Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-1357

WebSphere Policy Agent authentication issue for syncNode script when OpenAM authentication chain updated to not use Datastore as first module.

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • Agents-3.1.0-Xpress
    • j2ee agents
    • IBM WebSphere Application Server v7 and J2EE policy agent.
    • Rank:
      1|hzn36v:
    • Sprint 3

      Description

      Problem:

      Authentication fails when using the application server supplied command line tool to synchronise WebSphere Node Agents (syncNode.sh) when the default OpenAM authentication chain has been updated to make use of modules other than Datastore as first module.

      Result:

      Users get errors like:
      ADMU0111E: Program exiting with error:
      com.ibm.websphere.management.exception.ConfigServiceException:
      javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on ConfigService MBean because of insufficient or empty credentials.
      ADMU4113E: Verify that username and password information is correct. If running tool from the command line, pass in the correct -username and -password. Alternatively, update the <conntype>.client.props file.

      Fix:

      Have the authenticate method in com.sun.identity.agents.websphere.AmRealmUserRegistry specify the Application module as part of the login call.

        Attachments

          Activity

            People

            markdr Mark de Reeper
            markdr Mark de Reeper
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: