ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/trb/trbsecurity.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Troubleshoot: Security</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3>Troubleshoot: Security</h3>
<p>Use these resources to determine the cause of problems that occur when using
  the application server security.</p>
<ul>
  <li>
    <p>Check the application server standard output and standard error log files.
      See <a href="trblogs.htm">WebSphere Application Server - Express log files</a> for
      more information.</p>
  </li>
  <li>
    <p>When troubleshooting security-related problems, consider the following:</p>
    <p><strong>Does the problem occur when security is disabled?</strong> <br>
      The problem may be a result of the enablement of security. More troubleshooting
        is necessary to ensure the problem is security related. </p>
    <p><strong>Did security appear to initialize properly?</strong> <br>
      The following sequence of messages generated in the SystemOut.log indicate
        normal code initialization of an application server. This varies based
        on the configuration, but the message are similar: </p>
    <pre>SASRas        A JSAS0001I: Security configuration initialized.
SASRas        A JSAS0002I: Authentication protocol: CSIV2/IBM
SASRas        A JSAS0003I: Authentication mechanism: SWAM
SASRas        A JSAS0004I: Principle name: BIRKt20/pbirk
SASRas        A JSAS0005I: SecurityCurrent registered.
SASRas        A JSAS0006I: Security connection interceptor initialized.
SASRas        A JSAS0007I: Client request interceptor registered.
SASRas        A JSAS0008I: Server request interceptor registered.
SASRas        A JSAS0009I: IOR interceptor registered.

NameServerIMP I NMSV0720I: Do Security service listener registration.
SecurityCompo A SECJ0242A: Security service is starting
UserRegistryI A SECJ0136I: 
        Custom Registry:com.IBM.ws.security.registry.nt.NTLocalDomainRegistryIm
        has been initialized
SecurityCompo A SECJ0202A: Admin application initialized successfully
SecurityCompo A SECJ0203A: Naming application initialized successfully
SecurityCompo A SECJ0204A: Rolebased authorizer initialized successfully
SecurityCompo A SECJ0205A: Security Admin mBean registered successfully
SecurityCompo A SECJ0243A: Security service started successfully
SecurityCompo A SECJ0210A: Security enabled true
</pre>
    <p><strong>Is there a stack trace or exception printed in the SystemOut.log?</strong> <br>
      The stack trace will log any code incorrectly initialized, failing components,
        and the failing class. </p>
    <p><strong>Is this a distributed security problem or a local security problem?</strong></p>
    <ul>
      <li>
        <p>If the problem is local, the code involved does not make a remote
          method invocation, then troubleshooting is isolated to a single process.
          It is important to know when a problem is local or distributed since
          the behavior of the Object Request Broker (ORB), among other components,
          is different between the two.</p>
      </li>
      <li>
        <p>Once a remote method invocation takes place, a different security
          code path is entered. When you know the problem involves two or more
          servers, check the log files of all servers involved. If possible,
          make sure the timestamps on all machines match as closely as possible
          to identify request and reply pairs from two different processes easier.</p>
      </li>
    </ul>
    <p><strong>Is the problem related to authentication or authorization?</strong> <br>
      Most security problems fall under one of these two categories. Authentication
        is the process of determining who the caller is. Authorization is the
        process of validating that the caller has the proper authority to invoke
        the requested method. When authentications fails, typically this is related
        to either the authentication protocol, authentication mechanism, or user
        registry. When authorization fails, this is usually related to the application
        bindings from assembly or deployment and to the identity of the caller
        who is accessing the method and the roles required by the method. </p>
    <p><STRONG>Does the problem seem to be related SSL?</STRONG> <br>
      The Secure Socket Layer (SSL) is a separate layer of security. Troubleshooting
        SSL is differant than troubleshooting authentication and authorization
        problems. SSL errors are often caused by incorrect configurations. Each
        keystore used by a client must contain the certificate of the Certificate
        Authority (CA) that signed the certificate used by the server. During
        mutal authentication, the server requires the client to present a cerfticate
        for authorization. Each server keystore must contain the certificate
        of the CA that signed the certificate presented by the client. Another
        common error are configurations where the client and the server do not
        have common configured SSL cipher suites.</p>
    <p><strong>Is the problem related to Java 2 Security? </strong> <br>
      If Java 2 Security is enabled, deployers and administrators are required
        to make sure that all applications are granted required permissions,
        otherwise, applications may fail to run.</p>
  </li>
  <li>Read the release notes. See <a href="http://www-1.ibm.com/servers/eserver/iseries/software/websphere/wsappserver/express/docs/relnotesexp50.html" target="_new">WebSphere
      Application Server - Express Release Notes</a>  <img src="www.gif" width="18" height="15" alt="Link outside Information Center" border="0"> for
