Intermittent authentication and authorization failures with WebSphere 4.0x and Domino R5 LDAP server
 Technote (FAQ)
 
Problem
Customers may experience intermittent, random authentication and authorization failures by legitimate users attempting to access a secured web site when WebSphere 4.0x is configured with Domino 5.x as the LDAP server
 
Cause
Customers may experience intermittent, random authentication and authorization failures by legitimate users attempting to access a secured web site when WebSphere 4.0x is configured with Domino 5.x as the LDAP server. The solution given below may apply if:

The errors are more frequent when more users are concurrently accessing the application server

The errors appear, or appear more frequently, on a multiple-CPU system

The application or administrative log files include some or all of the following errors:

  • CNTR0019E: Non-application exception occurred while processing method findByPrivilegeAttributeId: java.lang.NullPointerException
  • CNTR0020E: Non-application exception occurred while processing method getDisplayName on bean BeanId(admin#repository.jar#userRegistryEntry, com.ibm.ejs.security.registry.RegistryEntryPrimaryKey@80a0b24d): java.lang.NullPointerException (method name in error message may vary)
  • SECJ0129A: Authorization failed for JDoe while invoking POST on myhost:/MyWebApp/myPage.jsp, Authorization failed, Not granted any of the required roles: My Defined User Role (Host name, web application name, user name and role name(s) will vary. Bear in mind that this message is legitimate if a user does not have authority to access the target resource).
  • SECJ0055A: Authentication failed for johndoe (User name will vary. Bear in mind that this message is legitimate if the user is not listed in the LDAP registry or does not supply the valid password. )
 
Solution
These errors may be caused by defects in the WebSphere Application Server and Domino R5 directory server products relating to multithreading. Resolution:
If using Domino R5, upgrade to Domino R6. R5 contains logic which may terminate LDAP connections which are still active, triggering problems in WebSphere security.

If using WebSphere 4.05 or earlier, upgrade to WebSphere 4.06 and apply the cumulative security fix for WebSphere 4.0, available from the WebSphere Application Server support site. The 4.06 maintenance upgrade and the security fix contain corrections to multithreading defects which can cause the errors listed above.

 
 
Product Alias/Synonym
was
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1114561
IBM Group: Software Group
Modified date: Jul 15, 2003