Beta 3 with db2 v9.1, WAS 6.1 on Linux
Hi
I managed to get almost everything working until I got to the "Running the setup wizard" bit and can't login: I get an invalid username or password with the ADMIN/ADMIN combo. The app seems to be working fine: I can get to https://jazz-server:9443/jazz/setup and https://jazz-server:9443/jazz/admin fine but can't login The Db2 connection is fine, and the jazz app is running in WAS. I'm a WAS newbie so I may have the security settings wrong (and the doco is light on info and looks like you do need a WAS specialist :-(. I've used the WAS "Security COnfiguration Wizard" to: - Enable Administrative Security - Enable Application Security - Set the User account repository-> Current Realm Definition to "Federated Repositories" I've also configured the Federated Repositories to be case sensitive and to use the "Built-in repository" Here's the entire Security configuration report if anyone can decipher it and help (isn't there a way to attach files to posts?): Ta muchly for any help, Security Configuration Report WebSphere Application Server Core Security settings for host name:jazz-server . Report generated on:May 20, 2008, 11:20:20 Console Name Security Configuration Name Value Console Path Name Security Settings Active authentication mechanism activeAuthMechanism LTPA_1 Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration User account repository activeUserRegistry WIMUserRegistry_1 Security > Secure administration, applications, and infrastructure > User account repository Application security appEnabled true Security > Secure administration, applications, and infrastructure > Application security Authentication cache timeout cacheTimeout 600 seconds Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration > Authentication expiration Default SSL settings defaultSSLSettings SSLConfig_jazz-serverNode01_1 Security > SSL certificate and key management > Manage endpoint security configurations Dynamically update run time when SSL configuration changes occur dynamicallyUpdateSSLConfig true Security > SSL certificate and key management > Dynamically update run time when SSL configuration changes occur Administrative security enabled true Security > Secure administration, applications, and infrastructure > Administrative security Restrict access to resource authentication data enforceFineGrainedJCASecurity false Security > Secure administration, applications, and infrastructure > Restrict access to resource authentication data Java 2 security enforceJava2Security false Security > Secure administration, applications, and infrastructure > Java 2 security Warn if applications are granted custom permissions issuePermissionWarning false Security > Secure administration, applications, and infrastructure > Warn if applications are granted custom permissions Use domain-qualified user names useDomainQualifiedUserNames false Security > Secure administration, applications, and infrastructure > Use domain-qualified user names Use the local security server useLocalSecurityServer true Security > Secure administration, applications, and infrastructure > Use the local security server Authentication mechanisms and expiration Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication configuration authConfig system.SWAM Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication context implementation class authContextImplClass com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContext Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication validation config authValidationConfig system.SWAM Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Simple authentication config simpleAuthConfig system.SWAM Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication configuration authConfig system.LTPA Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication context implementation class authContextImplClass com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Authentication validation config authValidationConfig system.LTPA Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Key set groups keySetGroup KeySetGroup_jazz-serverNode01_1 Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Simple authentication config simpleAuthConfig system.LTPA Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Timeout of authentication data forwarded between servers timeout 120 minutes Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration Trust association trustAssociation Security > Secure administration, applications, and infrastructure > Web security > Trust association Enable trust association enabled false Security > Secure administration, applications, and infrastructure > Web security > Trust association Interceptors interceptors Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptor class name interceptorClassName com.ibm.ws.security.web.WebSealTrustAssociationInterceptor Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptors interceptors Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptor class name interceptorClassName com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptors interceptors Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptor class name interceptorClassName com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptors interceptors Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Interceptor class name interceptorClassName com.ibm.ws.sip.security.digest.DigestTAI Security > Secure administration, applications, and infrastructure > Web security > Trust association > Interceptors Single signon (SSO) singleSignon Security > Secure