互联网服务中间件
在使用LtpaToken做认证的时候服务器报错
ffdc的代码
------Start of DE processing------ = [10-1-11 13:01:27:021 CST] , key = com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.web.WebAuthenticator.validate 1675
Exception = com.ibm.websphere.security.auth.WSLoginFailedException
Source = com.ibm.ws.security.web.WebAuthenticator.validate
probeid = 1675
Stack Dump = com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
at com.ibm.ws.security.ltpa.LTPAServerObject.validateToken(LTPAServerObject.java:942)
at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:592)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:289)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:2960)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:2737)
at com.ibm.ws.security.web.WebAuthenticator.validate(WebAuthenticator.java:1640)
at com.ibm.ws.security.web.WebAuthenticator.validateCookie(WebAuthenticator.java:599)
at com.ibm.ws.security.web.WebAuthenticator.handleSSO(WebAuthenticator.java:520)
at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:1435)
at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:1373)
at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:670)
at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:318)
at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecurityCollaborator.java:141)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:486)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:751)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
Dump of callerThis =
Object type = com.ibm.ws.security.web.WebAuthenticator
[email=com.ibm.ws.security.web.WebAuthenticator@52805280]com.ibm.ws.security.web.WebAuthenticator@52805280[/email]
==> Performing default dump from com.ibm.ws.security.core.SecurityDM = Mon Jan 11 13:01:27 CST 2010
SecurityConfig property values:
{security.activeUserRegistry.realm=ldapr.sh.unicom.local:389, ${APP_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps, node.short.name=null, com.ibm.ws.security.webInboundPropagationEnabled=false, com.ibm.websphere.security.util.postParamSaveMethod=0, security.authMechOID=oid:1.3.18.0.2.30.2, security.authMechSimpAuthAlias=system.DEFAULT, webcontainer.transports=[9045, 9444, 9355, 5063, 7288, 5580], com.ibm.websphere.gss.cred.propagation=false, security.use.localos.userregistry=false, security.authMechContextImpl=com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl, security.serverId=, com.ibm.ws.security.isUseRegistryServerId=false, security.callbackHandlerClass=com.ibm.ws.security.auth.callback.WSCallbackHandler, ${WAS_PROPS_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties, security.ltpa.sso.enabled=true, cell.short.name=null, com.ibm.websphere.security.auth.j2c.cacheReadOnlyAuthDataSubjects=false, security.allowCustomHTTPMethods=false, com.ibm.websphere.security.auth.j2c.readOnlyAuthDataSubjectCacheSize=50, security.java2security=false, process.jmxConnectorProps={java.naming.provider.url=corbaloc:iiop:was03:2811/WsnAdminNameService, port=8882, requestTimeout=600, type=SOAP, host=was03, isInternal=true}, com.ibm.ws.security.webInboundLoginConfig=system.WEB_INBOUND, security.useLocalSecurityServer=true, security.ltpa.sso.ssl=false, com.ibm.websphere.security.expandX500ExtendedAttribute=false, com.ibm.ws.security.createTokenSubjectForAsynchLogin=false, cell.security.enabled=true, com.ibm.wsspi.security.token.authenticationTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory, com.ibm.websphere.security.InvokeTAIbeforeSSO=, com.ibm.wsspi.security.web.failOverToBasicAuth=false, com.ibm.ws.security.addHttpOnlyAttributeToCookies=false, com.ibm.CSI.rmiInboundMappingEnabled=false, security.registry.IgnoreCase=true, process.hostName=was03.sh.unicom.local, security.securityServerName=SecurityServer, security.activeUserRegistryType=LDAP, com.ibm.ws.security.ltpa.forceSoftwareJCEProviderForLTPA=false, com.ibm.audit.auditSpecification=J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled, com