PQ91754: Empty SSO domain name causes many security exceptions on server startup | |||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description On a 5.1.1 system, when the SSO domain name is left blank many security errors are thrown during server startup, such as: [7/12/04 14:51:40:353 BST] 5fcd9532 WebAttributes W SECJ0084W: Error while initializing security web configuration. The exception is java.lang.NullPointerException [7/12/04 14:51:40:381 BST] 5fcd9532 FormLoginServ E SECJ0119E: Error getting the web app information for form login. The exception is java.lang.RuntimeException These happen before the open for e-business message. After that message, these errors are thrown: [7/12/04 17:17:31:725 BST] 33269533 LdapRegistryI E SECJ0336E: Authentication failed for user <username> because of the following exception javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] [7/12/04 17:17:31:819 BST] 33269533 LdapRegistryI E SECJ0336E: Authentication failed for user <username> because of the following exception [7/12/04 17:17:31:901 BST] 33269533 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is . [7/12/04 17:17:32:015 BST] 33269533 JaasLoginHelp A SECJ0222E: An unexpected exception occurred when trying to create a LoginContext. The LoginModule alias is system.DEFAULT and the exception is . [7/12/04 17:17:32:101 BST] 33269533 RoleBasedAuth E SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method getProcessType on resource Server and module Server. The stack trace is java.lang.Exception: dump thread stack for debugging [7/12/04 17:17:32:126 BST] 33269533 RoleBasedAuth A SECJ0305I: Role based authorization check failed for security name <null>, accessId no_cred_no_access_id while invoking method getProcessType on resource Server and module Server. [7/13/04 10:30:05:324 BST] 2b009533 WebContainer W SRVE0017W: Web Group not found: admin_host/FileTransfer [7/13/04 10:30:05:347 BST] 2b009533 OSEListenerDi E PLGN0021E: Servlet Request Processor Exception: Virtual Host/WebGroup Not Found : The web group admin_host/FileTransfer has not been defined Problem was reported on a 5.1.1 Network Deployment system.Local fix This has been identified as a problem with having a blank domain name in the SSO domain name configuration. A blank domain name is allowed, but it is throwing these errors on 5.1.1. To work around the problem, enter a valid domain name or use the text string UseDomainFromURL as the domain name.Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security and Single Sign On * * (SSO) but left the SSO Domain empty. * **************************************************************** * PROBLEM DESCRIPTION: On some systems, a SECJ0084W will * * occur repeatedly in the system.out * * log. * **************************************************************** * RECOMMENDATION: * **************************************************************** On some systems, a SECJ0084W will occur repeatedly in the system.out log. A stack trace similar to the following will also be seen in the logs: java.lang.NullPointerException at com.ibm.ws.security.web.WebAttributes.initializeConfig (WebAttributes.java:651) at com.ibm.ws.security.web.WebAttributes.<init> (WebAttributes.java:116) at ... The error was caused by the absence of the ssoDomain attribute in the security configuration file security.xml. This absence cased a null value to be returned when a non-null value was expected.Problem conclusion Configure an SSO domain. If a blank value is what is ultimately desired, configure a non-blank SSO domain, apply then save the changes, then configure a blank domain and apply then save the changes. This will save the ssoDomain attribute in security.xml.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 10A
Software edition:
Reference #: PQ91754
IBM Group: Software Group
Modified date: Aug 9, 2004
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.