administration, applications, and infrastructure > Web security > Single signon (SSO) Domain name domainName Security > Secure administration, applications, and infrastructure > Web security > Single signon (SSO) Enable trust association enabled true Security > Secure administration, applications, and infrastructure > Web security > Single signon (SSO) Requires SSL requiresSSL false Security > Secure administration, applications, and infrastructure > Web security > Single signon (SSO) User Registry Security > Secure administration, applications, and infrastructure > User account repository Ignore case for authorization ignoreCase false Security > Secure administration, applications, and infrastructure > User account repository Primary administrative user name primaryAdminId root Security > Secure administration, applications, and infrastructure > User account repository Realm realm defaultWIMFileBasedRealm Security > Secure administration, applications, and infrastructure > User account repository Custom registry class name registryClassName com.ibm.ws.wim.registry.WIMUserRegistry Security > Secure administration, applications, and infrastructure > User account repository Server user ID serverId Security > Secure administration, applications, and infrastructure > User account repository Server user password serverPassword ****** Security > Secure administration, applications, and infrastructure > User account repository Use the registry server id instead of the internal server id useRegistryServerId false Security > Secure administration, applications, and infrastructure > User account repository Authorization configuration Security > Secure administration, applications, and infrastructure > External authorization providers External authorization using a JACC provider useJACCProvider false Security > Secure administration, applications, and infrastructure > External authorization providers Authorization providers authorizationProviders Security > Secure administration, applications, and infrastructure > External authorization providers Provider initialization class name initializeJACCProviderClassName com.tivoli.pd.as.jacc.cfg.TAMConfigInitialize Security > Secure administration, applications, and infrastructure > External authorization providers J2EE Policy implementation class name j2eePolicyImplClassName com.tivoli.pd.as.jacc.TAMPolicy Security > Secure administration, applications, and infrastructure > External authorization providers Name name Tivoli Access Manager Security > Secure administration, applications, and infrastructure > External authorization providers Policy configuration factory class name policyConfigurationFactoryImplClassName com.tivoli.pd.as.jacc.TAMPolicyConfigurationFactory Security > Secure administration, applications, and infrastructure > External authorization providers Requires the EJB arguments policy context handler for access decisions requiresEJBArgumentsPolicyContextHandler false Security > Secure administration, applications, and infrastructure > External authorization providers Role configuration factory class name roleConfigurationFactoryImplClassName com.tivoli.pd.as.jacc.TAMRoleConfigurationFactory Security > Secure administration, applications, and infrastructure > External authorization providers Supports dynamic module updates supportsDynamicModuleUpdates true Security > Secure administration, applications, and infrastructure > External authorization providers Application login configuration Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Alias alias ClientContainer Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Value value com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Alias alias WSLogin Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Value value com.ibm.ws.security.common.auth.module.WSLoginModuleImpl Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Name name use_realm_callback Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Value value false Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Name name use_appcontext_callback Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Value value false Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Alias alias DefaultPrincipalMapping Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins Value value com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > Application logins CSI Security > Secure administration, applications, and infrastructure > RMI/IIOP security Claims claims Security > Secure administration, applications, and infrastructure > RMI/IIOP security Stateful sessions stateful true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable enable false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Required Quality of protection (QoP) settings requiredQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Required Quality of protection (QoP) settings requiredQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Server Authentication serverAuthentication Security > Secure administration, applications, and infrastructure > RMI/IIOP security SSL configurations sslConfig Security > Secure administration, applications, and infrastructure > RMI/IIOP security performs performs Security > Secure administration, applications, and infrastructure > RMI/IIOP security Session GC Idle Time sessionGCIdleTime 900000 milliseconds Security > Secure administration, applications, and infrastructure > RMI/IIOP security Session GC Interval sessionGCInterval 300000 milliseconds Security > Secure administration, applications, and infrastructure > RMI/IIOP security Stateful