.ibm.websphere.security.util.postParamMaxCookieSize=16384, com.ibm.websphere.security.krb.canonical_host=false, com.ibm.ws.security.processType=ManagedProcess, com.ibm.wsspi.security.audit.auditServiceProvider=DEFAULT=com.ibm.ws.security.audit.defaultAuditServiceProviderImpl, com.ibm.ws.security.propagationExcludeList=, ${USER_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01, com.ibm.websphere.security.util.fullyQualifiedURL=false, com.ibm.CSI.propagateFirstCallerOnly=false, ${WAS_ETC_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc, security.enabled=true, security.FullyQualifiedUserName=false, host.virtualhosts={default_host=[9080, 80, 9443, 5060, 5061, 443, 9081, 9082], admin_host=[9060, 9043], proxy_host=[80, 443]}, com.ibm.ws.security.assertLDAPShortName=false, server.security.enabled=true, com.ibm.websphere.ltpa.PrivateKey=null, security.useDefaultPolicyWhenJ2SDisabled=false, security.ltpa.setSSODomain=true, com.ibm.audit.auditPolicy=REQUIRED, com.ibm.websphere.security.registry.maxPasswordSize=256, com.ibm.wsspi.security.token.ltpaToken2Cipher=AES/CBC/PKCS5Padding, security.callbackHandlerFactoryClass=com.ibm.ws.security.auth.callback.WSCallbackHandlerFactoryImpl, com.ibm.wsspi.security.token.authorizationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, security.CacheCushionMax=10, com.ibm.CSI.rmiInboundPropagationEnabled=true, security.ltpa.password=XXXXXX, com.ibm.ws.security.defaultLoginConfig=system.DEFAULT, security.authMechValidateAlias=system.DEFAULT, com.ibm.CSI.rmiOutboundLoginEnabled=false, com.ibm.wsspi.security.ltpa.tokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory|com.ibm.ws.security.ltpa.LTPAToken2Factory|com.ibm.ws.security.ltpa.AuthzPropTokenFactory, security.mappingCallbackHandlerFactoryClass=com.ibm.ws.security.auth.callback.WSMappingCallbackHandlerFactoryImpl, com.ibm.CSI.rmiOutboundPropagationEnabled=true, security.ltpa.expirydate=120, security.primaryAdminId=uid=wpsbind,cn=apps,dc=sh,dc=unicom, com.ibm.audit.auditServiceEnabled=false, com.ibm.wsspi.security.token.defaultTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory, security.registry.ldap.props={security.registry.ldap.searchTimeLimit=120, java.naming.security.credentials=XXXXXX, LDAP.server.pwd=XXXXXX, com.ibm.ssl.remotePort=389, com.ibm.ssl.remoteHost=ldapr.sh.unicom.local, groupmember.idmap=ibm-allGroups:member;ibm-allGroups:uniqueMember, user.filter=(&(uid=%v)(|(objectclass=ePerson)(objectclass=Person))), java.naming.security.principal=uid=wpsbind,cn=apps,dc=sh,dc=unicom, group.idmap=*:cn, security.registry.ldap.reuseConn=true, group.filter=(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))), dirType=custom, user.idmap=*:uid, ldap.basedn=dc=unicom, LDAP.server.id=, LDAP.server.realm=ldapr.sh.unicom.local:389, CustUserRegImplClass=com.ibm.ws.security.registry.ldap.LdapRegistryImpl, java.naming.provider.url=ldap://ldapr.sh.unicom.local:389, certificate.map.mode=exactDNMode}, com.ibm.websphere.security.performTAIForUnprotectedURI=true, com.ibm.ws.security.zOS.useSAFidForTransaction=false, security.toplevel.properties={com.ibm.wsspi.security.audit.auditServiceProvider=DEFAULT=com.ibm.ws.security.audit.defaultAuditServiceProviderImpl, com.ibm.CSI.supportedTargetRealms=, com.ibm.CSI.rmiOutboundLoginEnabled=false, com.ibm.ws.security.defaultLoginConfig=system.DEFAULT, com.ibm.wsspi.security.token.propagationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.CSI.rmiInboundLoginConfig=system.RMI_INBOUND, com.ibm.ws.security.webInboundLoginConfig=system.WEB_INBOUND, com.ibm.ws.security.ssoInteropModeEnabled=true, com.ibm.CSI.rmiOutboundLoginConfig=system.RMI_OUTBOUND, com.ibm.wsspi.security.token.authorizationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.websphere.security.audit.auditEventFactory=J2EE=com.ibm.ws.security.audit.defaultAuditEventFactoryImpl, com.ibm.audit.auditServiceEnabled=false, com.ibm.security.useFIPS=false, com.ibm.CSI.rmiOutboundPropagationEnabled=true, com.ibm.audit.auditPolicy=REQUIRED, com.ibm.audit.auditSpecification=J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled, security.enablePluggableAuthentication=true, com.ibm.ws.security.webChallengeIfCustomSubjectNotFound=true, com.ibm.ws.security.webInboundPropagationEnabled=false, com.ibm.CSI.rmiInboundPropagationEnabled=true, com.ibm.wsspi.security.ltpa.tokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory|com.ibm.ws.security.ltpa.LTPAToken2Factory|com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.audit.auditQueueSize=5000, com.ibm.websphere.security.DeferTAItoSSO=com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl, com.ibm.wsspi.security.token.singleSignonTokenFactory=com.ibm.ws.security.ltpa.LTPAToken2Factory, com.ibm.wsspi.security.token.authenticationTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory}, cellname=was03Cell01, com.ibm.ws.security.spnego.useHttpFilterClass2=false, nodename=was03Node01, com.ibm.CSI.rmiInboundLoginConfig=system.RMI_INBOUND, shortservername=OtherServer1, security.authMechForwardCred=true, security.serverPasswd=XXXXXX, security.activeUserRegistry.props={security.registry.ldap.searchTimeLimit=120, java.naming.security.credentials=XXXXXX, LDAP.server.pwd=XXXXXX, com.ibm.ssl.remotePort=389, com.ibm.ssl.remoteHost=ldapr.sh.unicom.local, groupmember.idmap=ibm-allGroups:member;ibm-allGroups:uniqueMember, user.filter=(&(uid=%v)(|(objectclass=ePerson)(objectclass=Person))), java.naming.security.principal=uid=wpsbind,cn=apps,dc=sh,dc=unicom, group.idmap=*:cn, security.registry.ldap.reuseConn=true, group.filter=(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))), dirType=custom, user.idmap=*:uid, ldap.basedn=dc=unicom, LDAP.server.id=, LDAP.server.realm=ldapr.sh.unicom.local:389, CustUserRegImplClass=com.ibm.ws.security.registry.ldap.LdapRegistryImpl, java.naming.provider.url=ldap://ldapr.sh.unicom.local:389, certificate.map.mode=exactDNMode}, security.registry.ldap.SSLEnabled=false, com.ibm.ws.security.webPropagationTransport=JMX, security.activeAuthMechanism=LTPA, com.ibm.websphere.ltpa.PublicKey=null, com.ibm.audit.auditQueueSize=5000, security.authMechAuthAlias=system.DEFAULT, security.ltpa.trustAssociationEnabled=false, com.ibm.CSI.rmiOutboundLoginConfig=system.RMI_OUTBOUND, security.enableAuthorizationAttributes=false, IBMJCE=IBMJCE, com.ibm.wsspi.security.web.webAuthReq=lazy, com.ibm.CSI.rmiOutboundMappingEnabled=false, com.ibm.websphere.security.registry.maxUseridSize=256, ${WAS_TEMP_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/temp, com.ibm.websphere.security.suppressExceptionStack=false, com.ibm.websphere.security.registry.propagateExceptionsToClient=false, com.ibm.CSI.disablePropagationCallerList=false, security.CacheTimeout=600, security.ltpa.sso.domain=.sh.unicom.local, ltpakeysetgroupname=CellLTPAKeySetGroup, com.ibm.websphere.security.allowAnyLogoutExitPageHost=false, com.ibm.ws.security.webChallengeIfCustomSubjectNotFound=true, com.ibm.ws.security.web.logoutOnHTTPSessionExpire=false, security.activeAuthMechanism.OID=oid:1.3.18.0.2.30.2, process.serverName=was03Cell01:was03Node01:OtherServer1, com.ibm.CSI.authenticateSpecialMethods=false, security.enablePluggableAuthentication=true, com.ibm.wsspi.security.token.propagationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.CSI.neverUseClientCertificateForCallerLogin=false, security.issuePermissionWarning=false, com.ibm.security.useFIPS=false, ${WAS_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer, com.ibm.websphere.ltpa.3DESKey=null, com.ibm.websphere.security.krb.support_ltpa=true, security.CacheCushionMin=3, com.ibm.wsspi.security.token.singleSignonTokenFactory=com.ibm.ws.security.ltpa.LTPAToken2Factory, com.ibm.websphere.security.audit.auditEventFactory=J2EE=com.ibm.ws.security.audit.defaultAuditEventFactoryImpl, server.short.name=null, com.ibm.ws.security.includeRunAsChangesInCallerList=false, com.ibm.ws.security.internalServerId=server:was03Cell01_was03Node01_OtherServer1, com.ibm.ws.security.ssoInteropModeEnabled=true, security.enforceFineGrainedJCASecurity=false} = com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultsecurityconfig] obtained. =
