SECJ0321E BBOO0220E received when attempting to login into the Administrative Console with ICSF enabled
 Technote (FAQ)
 
Problem
You brought up WebSphere® Application Server with Global Security enabled, and Java™ security disabled and experienced the following error message during login.

BBOO0220E SECJ0321E: Role based authorization is caller in role
failed for security name xxxx/WSADMIN, accessId user:xxxx/WSADMIN,
and role name monitor.

You had the following security setup:

Authentication Mechanisms: ICSF
The Encryption Crypto Key is present
Inter orb mode is : on.
User Registry is local OS (RACF as security product)
Active Protocol: CSI and zSAS
security.zOS.domain name NOT set.
com.ibm.security.SAF.authorization: false
com.ibm.security.SAF.delegation: false
 
Cause
You were using RACF® for authentication, but the following variables were incorrectly set to false.

com.ibm.security.SAF.authorization: false
com.ibm.security.SAF.delegation: false

 
Solution
Set the above variables to TRUE when using SAF security. In this scenario, SAF security was used to perform the role checks in RACF.
 
 
Historical Number
01404
035
724
 
 


Document Information


Current web document: swg21198803.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Security
Operating system(s): z/OS
Software version: 5.1
Software edition:
Reference #: 1198803
IBM Group: Software Group
Modified date: Feb 23, 2005