sessions stateful true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Required Quality of protection (QoP) settings requiredQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable enable false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable enable false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Trusted identity trustedId Security > Secure administration, applications, and infrastructure > RMI/IIOP security Password trustedPassword {xor} Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Authentication Layer Retry Count authenticationLayerRetryCount 3 Security > Secure administration, applications, and infrastructure > RMI/IIOP security Required Quality of protection (QoP) settings requiredQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Required Quality of protection (QoP) settings requiredQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Establish trust in client establishTrustInClient false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Server Authentication serverAuthentication Security > Secure administration, applications, and infrastructure > RMI/IIOP security SSL configurations sslConfig Security > Secure administration, applications, and infrastructure > RMI/IIOP security SAS Security > Secure administration, applications, and infrastructure > RMI/IIOP security Claims claims Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Server Authentication serverAuthentication Security > Secure administration, applications, and infrastructure > RMI/IIOP security SSL configurations sslConfig Security > Secure administration, applications, and infrastructure > RMI/IIOP security performs performs Security > Secure administration, applications, and infrastructure > RMI/IIOP security Layers layers Security > Secure administration, applications, and infrastructure > RMI/IIOP security Supported ciphers supportedQOP Security > Secure administration, applications, and infrastructure > RMI/IIOP security Confidentiality confidentiality false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Enable Protection enableProtection true Security > Secure administration, applications, and infrastructure > RMI/IIOP security Integrity integrity false Security > Secure administration, applications, and infrastructure > RMI/IIOP security Server Authentication serverAuthentication Security > Secure administration, applications, and infrastructure > RMI/IIOP security SSL configurations sslConfig Security > Secure administration, applications, and infrastructure > RMI/IIOP security SSL configuration repertoires Security > SSL certificate and key management > Manage endpoint security configurations Alias alias NodeDefaultSSLSettings Security > SSL certificate and key management > Manage endpoint security configurations Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Manage endpoint security configurations SSL settings setting Security > SSL certificate and key management > Manage endpoint security configurations Client authentication clientAuthentication false Security > SSL certificate and key management > Manage endpoint security configurations Enabled Ciphers enabledCiphers Security > SSL certificate and key management > Manage endpoint security configurations JSSE Provider jsseProvider IBMJSSE2 Security > SSL certificate and key management > Manage endpoint security configurations Key managers keyManager KeyManager_jazz-serverNode01_1 Security > SSL certificate and key management > Manage endpoint security configurations Key stores keyStore KeyStore_jazz-serverNode01_1 Security > SSL certificate and key management > Manage endpoint security configurations Security level securityLevel HIGH Security > SSL certificate and key management > Manage endpoint security configurations SSL Protocol sslProtocol SSL_TLS Security > SSL certificate and key management > Manage endpoint security configurations Trust managers trustManager TrustManager_jazz-serverNode01_1 Security > SSL certificate and key management > Manage endpoint security configurations Trust store trustStore KeyStore_jazz-serverNode01_2 Security > SSL certificate and key management > Manage endpoint security configurations Key stores Security > SSL certificate and key management > Key stores File-based key store fileBased true Security > SSL certificate and key management > Key stores Host list hostList Security > SSL certificate and key management > Key stores Path location ${CONFIG_ROOT}/ cells/ jazz-serverNode01Cell/ nodes/ jazz-serverNode01/ key.p12 Security > SSL certificate and key management > Key stores Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key stores Name name NodeDefaultKeyStore Security > SSL certificate and key management > Key stores Password password ****** Security > SSL certificate and key management > Key stores Provider provider IBMJCE Security > SSL certificate and key management > Key stores Type type PKCS12 Security > SSL certificate and key management > Key stores File-based key store fileBased true Security > SSL certificate and key management > Key stores Host list hostList Security > SSL certificate and key management > Key stores Path location ${CONFIG_ROOT}/ cells/ jazz-serverNode01Cell/ nodes/ jazz-serverNode01/ trust.p12 Security > SSL certificate and key management > Key stores Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key stores Name name NodeDefaultTrustStore Security > SSL certificate and key management > Key stores Password password ****** Security > SSL certificate and key management > Key stores Provider provider IBMJCE Security > SSL certificate and