Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sas.client.props and SecurityServer Issue (SECJ0395E)

320 views
Skip to first unread message

irat...@retailexpress.com

unread,
Dec 21, 2006, 9:17:11 AM12/21/06
to
We're currently configuring security for our app on WAS 6.1.0.0, revolving around BasicAuthentication.


Scenario
--------

We have our own login dialog, so have developed a CallbackHandler to spawn the dialog. We're using WSLoginModule to handle logins. The dialog is displayed and when valid credentials are entered the application works. When invalid credentials are entered the login module allows the login but falls over with the first server call. To combat this we have set com.ibm.CORBA.validateBasicAuth=true. This has had the expected effect that the authorisation is done at the login box.


Problem
-------

An AuthenticationFailedException is thrown by WS irrespective of the validity of the credentials; it never gets that far. It appears to be unable to ascertain the server url.

This is the message (stack trace later)

SECJ0395E: Could not locate the SecurityServer at host/port:{0} to validate the userid and password entered. You may need to specify valid securityServerHost/Port in ${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file.


Attempted Solutions
-------------------

1. In the sas.client.props file we have set com.ibm.CORBA.securityServerHost= and com.ibm.CORBA.securityServerPort= to valid entries.

2. Investigating similar occurences via the web has highlighted that it is likely not reading the host/port at all, as the error message is returning {0} instead of, for example, {www.mysite.com:1234}.

3. We've consulted the help references, which instruct us to simply set the validateBasicAuth to false, which we don't want to do (I think).

4. We have tried creating an InitialContext pointing to the host/port and doing a lookup, prior to the login.


Config Files
------------

com.ibm.CORBA.securityEnabled=true

com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
com.ibm.CORBA.authenticationRetryCount=3
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.securityServerHost=xxxxxxx
com.ibm.CORBA.securityServerPort=1234
com.ibm.CORBA.loginTimeout=300
com.ibm.CORBA.loginSource=prompt
<snip>


Stack Trace
-----------
SEVERE: security.securityserver.error

com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port:{0} to validate the userid and password entered. You may need to specify valid securityServerHost/Port in ${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file.
at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:1706)
at com.ibm.ws.security.auth.ContextManagerImpl.access$200(ContextManagerImpl.java:186)
at com.ibm.ws.security.auth.ContextManagerImpl$8.run(ContextManagerImpl.java:3037)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:3731)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:3792)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3034)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3007)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:2802)
at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:344)
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:122)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:615)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:241)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
at was.WasTest.getLocatorWebsphere(WasTest.java:160)
at was.WasTest.main(WasTest.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:615)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)

Thanks in advance.

irat...@retailexpress.com

unread,
Jan 25, 2007, 10:30:06 AM1/25/07
to
<bump>

Issue still occurring.

Ken Hygh

unread,
Jan 25, 2007, 3:05:11 PM1/25/07
to
irat...@retailexpress.com wrote:
> <bump>
>
> Issue still occurring.

This is not a formal support newsgroup. If you really need help, open a
PMR with IBM.

Ken

Dexthor

unread,
Jan 28, 2007, 5:25:42 PM1/28/07
to
Did you try "com.ibm.CORBA.loginSource=properties" ? Are you sure that
the SASCLIENTPROPS (or something similar to that..) in the
setupCmdLine.sh/bat set to use sas.client.props file ?

-Dexthor.

0 new messages