It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×7,424
×6,018
×4,303
×267

question asked: May 14 '13, 11:08 a.m.
question was seen: 6,560 times
last updated: May 14 '13, 3:13 p.m.

Related questions

Problem after upgrading 3.0.1 to 4.0

0
Kevin Lou (312125) | asked May 14 '13, 11:08 a.m.
edited May 14 '13, 11:14 a.m.
I upgraded our RTC server from 3.0.1 to 4.0 (JTS and CCM). But I am experiencing a very serious problem - Whenever I started the JTS and CCM applications, my account (we are using LDAP registry for authorization) get locked because so many attempts of trying the incorrect password. It seems that the problem is only in my account and not affecting anyone else.

Also, I looked at the server exception log and noticed the following: 

Index  Count  Time of first Occurrence    Time of last Occurrence     Exception SourceId ProbeId


------+------+---------------------------+---------------------------+---------------------------


     0  56856     5/14/13 9:39:01:921 EDT    5/14/13 10:51:24:094 EDT com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.token.WSCredentialTokenMapper.createPropagationTokenBeforeAuthenticatedCallerSet 1468 C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\ffdc\server1_16c416c4_13.05.14_09.39.02.3281147744386692198751.txt


     1  56856     5/14/13 9:39:02:312 EDT    5/14/13 10:51:24:094 EDT com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.auth.ContextManagerImpl.getSubjectFromDynaCacheOrOriginatingServer 1869 C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\ffdc\server1_14581458_13.05.14_09.39.02.328498045907501249434.txt


     2  56856     5/14/13 9:39:02:312 EDT    5/14/13 10:51:24:094 EDT com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.auth.ContextManagerImpl.login 3633 C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\ffdc\server1_2f102f1_13.05.14_09.39.02.3284635742791088745212.txt


     3  56856     5/14/13 9:39:02:421 EDT    5/14/13 10:51:24:094 EDT com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.web.WebAuthenticator.validate 3876 C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\ffdc\server1_16c416c4_13.05.14_09.39.02.4214369991234556644993.txt

There are "WSLoginFailedException " every few seconds. And it seems to me that is related to my account being locked.

Does anyone have idea what is going wrong and how to resolve it?
Comments
Bo Chulindra commented May 14 '13, 11:14 a.m.
JAZZ DEVELOPER

I have seen times when the RTC client has invalid credentials stored and it will try to connect several times with the invalid credentials. This can cause a lockout. Is it possible that this is what you are seeing?

Kevin Lou commented May 14 '13, 11:19 a.m.

Hi Bo, Thanks for the quick response. I believe that is not because of the invalid credentials stored in the client. Since 1) I did not changed PW in last 2 months and everything works fine until the server upgrade and 2) I have made sure that I exited all the running clients. I still think it is related to the "WSLoginFailedException" that happens every few seconds.

Indradri Basu commented May 14 '13, 1:47 p.m.

may be you can try this...right click on the repository connection > properties. Select Jazz Repository Server and turn off the Remember Password and Automatic login check boxes and restart you eclipse client. Observer for sometime if it has locked your account. If your account is still getting locked then there could be something else that is causing this.

Josh Crawford commented May 14 '13, 1:59 p.m.

Hi Kevin,  it might actually be interesting to see the exception in the ffdc log itself.  There might be an Ldap code which would help to better understand the issue.  

Kevin Lou commented May 14 '13, 2:40 p.m.

Hi Indradri.. In fact, I don't have any client opened so I believe this is a pure server side issue.

Indradri Basu commented May 14 '13, 3:13 p.m.

interesting..if this is not the client then you may want to find out where else your id is used which may try to validate your id against ldap at a regular interval? Also check in the systemout.log if authentication failed message is appearing there repeatedly. If not then there might be something else causing this

showing 5 of 6 show 1 more comments

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Kevin Lou (312125) | answered May 14 '13, 2:25 p.m.
edited May 14 '13, 2:40 p.m.
[5/14/13 9:39:02:421 EDT]     FFDC Exception:com.ibm.websphere.security.auth.WSLoginFailedException SourceId:com.ibm.ws.security.web.WebAuthenticator.validate ProbeId:3876 Reporter:com.ibm.ws.security.web.WebAuthenticator@59145914
com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
    at com.ibm.ws.security.ltpa.LTPAServerObject.validateToken(LTPAServerObject.java:1162)
    at com.ibm.ws.security.ltpa.LTPAServerObject.validateToken(LTPAServerObject.java:1079)
    at com.ibm.ws.security.token.WSCredentialTokenMapper.validateLTPAToken(WSCredentialTokenMapper.java:1417)
    at com.ibm.ws.security.auth.ContextManagerImpl.getOpaqueTokenFromCacheOrOriginatingServer(ContextManagerImpl.java:1731)
    at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3424)
    at com.ibm.ws.security.web.WebAuthenticator.validate(WebAuthenticator.java:3688)
    at com.ibm.ws.security.web.WebAuthenticator.validate(WebAuthenticator.java:3633)
    at com.ibm.ws.security.web.WebAuthenticator.validateCookie(WebAuthenticator.java:1243)
    at com.ibm.ws.security.web.WebAuthenticator.handleSSO(WebAuthenticator.java:1133)
    at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:3278)
    at com.ibm.ws.security.web.WebCollaborator.SetAuthenticatedSubjectIfNeeded(WebCollaborator.java:3562)
    at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:763)
    at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:403)
    at com.ibm.ws.webcontainer.collaborator.WebAppSecurityCollaboratorImpl.preInvoke(WebAppSecurityCollaboratorImpl.java:237)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:653)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:276)
    at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1049)
    at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:643)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)