key management > Key stores Type type PKCS12 Security > SSL certificate and key management > Key stores File-based key store fileBased true Security > SSL certificate and key management > Key stores Host list hostList Security > SSL certificate and key management > Key stores Path location ${CONFIG_ROOT}/ cells/ jazz-serverNode01Cell/ nodes/ jazz-serverNode01/ ltpa.jceks Security > SSL certificate and key management > Key stores Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key stores Name name NodeLTPAKeys Security > SSL certificate and key management > Key stores Password password ****** Security > SSL certificate and key management > Key stores Provider provider IBMJCE Security > SSL certificate and key management > Key stores Type type JCEKS Security > SSL certificate and key management > Key stores Trust managers Security > SSL certificate and key management > Trust managers Algorithm algorithm IbmX509 Security > SSL certificate and key management > Trust managers Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Trust managers Name name IbmX509 Security > SSL certificate and key management > Trust managers Provider provider IBMJSSE2 Security > SSL certificate and key management > Trust managers Algorithm algorithm IbmPKIX Security > SSL certificate and key management > Trust managers Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Trust managers Name name IbmPKIX Security > SSL certificate and key management > Trust managers Provider provider IBMJSSE2 Security > SSL certificate and key management > Trust managers Class name trustManagerClass Security > SSL certificate and key management > Trust managers Additional Trust Manager attributes additionalTrustManagerAttrs Security > SSL certificate and key management > Trust managers Key file name displayNameKey Security > SSL certificate and key management > Trust managers Class name firstClass false Security > SSL certificate and key management > Trust managers Hover help key hoverHelpKey Security > SSL certificate and key management > Trust managers Inclusive inclusive false Security > SSL certificate and key management > Trust managers Name name com.ibm.security.enableCRLDP Security > SSL certificate and key management > Trust managers NLS Range Key nlsRangeKey Security > SSL certificate and key management > Trust managers Range range Security > SSL certificate and key management > Trust managers Type type boolean Security > SSL certificate and key management > Trust managers Value value true Security > SSL certificate and key management > Trust managers Additional Trust Manager attributes additionalTrustManagerAttrs Security > SSL certificate and key management > Trust managers Key file name displayNameKey Security > SSL certificate and key management > Trust managers Class name firstClass false Security > SSL certificate and key management > Trust managers Hover help key hoverHelpKey Security > SSL certificate and key management > Trust managers Inclusive inclusive false Security > SSL certificate and key management > Trust managers Name name com.ibm.jsse2.checkRevocation Security > SSL certificate and key management > Trust managers NLS Range Key nlsRangeKey Security > SSL certificate and key management > Trust managers Range range Security > SSL certificate and key management > Trust managers Type type boolean Security > SSL certificate and key management > Trust managers Value value true Security > SSL certificate and key management > Trust managers Key managers Security > SSL certificate and key management > Key managers Algorithm algorithm IbmX509 Security > SSL certificate and key management > Key managers Class name keyManagerClass Security > SSL certificate and key management > Key managers Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key managers Name name IbmX509 Security > SSL certificate and key management > Key managers Provider provider IBMJSSE2 Security > SSL certificate and key management > Key managers SSL configurations Security > SSL certificate and key management > SSL configurations Direction direction inbound Security > SSL certificate and key management > SSL configurations Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > SSL configurations Name name jazz-serverNode01 Security > SSL certificate and key management > SSL configurations SSL configurations sslConfig SSLConfig_jazz-serverNode01_1 Security > SSL certificate and key management > SSL configurations Direction direction outbound Security > SSL certificate and key management > SSL configurations Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > SSL configurations Name name jazz-serverNode01 Security > SSL certificate and key management > SSL configurations SSL configurations sslConfig SSLConfig_jazz-serverNode01_1 Security > SSL certificate and key management > SSL configurations Management scope Security > SSL certificate and key management > Manage endpoint security configurations Scope Name scopeName (cell):jazz-serverNode01Cell:(node):jazz-serverNode01 Security > Secure administration, applications, and infrastructure > Scope Name Scope Type scopeType node Security > Secure administration, applications, and infrastructure > Scope Type Key set groups Security > SSL certificate and key management > Key set groups Automatically generate keys autoGenerate true Security > SSL certificate and key management > Key set groups Key set keySet KeySet_jazz-serverNode01_1 KeySet_jazz-serverNode01_2 Security > SSL certificate and key management > Key set groups Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key set groups Name name