Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WPCP Error 403: AuthorizationFailed after enable-security-ldap

458 views
Skip to first unread message

Nikolai Iordanov

unread,
Jan 3, 2004, 12:53:30 PM1/3/04
to

After enable-security-ldap on WPS 5.0, using Domino 5.0.12 for LDAP and DB2
instead of cloudspace
all Content Publising pages give Error 403: AuthorizationFailed, when logged
in as wpsadmin.

Restarted servers, can login in to the Admin Console, SSO works fine and all
other pages including Documents are working.

Does anyone know how to solve it ?
Should LDAP look aside be enabled?

The WPCP Users, Project Lead, Domain Expert, WPCP Admins, Content
Contrubutor, Content Publisher gourps also disappeared, should they be
recreated in LDAP?

Did a serch on the support website and new group but could not find how to
resolve it.
In Log Analyser the only clue is:

RecordId: Rec_268
ComponentId: Application Server
ProcessId: 1976
ThreadId: 55732350
SourceId: com.ibm.ws.security.web.WebCollaborator
ClassName:
MethodName:
Manufacturer: IBM
Product: WebSphere
Version: Platform 5.0 [BASE 5.0.1 ptf1M0314.04] [PME 5.0.1
ptf10316.01]
ServerName: hostname\hostname\WebSphere_Portal
TimeStamp: 1/3/2004 16:14:34.875000000
UnitOfWork:
Severity: 3
Category: AUDIT
PrimaryMessage: SECJ0129E: Authorization failed for wpsadmin while invoking
GET on default_host:/wps/PA_1_0_4J/main/index_main.jsp, Authorization
failed, Not granted any of the required roles: All Role
ExtendedMessage:
RawData:


Regards,
Nikolai


Bill

unread,
Jan 5, 2004, 1:05:32 PM1/5/04
to
Nikolai,

I had the same error. This is direclty from IBM Portal Level 2
support:

"This is a common problem that I've seen with people who enable
security for their WAS/Portal Setups. The problem comes from Portal
creating the EAR file structure, and not including security mappings
for the authorportlets. Attached are two files, which should be
placed in your "<WAS>\config\cells\<node>\applications\authorportlets_PA_X_X_XX.ear\deployments\authorportlets_PA_X_X_XX\META-INF"

and

"<WPS>\installedApps/authorportlets_PA_X_X_XX.ear\META-INF"

directories. Before you put them in there, however, edit the
application.xml file. In there, you'll see a tag for the context
root, and the one in the file will literally say "wps/PA_X_X_XX". You
need to update that to have your real context root (this will be the
same as the X_X_XX's in the directory names. Once that's done,
restart your WebSphere_Portal application server and the portlets
should work."

Bill

"Nikolai Iordanov" <nip...@blueyonder.co.uk> wrote in message news:<bt6vim$78r0$1...@news.boulder.ibm.com>...

Nikolai Iordanov

unread,
Jan 5, 2004, 5:10:00 PM1/5/04
to
Solved it. authorportlets_PA_1_0_4J didn't have the security roles defined
in application.xml and was missing ibm-application-bnd.xmi, probably because
of a patch update, exported ear from was, added roles and copied the bnd
file from a previous install, redeployed, changed starting weight to 100 and
Class loader module to Parent Last and all is happy.

Regards,
Nikolai


"Nikolai Iordanov" <nip...@blueyonder.co.uk> wrote in message
news:bt6vim$78r0$1...@news.boulder.ibm.com...
>

JANS Daniel

unread,
Jan 26, 2004, 10:54:28 AM1/26/04
to
Thanks ... Had the same problem and your solution fixes the problem ...
0 new messages