==> Performing default dump from com.ibm.ws.security.core.SecurityDM :Tue May 14 09:39:02 EDT 2013
com.ibm.ws.security.config.SecurityConfigImpl@55815581 C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells/CYSPOSVSPAAP001Node01Cell/security.xml  (admin) :com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultsecurityconfig] obtained.:
The dynamic JAAS login configuration is:
com.ibm.ws.security.auth.login.Configuration: Dumping JAAS Configuration
JAAS file configuration data:
system.RMI_OUTBOUND {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule"   ;
};
system.wss.generate.sct {
    com.ibm.ws.wssecurity.wssapi.token.impl.SCTGenerateLoginModule  required   ;
};
DefaultPrincipalMapping {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"   ;
};
system.wss.consume.ltpa {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAConsumeLoginModule  required   ;
};
system.wss.consume.KRB5BST {
    com.ibm.ws.wssecurity.wssapi.token.impl.KRBConsumeLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule  required   ;
};
system.wss.consume.ltpaProp {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationConsumeLoginModule  required   ;
};
system.wss.generate.pkcs7 {
    com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7GenerateLoginModule  required   ;
};
system.wssecurity.X509BST {
    com.ibm.wsspi.wssecurity.auth.module.X509LoginModule  required   ;
};
system.wss.consume.pkiPath {
    com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathConsumeLoginModule  required   ;
};
system.wss.consume.x509 {
    com.ibm.ws.wssecurity.wssapi.token.impl.X509ConsumeLoginModule  required   ;
};
system.WEB_INBOUND {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule"   ;
};
system.WSS_OUTBOUND {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule"   ;
};
system.wss.consume.sct {
    com.ibm.ws.wssecurity.wssapi.token.impl.SCTConsumeLoginModule  required   ;
};
system.wssecurity.Signature {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule"   ;
};
system.wssecurity.IDAssertionUsernameToken {
    com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule  required   ;
};
system.wssecurity.UsernameToken {
    com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule  required   ;
};
system.DESERIALIZE_ASYNCH_CONTEXT {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.wss.generate.ltpa {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule  required   ;
};
system.wss.generate.ltpaProp {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationGenerateLoginModule  required   ;
};
system.wssecurity.PkiPath {
    com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule  required   ;
};
system.wss.inbound.propagation {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule  required   ;
};
system.wss.auth.sts {
    com.ibm.ws.wssecurity.impl.auth.module.STSDefaultLoginModule  required   ;
};
system.wss.generate.x509 {
    com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule  required   ;
};
system.RMI_INBOUND {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule"   ;
};
system.WSS_INBOUND {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule"   ;
};
JAASClient {
    com.ibm.security.auth.module.Krb5LoginModule  required
       noAddress="true"
       tryFirstPass="true"
       useDefaultCcache="false"
       forwardable="true"
       credsType="both"   ;
};
system.wssecurity.KRB5BST {
    com.ibm.wsspi.wssecurity.auth.module.KRBLoginModule  required   ;
};
system.wss.generate.unt {
    com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule  required   ;
};
system.LTPA {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
};
system.wss.caller {
    com.ibm.ws.wssecurity.impl.auth.module.PreCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.UNTCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.X509CallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.LTPACallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.LTPAPropagationCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.KRBCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.WSWSSLoginModule  required   ;
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.DEFAULT {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule"   ;
};
system.wss.consume.pkcs7 {
    com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7ConsumeLoginModule  required   ;
};
system.wss.generate.KRB5BST {
    com.ibm.ws.wssecurity.wssapi.token.impl.KRBGenerateLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule  required   ;
};
WSLogin {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
       use_realm_callback="false"
       use_appcontext_callback="false"   ;
};
system.SWAM {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.swamLoginModule"   ;
};
system.wss.generate.pkiPath {
    com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathGenerateLoginModule  required   ;
};
system.wss.consume.unt {
    com.ibm.ws.wssecurity.wssapi.token.impl.UNTConsumeLoginModule  required   ;
};
JaasClient {
    com.ibm.security.auth.module.Krb5LoginModule  required
       noAddress="true"
       tryFirstPass="true"
       useDefaultCcache="false"
       forwardable="true"
       credsType="both"   ;
};
system.wssecurity.IDAssertion {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule"   ;
};
system.wss.inbound.deserialize {
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssLtpaLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssMapDefaultInboundLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule  required   ;
};
system.wssecurity.PKCS7 {
    com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule  required   ;
};