NodeLTPAKeySetGroup Security > SSL certificate and key management > Key set groups Schedules wsSchedule WSSchedule_jazz-serverNode01_1 Security > SSL certificate and key management > Key set groups Key sets Security > SSL certificate and key management > Key sets Key alias prefix name aliasPrefix LTPAKeyPair Security > SSL certificate and key management > Key sets Delete key references that are beyond the maximum number of keys deleteOldKeys true Security > SSL certificate and key management > Key sets Specifies a key pair instead of a key isKeyPair true Security > SSL certificate and key management > Key sets Key generation class keyGenerationClass com.ibm.ws.security.ltpa.LTPAKeyPairGenerator Security > SSL certificate and key management > Key sets Key stores keyStore KeyStore_jazz-serverNode01_3 Security > SSL certificate and key management > Key sets Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key sets Maximum key references maxKeyReferences 2 Security > SSL certificate and key management > Key sets Name name NodeLTPAKeyPair Security > SSL certificate and key management > Key sets Password password ****** Security > SSL certificate and key management > Key sets Key reference keyReference Security > SSL certificate and key management > Key sets Key Alias keyAlias LTPAKeyPair_1 Security > SSL certificate and key management > Key sets Version version 1 Security > SSL certificate and key management > Key sets Key alias prefix name aliasPrefix LTPASecret Security > SSL certificate and key management > Key sets Delete key references that are beyond the maximum number of keys deleteOldKeys true Security > SSL certificate and key management > Key sets Key generation class keyGenerationClass com.ibm.ws.security.ltpa.LTPAKeyGenerator Security > SSL certificate and key management > Key sets Key stores keyStore KeyStore_jazz-serverNode01_3 Security > SSL certificate and key management > Key sets Management scope managementScope ManagementScope_jazz-serverNode01_1 Security > SSL certificate and key management > Key sets Maximum key references maxKeyReferences 2 Security > SSL certificate and key management > Key sets Name name NodeLTPASecret Security > SSL certificate and key management > Key sets Password password ****** Security > SSL certificate and key management > Key sets Key reference keyReference Security > SSL certificate and key management > Key sets Key Alias keyAlias LTPASecret_1 Security > SSL certificate and key management > Key sets Version version 1 Security > SSL certificate and key management > Key sets Schedules Security > SSL certificate and key management > Manage certificate expiration Day of week dayOfWeek 1 Security > SSL certificate and key management > Manage certificate expiration Frequency frequency 90 days Security > SSL certificate and key management > Manage certificate expiration Hour hour 22 Security > SSL certificate and key management > Manage certificate expiration Name name LTPAKeySetGenerationSchedule Security > SSL certificate and key management > Manage certificate expiration Next start date nextStartDate 1226228459622 Security > SSL certificate and key management > Manage certificate expiration Day of week dayOfWeek 1 Security > SSL certificate and key management > Manage certificate expiration Frequency frequency 30 days Security > SSL certificate and key management > Manage certificate expiration Hour hour 21 Security > SSL certificate and key management > Manage certificate expiration Minute minute 30 Security > SSL certificate and key management > Manage certificate expiration Name name ExpirationMonitorSchedule Security > SSL certificate and key management > Manage certificate expiration Next start date nextStartDate 1215948608344 Security > SSL certificate and key management > Manage certificate expiration Notifications Security > SSL certificate and key management > Manage certificate expiration List of e-mail addresses emailList Security > SSL certificate and key management > Manage certificate expiration Log to SystemOut logToSystemOut true Security > SSL certificate and key management > Manage certificate expiration Name name MessageLog Security > SSL certificate and key management > Manage certificate expiration Manage certificate expiration Security > SSL certificate and key management > Manage certificate expiration Automatically replace expiring self-signed certificates autoReplace true Security > SSL certificate and key management > Manage certificate expiration Expiration notification threshold daysBeforeNotification 60 Security > SSL certificate and key management > Manage certificate expiration Delete old certificate after replacement deleteOld true Security > SSL certificate and key management > Manage certificate expiration Enable checking isEnabled true Security > SSL certificate and key management > Manage certificate expiration Name name Certificate Expiration Monitor Security > SSL certificate and key management > Manage certificate expiration Notifications wsNotification WSNotification_jazz-serverNode01_1 Security > SSL certificate and key management > Manage certificate expiration Schedules wsSchedule WSSchedule_jazz-serverNode01_2 Security > SSL certificate and key management > Manage certificate expiration System login configuration Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias SWAM Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Value value com.ibm.ws.security.server.lm.swamLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias LTPA Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Value value