PQ85599: A CREDENTIAL FOR XYZ IS BEING CREATED BUT IS NOT AVAILABLE TO BEUSED LATER. MESSAGE ICH408I IS RECEIVED.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
A credential for XYZ is created but is not available to be used
later. Message ICH408I is received.
Local fix
Additional Symtoms:
following message in the JESMSGLG
.
ICH408I USER(ABC ) GROUP(WSCFG1  ) NAME(WASAPPSVR CR)
ChequeImageRole CL(EJBROLE )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )
+BBOO0220E SECJ0129E: Authorization failed for XYZ
while invoking GET on
default_host:/webapp/apps/3m00/ChequeImageWeb/viewServiceInforma
tion.do, Authorization failed, Not granted any of the
ChequeImageRole
.
Trace entry:
.
Trace: 2004/03/01 16:06:01.613 01 t=7C0A60 c=8.1 key=P8
  Description: Log Boss/390 Error
  from filename: ./bbossejb.cpp
  at line: 870
  error message: BBOS0103E
MSG_BBOSENUS_SEC_EJBROLES_CHECK_FAILED:  The
requested EJBROLESAUTHCHECK(RACROUTE) function User ABC
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Message ICH408I is received on the MVS  *
*                      console when Trust Association Inter-   *
*                      ceptor is enabled and Lightweight       *
*                      Third Party Authentication (LTPA) is    *
*                      used as the authentication mechanism.   *
*                      This is the entire message:             *
*                      ICH408I USER(ABC ) GROUP(WSCFG1  )      *
*                      NAME(WASAPPSVR CR) ChequeImageRole      *
*                      CL(EJBROLE ) INSUFFICIENT ACCESS        *
*                      AUTHORITY ACCESS INTENT(READ   )        *
*                      ACCESS ALLOWED(NONE   )                 *
*                      This message is displayed in the        *
*                      SYSPRINT:                               *
*                      +BBOO0220E SECJ0129E: Authorization     *
*                      failed for XYZ while invoking GET on    *
*                      default_host:/webapp/apps/3m00/         *
*                      ChequeImageWeb/viewServiceInformation.  *
*                      do, Authorization failed, Not granted   *
*                      any of the ChequeImageRole              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The server credential was not being saved, therefore the
caller credential was being picked instead.
This trace can be seen in the SYSPRINT:
Trace: 2004/03/01 16:06:01.613 01 t=7C0A60 c=8.1 key=P8
Description: Log Boss/390 Error
from filename: ./bbossejb.cpp  at line: 870
error message: BBOS0103E MSG_BBOSENUS_SEC_EJBROLES_CHECK_FAILED:
The requested EJBROLESAUTHCHECK(RACROUTE) function User ABC
Problem conclusion
Modified the WebAuthenticator authentication method to save the
server credential.

APAR PQ85599 is associated with SERVICE LEVEL W502005 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ85599
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-03-05
Closed date 2004-03-26
Last modified date 2004-04-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ86666    UP04/03/31 P F403

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ85599.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ85599
IBM Group: Software Group
Modified date: Apr 3, 2004