The dynamic JAAS login configuration is:
com.ibm.ws.security.auth.login.Configuration: Dumping JAAS Configuration
JAAS file configuration data:
system.WSS_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule LoginModuleControlFlag:required ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
use_appcontext_callback="false"
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false" ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.RMI_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.DEFAULT {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
JAASClient {
com.ibm.security.auth.module.Krb5LoginModule LoginModuleControlFlag:required
forwardable="true"
noAddress="true"
useDefaultCcache="false"
credsType="both"
tryFirstPass="true" ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.WEB_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.RMI_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
JAAS WCCM configuration data:
system.WSS_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule LoginModuleControlFlag:required ;
};
system.LTPA_WEB {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.web.AuthenLoginModule" ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
use_appcontext_callback="false"
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false" ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.RMI_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule LoginModuleControlFlag:required ;
};
ClientContainer {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule LoginModuleControlFlag:required ;
};
system.DEFAULT {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.WEB_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.RMI_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule LoginModuleControlFlag:required ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
= com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultjaasconfig] obtained. =
==> Dump complete for com.ibm.ws.security.core.SecurityDM = Mon Jan 11 13:01:27 CST 2010
------Start of DE processing------ = [10-1-11 13:01:27:021 CST] , key = com.ibm.websphere.security.auth.WSLoginFailedException com.ibm.ws.security.web.WebAuthenticator.validate 1675
Exception = com.ibm.websphere.security.auth.WSLoginFailedException
Source = com.ibm.ws.security.web.WebAuthenticator.validate
probeid = 1675
Stack Dump = com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
at com.ibm.ws.security.ltpa.LTPAServerObject.validateToken(LTPAServerObject.java:942)
at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:592)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:289)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:2960)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:2737)
at com.ibm.ws.security.web.WebAuthenticator.validate(WebAuthenticator.java:1640)
at com.ibm.ws.security.web.WebAuthenticator.validateCookie(WebAuthenticator.java:599)
at com.ibm.ws.security.web.WebAuthenticator.handleSSO(WebAuthenticator.java:520)
at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:1435)
at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:1373)
at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:670)
at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:318)
at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecurityCollaborator.java:141)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:486)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:751)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
Dump of callerThis =
Object type = com.ibm.ws.security.web.WebAuthenticator
[email=com.ibm.ws.security.web.WebAuthenticator@52805280]com.ibm.ws.security.web.WebAuthenticator@52805280[/email]