com.ibm.ws.security.server.lm.ltpaLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.IDAssertion Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Value value com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.Signature Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Value value com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias LTPA_WEB Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties options Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Name name delegate Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Value value com.ibm.ws.security.web.AuthenLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias WEB_INBOUND Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.ltpaLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias RMI_INBOUND Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.ltpaLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias DEFAULT Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.ltpaLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias RMI_OUTBOUND Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.X509BST Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.wsspi.wssecurity.auth.module.X509LoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.PkiPath Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.PKCS7 Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.UsernameToken Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias wssecurity.IDAssertionUsernameToken Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias WSS_INBOUND Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.ltpaLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Entries entries Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Alias alias WSS_OUTBOUND Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins JAAS login modules loginModules Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Authentication strategy authenticationStrategy REQUIRED Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Module class name moduleClassName com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule Security > Secure administration, applications, and infrastructure > Java Authentication and Authorization Service > System logins Custom properties Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.CSI.rmiInboundPropagationEnabled true Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.CSI.rmiOutboundLoginEnabled false Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.ws.security.webInboundPropagationEnabled true Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.ws.security.ssoInteropModeEnabled true Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.CSI.supportedTargetRealms Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.CSI.rmiInboundLoginConfig system.RMI_INBOUND Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.CSI.rmiOutboundLoginConfig system.RMI_OUTBOUND Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.ws.security.webInboundLoginConfig system.WEB_INBOUND Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.ws.security.defaultLoginConfig system.DEFAULT Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.wsspi.security.ltpa.tokenFactory com.ibm.ws.security.ltpa.LTPATokenFactory| com.ibm.ws.security.ltpa.LTPAToken2Factory| com.ibm.ws.security.ltpa.AuthzPropTokenFactory Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.wsspi.security.token.authenticationTokenFactory com.ibm.ws.security.ltpa.LTPATokenFactory Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.wsspi.security.token.authorizationTokenFactory com.ibm.ws.security.ltpa.AuthzPropTokenFactory Security > Secure administration, applications, and infrastructure > Custom properties Required required false Security > Secure administration, applications, and infrastructure > Custom properties Name com.ibm.wsspi.security.token.propagationTokenFactory com.ibm.ws.security.ltpa.AuthzPropTokenFactory Security > Secure administration, appl |
2 answers
When you activated the security, did you create a user/pwd for WAS?
Can you get into WAS Admin Console (http://hostname:9060/ibm/console) and go to Users and Groups -> Manage Users and check which users do you have in WAS? Can you go to Applications -> Enterprise Applications -> Jazz -> Security role to user/groups mapping to check to which user is the mapping done? I haven't done this installation before, so these are just some ideas where to look for. Hope it helps, Chemi. |
Thanks heaps Chemi - you got me pointed in the right direction! Boy do I know a lot more about WAS than I did (or wanted to:-)
I couldn't figure out the "Federated Repository" option so I went with what sounded simple "Local Operating System", which then allowed me to search for and add users from the local passwd file to the jazz app. After restarting the app, I got past the initial setup screen and it hung trying to connect to the DB. Further investigation showed I'd neglected to update the license-profile.ini with the path (the doc says "Modifying the profile.ini files" and i'd missed that last 's':-). So I updated that, reinstalled the war and after that it's been smooth sailing so far. Well kind of, I still haven't figured out the user mapping: I have a user named "instructor" that I added to the JazzAdmins group for the Jazz app on WAS. I created this user on Jazz and it set it's Name to "User Name"!: User Name instructor instructor@jazz-server and when creating it said that "Notice: You are using a directory service that is not writable. User roles cannot be modified." That was fun:-) |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.