It's all about the answers!

Ask a question

How to debug single sign-on in Websphere when it's not working?

Michael Walker (99215201157) | asked Jul 26 '13, 3:10 a.m.
retagged Jul 29 '13, 11:59 a.m. by Ralph Earle (25739)

We're evaluating using WAS for the application server.  Currently all our deployments are using Tomcat.

I set up JTS and CCM 4.0.1 on one server with WAS and RQM 4.0.1 on a second server with WAS  The back-end DB is DB2 and is on the first server.  I went through jts/setup and that went successful. 

I'm now trying to setup single sign-on.  The instructions are fairly easy and I followed them closely. However after logging into JTS or CCM, when I switch to login to RQM on the other server I still get the login page. I looked in the logs and found the error below in the FFDC directory of the RQM server.  I also noticed that with Tomcat the login for RQM would be a popup.  In this case I got a full-screen for login and not a popup panel.  Not sure if this makes a difference.  I also haven't set up the SSL certificates and assumed I could after setting up single sign-on.

What is the best way to debug this besides looking in the logs?  Is there a way in the browser to tell what the cookie is passing to see if it's correct?   I'm using Firefox. Thanks,

[7/25/13 23:37:34:365 PDT]     FFDC ProbeId:392$AdminClientGetMBeanAction@7aec7aec ADMC0016E: The system cannot create a SOAP connector to connect to host at port 8881.

2 answers

permanent link
Abraham Sweiss (2.4k1331) | answered Jul 26 '13, 10:54 a.m.
Hello  Michael,

here are the steps i would take:  
1. Do a sanity check and ensure all the steps in the following V7 infocenter have been followed
2. tail the log where Qm is  installed to determine what error is being logged if any durring the attempt to log in.
3. If nothing stands out as being mis-configured, then would suggest collecting the following mustgathers and engaging WAS support

For the question about the cookie, I believe WAS uses JSESSION IDs.  If the ID is not in the url, then  a tool like firebug  should help.

For the ffdc error , if this occurs before the server has fully initialized,  is most likely a red herring.  However if it occurs after initialization, then I would attempt to connect on that host:port combination using the wasadmin tool.  
BTW: This soap port is used for WAS scripting, which is done using the wasadmin tool...if it is unaccessible, it could cause other issues.

permanent link
Krzysztof Ka┼║mierczyk (7.5k479103) | answered Jul 26 '13, 6:41 a.m.
Hello Michael,
I would simply open PMR for WAS support. They should help you.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.