How to debug single sign-on in Websphere 7.0.0.29 when it's not working?
Hi,
We're evaluating using WAS for the application server. Currently all our deployments are using Tomcat.
I set up JTS and CCM 4.0.1 on one server with WAS 7.0.0.27 and RQM 4.0.1 on a second server with WAS 7.0.0.29. The back-end DB is DB2 and is on the first server. I went through jts/setup and that went successful.
I'm now trying to setup single sign-on. The instructions are fairly easy and I followed them closely. However after logging into JTS or CCM, when I switch to login to RQM on the other server I still get the login page. I looked in the logs and found the error below in the FFDC directory of the RQM server. I also noticed that with Tomcat the login for RQM would be a popup. In this case I got a full-screen for login and not a popup panel. Not sure if this makes a difference. I also haven't set up the SSL certificates and assumed I could after setting up single sign-on.
What is the best way to debug this besides looking in the logs? Is there a way in the browser to tell what the cookie is passing to see if it's correct? I'm using Firefox. Thanks,
[7/25/13 23:37:34:365 PDT] FFDC Exception:com.ibm.websphere.management.exception.ConnectorException SourceId:com.ibm.ws.ssl.utils.AdminCertificateHelper.AdminClientGetMBeanAction.run ProbeId:392 Reporter:com.ibm.ws.management.util.AdminCertificateHelper$AdminClientGetMBeanAction@7aec7aec
com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host svljazz05.svldev.svl.ibm.com at port 8881.
We're evaluating using WAS for the application server. Currently all our deployments are using Tomcat.
I set up JTS and CCM 4.0.1 on one server with WAS 7.0.0.27 and RQM 4.0.1 on a second server with WAS 7.0.0.29. The back-end DB is DB2 and is on the first server. I went through jts/setup and that went successful.
I'm now trying to setup single sign-on. The instructions are fairly easy and I followed them closely. However after logging into JTS or CCM, when I switch to login to RQM on the other server I still get the login page. I looked in the logs and found the error below in the FFDC directory of the RQM server. I also noticed that with Tomcat the login for RQM would be a popup. In this case I got a full-screen for login and not a popup panel. Not sure if this makes a difference. I also haven't set up the SSL certificates and assumed I could after setting up single sign-on.
What is the best way to debug this besides looking in the logs? Is there a way in the browser to tell what the cookie is passing to see if it's correct? I'm using Firefox. Thanks,
[7/25/13 23:37:34:365 PDT] FFDC Exception:com.ibm.websphere.management.exception.ConnectorException SourceId:com.ibm.ws.ssl.utils.AdminCertificateHelper.AdminClientGetMBeanAction.run ProbeId:392 Reporter:com.ibm.ws.management.util.AdminCertificateHelper$AdminClientGetMBeanAction@7aec7aec
com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host svljazz05.svldev.svl.ibm.com at port 8881.
2 answers
Hello Michael,
here are the steps i would take:
1. Do a sanity check and ensure all the steps in the following V7 infocenter have been followed
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.iseries.doc%2Finfo%2Fiseriesexp%2Fae%2Ftsec_msso.html
2. tail the log where Qm is installed to determine what error is being logged if any durring the attempt to log in.
3. If nothing stands out as being mis-configured, then would suggest collecting the following mustgathers and engaging WAS support
http://www-01.ibm.com/support/docview.wss?uid=swg21470063
For the question about the cookie, I believe WAS uses JSESSION IDs. If the ID is not in the url, then a tool like firebug should help.
For the ffdc error , if this occurs before the server has fully initialized, is most likely a red herring. However if it occurs after initialization, then I would attempt to connect on that host:port combination using the wasadmin tool.
BTW: This soap port is used for WAS scripting, which is done using the wasadmin tool...if it is unaccessible, it could cause other issues.
here are the steps i would take:
1. Do a sanity check and ensure all the steps in the following V7 infocenter have been followed
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.iseries.doc%2Finfo%2Fiseriesexp%2Fae%2Ftsec_msso.html
2. tail the log where Qm is installed to determine what error is being logged if any durring the attempt to log in.
3. If nothing stands out as being mis-configured, then would suggest collecting the following mustgathers and engaging WAS support
http://www-01.ibm.com/support/docview.wss?uid=swg21470063
For the question about the cookie, I believe WAS uses JSESSION IDs. If the ID is not in the url, then a tool like firebug should help.
For the ffdc error , if this occurs before the server has fully initialized, is most likely a red herring. However if it occurs after initialization, then I would attempt to connect on that host:port combination using the wasadmin tool.
BTW: This soap port is used for WAS scripting, which is done using the wasadmin tool...if it is unaccessible, it could cause other issues.