WebSphere with OAM 10g: WAS LPTA Initialization Fails When OAM Connector Uses HTTPS Connection To WebPass (Doc ID 1369638.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4.3.0 and later   [Release: No Release Description and later ]
Information in this document applies to any platform.

Symptoms

WebSphere 6.1 is being integrated with Oracle Access Manager (OAM) 10g.

After integration, WebSphere Application Server (WAS) LPTA initialization fails with the following error in the SystemOut.log:

[8/11/11 18:49:44:034 SGT] 0000001f SessionListen I SessionListener sessionCreated(HttpSessionEvent event) session with session ID=hbHXU7s0b1CQu0uCQLcFpw5getting created
[8/11/11 18:49:52:940 SGT] 0000001e UserRegistryI E SECJ0363E: Cannot create credential for the user wasadmin because of the following exception com.ibm.websphere.security.CustomRegistryException: wasadmin
at com.oblix.registry.NetPointWASRegistry.getUniqueUserId(NetPointWASRegistry.java:241)
at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:750)
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:776)
at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:453)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:246)
......

....
[8/11/11 18:52:04:030 SGT] 00000020 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is wasadmin.
[8/11/11 18:52:04:062 SGT] 00000020 FormLoginExte E SECJ0118E: Authentication error during authentication for user wasadmin

The OAM Connector for WebSphere log file shows errors "SCE002 : Error making SOAP request" and "NRD015 : Return value of NetPointRegistry: realGetUserDisplayName null":


Thu Aug 11 18:49:21 SGT 2011: NetPointRegistry: getUniqueUserId : wasadmin
Thu Aug 11 18:49:21 SGT 2011: NetPointRegistry: getUserDisplayName : wasadmin
Thu Aug 11 18:49:21 SGT 2011: NetPointRegistry: realGetUserDisplayName : wasadmin

Thu Aug 11 18:49:21 SGT 2011: SCD012 : Soap Request : <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic"><oblix:login>wasadmin</oblix:login><oblix:password>wasadmin</oblix:password><oblix:domain></oblix:domain></oblix:authentication><oblix:request application="userservcenter" function="search"><oblix:params><oblix:param name="tab_id">Employees</oblix:param><oblix:param name="STy1">uid</oblix:param><oblix:param name="SLk1">OEM</oblix:param><oblix:param name="SSt1">wasadmin</oblix:param> <oblix:param name="attrName">uid</oblix:param> <oblix:param name="attrName">cn</oblix:param><oblix:param name="showAllResults">true</oblix:param></oblix:params></oblix:request> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

Thu Aug 11 18:49:22 SGT 2011: SCE002 : Error making SOAP request
Thu Aug 11 18:49:22 SGT 2011: NRD015 : Return value of NetPointRegistry: realGetUserDisplayName null


When RegistryTester utility is run to verify the OAM Connector for WAS configuration it produces the following error:

C:\NetPoint\NetPointWASRegistry\unsupported>registryTester.bat
NetPointWASRegistry Tester started...
Properties filename: C:\NetPoint\NetPointWASRegistry/oblix/config/NetPointWASReg
istry.properties
Please enter the Admin user name:
wasadmin
Please enter the Admin user password:
wasadmin
**************** IBMPKCS11 RSA
javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.ibm.jsse2.db.<init>(db.java:9)
at com.ibm.jsse2.fb.a(fb.java:37)
at com.ibm.jsse2.fb.a(fb.java:315)
at com.ibm.jsse2.eb.m(eb.java:17)
at com.ibm.jsse2.eb.a(eb.java:295)
at com.ibm.jsse2.pc.a(pc.java:214)
at com.ibm.jsse2.pc.g(pc.java:376)
at com.ibm.jsse2.pc.a(pc.java:573)
at com.ibm.jsse2.pc.startHandshake(pc.java:37)
at com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:32)
at com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:70)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1040)
at com.ibm.net.ssl.www2.protocol.https.a.getOutputStream(a.java:51)
at com.oblix.soapclient.OblixSoapClient.realdoRequest(OblixSoapClient.java:895)
at com.oblix.soapclient.OblixSoapClient.doRequest(OblixSoapClient.java:721)
at com.oblix.registry.NetPointRegistryHelper.realGetUserDisplayName(NetPointRegistryHelper.java:743)
at com.oblix.registry.NetPointRegistryHelper.getUserDisplayName(NetPointRegistryHelper.java:701)
at com.oblix.registry.NetPointWASRegistry.getUserDisplayName(NetPointWASRegistry.java:205)
at com.oblix.tools.registryTester.main(registryTester.java:74)
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.ibm.jsse2.db.<init>(db.java:62)
... 18 more


If the NetPointWASRegistry.properties file is modified to configure a non-SSL connection to OAM WebPass the problem does not reproduce.


Steps to reproduce

1. Install and configure the OAM Connector for WebSphere. Specify https (SSL) connection details for OAM WebPass.
2. Start WebSphere: LPTA initialization fails with error "Cannot create credential for the user wasadmin because of the following exception com.ibm.websphere.security.CustomRegistryException: wasadmin" in the log


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms