Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

j2ee agent 2.2 configuration problem with Websphere Portal 5.1

Hi,

I am trying to configure j2ee agent 2.2 with Websphere Portal server.

I have followed the document "Sun Java SystemAccess Manager

PolicyAgent 2.2 Guide for IBM WebSphere Portal Server 5.1.0.2"

Please see the thread "Problem with Sun's SSO system and Websphere Portal Server integration" for environment related information.

Also the security on app server has been enabled and is talking to LDAP.

My aim here is to enable application server (portal server) to autheticate requests.

I am getting following error when I log into the portal application.

07/03/2007 06:32:16:062 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

AmFilter: now processing: SSO Task Handler

07/03/2007 06:32:16:062 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

SSOTaskHandler: SSO Validation failed for null

07/03/2007 06:32:16:062 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

URLFailoverHelper: Checking if https://apollo.maxnewyorklife.com:443/amserver/UI/Login is available

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

WARNING: URLFailoverHelper: the url https://apollo.maxnewyorklife.com:443/amserver/UI/Login is not available

javax.net.ssl.SSLHandshakeException: unknown certificate

at com.ibm.jsse.bs.a(Unknown Source)

at com.ibm.jsse.bs.startHandshake(Unknown Source)

at com.ibm.net.ssl.www.protocol.https.b.o(Unknown Source)

at com.ibm.net.ssl.www.protocol.https.q.connect(Unknown Source)

at com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(Unknown Source)

at com.sun.identity.agents.common.URLFailoverHelper.isAvailable(URLFailoverHelper. java:190)

at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHel per.java:129)

at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterReque stContext.java:757)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilt erRequestContext.java:285)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilt erRequestContext.java:258)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmF ilterRequestContext.java:363)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmF ilterRequestContext.java:345)

at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:21 0)

at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)

at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:189)

at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)

at com.sun.identity.agents.websphere.AmIdentityAsserterBase.processRequest(AmIdent ityAsserterBase.java:195)

at com.sun.identity.agents.websphere.AmTrustAssociationInterceptor.negotiateValida teandEstablishTrust(AmTrustAssociationInterceptor.java:91)

at com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablishedTrust(TAIWrap per.java:101)

at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticato r.java:191)

at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:928 )

at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:531)

at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:26 2)

at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecur ityCollaborator.java:132)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:506)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:246)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

URLFailoverHelper: disconnected the connection for availability check

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

ERROR: URLFailoverHelper: No URL is available at this time

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

ERROR: AmFilter: Error while delegating to inbound handler: SSO Task Handler, access will be denied

[AgentException Stack]

com.sun.identity.agents.arch.AgentException: No URL is available at this time

at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHel per.java:133)

at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterReque stContext.java:757)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilt erRequestContext.java:285)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectURL(AmFilt erRequestContext.java:258)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmF ilterRequestContext.java:363)

at com.sun.identity.agents.filter.AmFilterRequestContext.getAuthRedirectResult(AmF ilterRequestContext.java:345)

at com.sun.identity.agents.filter.SSOTaskHandler.doSSOLogin(SSOTaskHandler.java:21 0)

at com.sun.identity.agents.filter.SSOTaskHandler.process(SSOTaskHandler.java:98)

at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:189)

at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)

at com.sun.identity.agents.websphere.AmIdentityAsserterBase.processRequest(AmIdent ityAsserterBase.java:195)

at com.sun.identity.agents.websphere.AmTrustAssociationInterceptor.negotiateValida teandEstablishTrust(AmTrustAssociationInterceptor.java:91)

at com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablishedTrust(TAIWrap per.java:101)

at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticato r.java:191)

at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:928 )

at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:531)

at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:26 2)

at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecur ityCollaborator.java:132)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDi spatcher.java:506)

at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDis patcher.java:208)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:134)

at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.ja va:321)

at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(Cach edInvocation.java:71)

at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletReques tProcessor.java:246)

at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.j ava:334)

at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:5 6)

at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)

at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:936)

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

AmFilter: result =>

--

FilterResult:

Status: FORBIDDEN

RedirectURL: null

RequestHelper:

null

Data:

null

--

07/03/2007 06:32:16:078 PM IST: Thread[Servlet.Engine.Transports : 1,5,main]

AmIdentityAsserter: result => TAIResult: status: 403, principal: null, subject: null

From whatever analysis I have done so far, I believe this issue is related to the personal certificate for sun one webserver (on which access manager & LDAP are installed) not registered with the application server (portal server).

I am not sure about the way I go by solving the issue.

Please can anybody help me out.

Thanks,

Yaseer

Message was edited by:

yazee

Message was edited by:

yazee

[9080 byte] By [yazeea] at [2007-11-27 9:45:29]
«« sending mail programatically
»» Passing values between frames...
# 1
Try to import the self signed cert into the WebSphere JVM keystore.
Aaron_Andersona at 2007-7-12 23:54:11 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2
I am not aware about all this......How do I know which self signed certificate needs to be imported, where do I import it from and how do I import it?
yazeea at 2007-7-12 23:54:11 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

Here are two options:

1. Set the naming.url to http instead of https so the agent communicates with the amserver over clear text.

2. Import the SSL cert from the Access Manager webserver into the agents cert store. This article may help you

http://java.sys-con.com/read/216388.htm

I don't know what type of environment Access Manager is installed in so I could not give you the exact commands.

Aaron_Andersona at 2007-7-12 23:54:11 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4

Don't recall the exact string, but AMConfig.properties has an option where you can set trustSSLcerts to true, which effectively uses SSL only for encryption, and does not depend on hostname verification, etc.

This setting is not recommended in a production environment.

You can drop me an email at ankush [DOT] kapoor [at] iamcg [DOT] net for clarity.

Ankush

ankushkapoora at 2007-7-12 23:54:11 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified