServer/properties/sas.client.props
    SET SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
    WebSphere/AppServer/properties/sas.server.props


    or setupCmdLine.sh for UNIX®:

    For example:
    CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
    /AppServer/properties/sas.client.props
    export CLIENTSAS
    SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
    /AppServer/properties/sas.server.props
    export SERVERSAS
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Administrative Console (all non-scripting)
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1030480
IBM Group: Software Group
Modified date: Sep 20, 2004