      more information.</li>
</ul>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`
			`<title>Troubleshoot: Security</title>`
			`</head>`
			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`
			`<h3>Troubleshoot: Security</h3>`
			`<p>Use these resources to determine the cause of problems that occur when using`
			`the application server security.</p>`
			`<ul>`
			`<li>`
			`<p>Check the application server standard output and standard error log files.`
			`See <a href="trblogs.htm">WebSphere Application Server - Express log files</a> for`
			`more information.</p>`
			`</li>`
			`<li>`
			`<p>When troubleshooting security-related problems, consider the following:</p>`
			`<p><strong>Does the problem occur when security is disabled?</strong> <br>`
			`The problem may be a result of the enablement of security. More troubleshooting`
			`is necessary to ensure the problem is security related. </p>`
			`<p><strong>Did security appear to initialize properly?</strong> <br>`
			`The following sequence of messages generated in the SystemOut.log indicate`
			`normal code initialization of an application server. This varies based`
			`on the configuration, but the message are similar: </p>`
			`<pre>SASRas A JSAS0001I: Security configuration initialized.`
			`SASRas A JSAS0002I: Authentication protocol: CSIV2/IBM`
			`SASRas A JSAS0003I: Authentication mechanism: SWAM`
			`SASRas A JSAS0004I: Principle name: BIRKt20/pbirk`
			`SASRas A JSAS0005I: SecurityCurrent registered.`
			`SASRas A JSAS0006I: Security connection interceptor initialized.`
			`SASRas A JSAS0007I: Client request interceptor registered.`
			`SASRas A JSAS0008I: Server request interceptor registered.`
			`SASRas A JSAS0009I: IOR interceptor registered.`

			`NameServerIMP I NMSV0720I: Do Security service listener registration.`
			`SecurityCompo A SECJ0242A: Security service is starting`
			`UserRegistryI A SECJ0136I:`
			`Custom Registry:com.IBM.ws.security.registry.nt.NTLocalDomainRegistryIm`
			`has been initialized`
			`SecurityCompo A SECJ0202A: Admin application initialized successfully`
			`SecurityCompo A SECJ0203A: Naming application initialized successfully`
			`SecurityCompo A SECJ0204A: Rolebased authorizer initialized successfully`
			`SecurityCompo A SECJ0205A: Security Admin mBean registered successfully`
			`SecurityCompo A SECJ0243A: Security service started successfully`
			`SecurityCompo A SECJ0210A: Security enabled true`
			`</pre>`
			`<p><strong>Is there a stack trace or exception printed in the SystemOut.log?</strong> <br>`
			`The stack trace will log any code incorrectly initialized, failing components,`
			`and the failing class. </p>`
			`<p><strong>Is this a distributed security problem or a local security problem?</strong></p>`
			`<ul>`
			`<li>`
			`<p>If the problem is local, the code involved does not make a remote`
			`method invocation, then troubleshooting is isolated to a single process.`
			`It is important to know when a problem is local or distributed since`
			`the behavior of the Object Request Broker (ORB), among other components,`
			`is different between the two.</p>`
			`</li>`
			`<li>`
			`<p>Once a remote method invocation takes place, a different security`
			`code path is entered. When you know the problem involves two or more`
			`servers, check the log files of all servers involved. If possible,`
			`make sure the timestamps on all machines match as closely as possible`
			`to identify request and reply pairs from two different processes easier.</p>`
			`</li>`
			`</ul>`
			`<p><strong>Is the problem related to authentication or authorization?</strong> <br>`
			`Most security problems fall under one of these two categories. Authentication`
			`is the process of determining who the caller is. Authorization is the`
			`process of validating that the caller has the proper authority to invoke`
			`the requested method. When authentications fails, typically this is related`
			`to either the authentication protocol, authentication mechanism, or user`
			`registry. When authorization fails, this is usually related to the application`
			`bindings from assembly or deployment and to the identity of the caller`
			`who is accessing the method and the roles required by the method. </p>`
			`<p><STRONG>Does the problem seem to be related SSL?</STRONG> <br>`
			`The Secure Socket Layer (SSL) is a separate layer of security. Troubleshooting`
			`SSL is differant than troubleshooting authentication and authorization`
			`problems. SSL errors are often caused by incorrect configurations. Each`
			`keystore used by a client must contain the certificate of the Certificate`
			`Authority (CA) that signed the certificate used by the server. During`
			`mutal authentication, the server requires the client to present a cerfticate`
			`for authorization. Each server keystore must contain the certificate`
			`of the CA that signed the certificate presented by the client. Another`
			`common error are configurations where the client and the server do not`
			`have common configured SSL cipher suites.</p>`
			`<p><strong>Is the problem related to Java 2 Security? </strong> <br>`
			`If Java 2 Security is enabled, deployers and administrators are required`
			`to make sure that all applications are granted required permissions,`
			`otherwise, applications may fail to run.</p>`
			`</li>`
			`<li>Read the release notes. See <a href="http://www-1.ibm.com/servers/eserver/iseries/software/websphere/wsappserver/express/docs/relnotesexp50.html" target="_new">WebSphere`
			`Application Server - Express Release Notes</a> <img src="www.gif" width="18" height="15" alt="Link outside Information Center" border="0"> for`
			`more information.</li>`
			`</ul>`
			`</body>`
			`</html>`