JAAS WCCM configuration data:
system.RMI_OUTBOUND {
    com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule  required   ;
};
DefaultPrincipalMapping {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"   ;
};
system.wss.generate.sct {
    com.ibm.ws.wssecurity.wssapi.token.impl.SCTGenerateLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule  required   ;
};
system.wss.consume.ltpa {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAConsumeLoginModule  required   ;
};
system.wss.consume.KRB5BST {
    com.ibm.ws.wssecurity.wssapi.token.impl.KRBConsumeLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule  required   ;
};
system.wss.consume.ltpaProp {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationConsumeLoginModule  required   ;
};
system.wss.generate.pkcs7 {
    com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7GenerateLoginModule  required   ;
};
system.wssecurity.X509BST {
    com.ibm.wsspi.wssecurity.auth.module.X509LoginModule  required   ;
};
system.wss.consume.pkiPath {
    com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathConsumeLoginModule  required   ;
};
system.wss.consume.x509 {
    com.ibm.ws.wssecurity.wssapi.token.impl.X509ConsumeLoginModule  required   ;
};
system.WEB_INBOUND {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.WSS_OUTBOUND {
    com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule  required   ;
};
system.wss.consume.sct {
    com.ibm.ws.wssecurity.wssapi.token.impl.SCTConsumeLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule  required   ;
};
system.wssecurity.Signature {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule"   ;
};
system.wssecurity.IDAssertionUsernameToken {
    com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule  required   ;
};
system.wssecurity.UsernameToken {
    com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule  required   ;
};
system.KRB5 {
    com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper  required
       storeSharedStateCredentials="true"
       noAddress="true"
       tryFirstPass="true"
       renewable="true"
       refreshKrb5Config="true"
       forwardable="true"
       credsType="both"   ;
    com.ibm.ws.security.auth.kerberos.WSKrb5LoginModule  required   ;
};
system.DESERIALIZE_ASYNCH_CONTEXT {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required
       com.ibm.ws.security.context.renewToken="true"   ;
};
system.wss.generate.ltpa {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule  required   ;
};
system.wss.generate.ltpaProp {
    com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationGenerateLoginModule  required   ;
};
system.wssecurity.PkiPath {
    com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule  required   ;
};
system.wss.inbound.propagation {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule  required   ;
};
system.wss.auth.sts {
    com.ibm.ws.wssecurity.impl.auth.module.STSDefaultLoginModule  required   ;
};
system.wss.generate.x509 {
    com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule  required   ;
};
system.RMI_INBOUND {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.LTPA_WEB {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.web.AuthenLoginModule"   ;
};
system.WSS_INBOUND {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
WSKRB5Login {
    com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapperClient  required
       storeSharedStateCredentials="true"
       tryFirstPass="false"
       refreshKrb5Config="true"
       useFirstPass="true"
       credsType="INITIATOR"   ;
};
KerberosMapping {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"   ;
};
ClientContainer {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl"   ;
};
system.wssecurity.KRB5BST {
    com.ibm.wsspi.wssecurity.auth.module.KRBLoginModule  required   ;
};
system.wss.generate.unt {
    com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule  required   ;
};
system.LTPA {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.ltpaLoginModule"   ;
};
system.wss.caller {
    com.ibm.ws.wssecurity.impl.auth.module.PreCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.UNTCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.X509CallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.LTPACallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.LTPAPropagationCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.KRBCallerLoginModule  required   ;
    com.ibm.ws.wssecurity.impl.auth.module.WSWSSLoginModule  required   ;
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.DEFAULT {
    com.ibm.ws.security.server.lm.ltpaLoginModule  required   ;
    com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule  required   ;
};
system.wss.consume.pkcs7 {
    com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7ConsumeLoginModule  required   ;
};
system.wss.generate.KRB5BST {
    com.ibm.ws.wssecurity.wssapi.token.impl.KRBGenerateLoginModule  required   ;
    com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule  required   ;
};
WSLogin {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
       use_realm_callback="false"
       use_appcontext_callback="false"   ;
};
system.SWAM {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.server.lm.swamLoginModule"   ;
};
system.wss.generate.pkiPath {
    com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathGenerateLoginModule  required   ;
};
system.wss.consume.unt {
    com.ibm.ws.wssecurity.wssapi.token.impl.UNTConsumeLoginModule  required   ;
};
system.wssecurity.IDAssertion {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule"   ;
};
system.wss.inbound.deserialize {
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssLtpaLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssMapDefaultInboundLoginModule  required   ;
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule  required   ;
};
TrustedConnectionMapping {
    com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy  required
       delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"
       useTrustedConnection="true"   ;
};
system.wssecurity.PKCS7 {
    com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule  required   ;
};

:com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultjaasconfig] obtained.:
==> Dump complete for com.ibm.ws.security.core.SecurityDM :Tue May 14 09:39:02 EDT 2013

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.