This topic provides a set of specific tips to help you troubleshoot problems you experience when working with a secure service integration bus.
To help you identify and resolve service integration bus security-related problems, use the WebSphere Application Server trace and logging facilities as described in Tracing and logging configuration .
If you encounter a problem that you think might be related to service integration bus security, you can check for error messages in the WebSphere Application Server administrative console, and in the application server SystemOut.log file. You can also enable the application server debug trace to provide a detailed exception dump.
WebSphere system messages are logged from a variety of sources, including application server components and applications. Messages logged by application server components and associated IBM products start with a unique message identifier that indicates the component or application that issued the message. The prefix for the service integration bus security component is CWSII.
For more information about the message identifier format, see the topic Message reference.
The Troubleshooter reference: Messages contains information about all WebSphere Application Server messages, indexed by message prefix. For each message there is an explanation of the problem, and details of any action that you can take to resolve the problem.
SibMessage W [:] CWSIT0009W: A client request failed in the application server with endpoint <endpoint_name> in bus your_bus with reason: CWSIT0016E: The user ID null failed authentication in bus your_bus.
In WebSphere Application Server Version 6, when you use the default messaging provider (service integration technologies) and WebSphere Application Server global security is enabled for the server or cell, then by default the service integration bus queue destination inherits the security characteristics of the server or cell. So if the server or cell has basic authentication enabled, then the client request fails.
One of the possible causes is the group name, if you are using an Lightweight Directory Access Protocol (LDAP) registry. When you specify the group authorization permissions, the distinguished name (DN) should be used as the group name. If you specify a common name (CN) for the group name users in that group cannot be authorized.