==> Performing default dump from com.ibm.ws.security.core.SecurityDM = Mon Jan 11 13:01:27 CST 2010
SecurityConfig property values:
{security.activeUserRegistry.realm=ldapr.sh.unicom.local:389, ${APP_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps, node.short.name=null, com.ibm.ws.security.webInboundPropagationEnabled=false, com.ibm.websphere.security.util.postParamSaveMethod=0, security.authMechOID=oid:1.3.18.0.2.30.2, security.authMechSimpAuthAlias=system.DEFAULT, webcontainer.transports=[9045, 9444, 9355, 5063, 7288, 5580], com.ibm.websphere.gss.cred.propagation=false, security.use.localos.userregistry=false, security.authMechContextImpl=com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl, security.serverId=, com.ibm.ws.security.isUseRegistryServerId=false, security.callbackHandlerClass=com.ibm.ws.security.auth.callback.WSCallbackHandler, ${WAS_PROPS_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties, security.ltpa.sso.enabled=true, cell.short.name=null, com.ibm.websphere.security.auth.j2c.cacheReadOnlyAuthDataSubjects=false, security.allowCustomHTTPMethods=false, com.ibm.websphere.security.auth.j2c.readOnlyAuthDataSubjectCacheSize=50, security.java2security=false, process.jmxConnectorProps={java.naming.provider.url=corbaloc:iiop:was03:2811/WsnAdminNameService, port=8882, requestTimeout=600, type=SOAP, host=was03, isInternal=true}, com.ibm.ws.security.webInboundLoginConfig=system.WEB_INBOUND, security.useLocalSecurityServer=true, security.ltpa.sso.ssl=false, com.ibm.websphere.security.expandX500ExtendedAttribute=false, com.ibm.ws.security.createTokenSubjectForAsynchLogin=false, cell.security.enabled=true, com.ibm.wsspi.security.token.authenticationTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory, com.ibm.websphere.security.InvokeTAIbeforeSSO=, com.ibm.wsspi.security.web.failOverToBasicAuth=false, com.ibm.ws.security.addHttpOnlyAttributeToCookies=false, com.ibm.CSI.rmiInboundMappingEnabled=false, security.registry.IgnoreCase=true, process.hostName=was03.sh.unicom.local, security.securityServerName=SecurityServer, security.activeUserRegistryType=LDAP, com.ibm.ws.security.ltpa.forceSoftwareJCEProviderForLTPA=false, com.ibm.audit.auditSpecification=J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled, com.ibm.websphere.security.util.postParamMaxCookieSize=16384, com.ibm.websphere.security.krb.canonical_host=false, com.ibm.ws.security.processType=ManagedProcess, com.ibm.wsspi.security.audit.auditServiceProvider=DEFAULT=com.ibm.ws.security.audit.defaultAuditServiceProviderImpl, com.ibm.ws.security.propagationExcludeList=, ${USER_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01, com.ibm.websphere.security.util.fullyQualifiedURL=false, com.ibm.CSI.propagateFirstCallerOnly=false, ${WAS_ETC_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc, security.enabled=true, security.FullyQualifiedUserName=false, host.virtualhosts={default_host=[9080, 80, 9443, 5060, 5061, 443, 9081, 9082], admin_host=[9060, 9043], proxy_host=[80, 443]}, com.ibm.ws.security.assertLDAPShortName=false, server.security.enabled=true, com.ibm.websphere.ltpa.PrivateKey=null, security.useDefaultPolicyWhenJ2SDisabled=false, security.ltpa.setSSODomain=true, com.ibm.audit.auditPolicy=REQUIRED, com.ibm.websphere.security.registry.maxPasswordSize=256, com.ibm.wsspi.security.token.ltpaToken2Cipher=AES/CBC/PKCS5Padding, security.callbackHandlerFactoryClass=com.ibm.ws.security.auth.callback.WSCallbackHandlerFactoryImpl, com.ibm.wsspi.security.token.authorizationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, security.CacheCushionMax=10, com.ibm.CSI.rmiInboundPropagationEnabled=true, security.ltpa.password=XXXXXX, com.ibm.ws.security.defaultLoginConfig=system.DEFAULT, security.authMechValidateAlias=system.DEFAULT, com.ibm.CSI.rmiOutboundLoginEnabled=false, com.ibm.wsspi.security.ltpa.tokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory|com.ibm.ws.security.ltpa.LTPAToken2Factory|com.ibm.ws.security.ltpa.AuthzPropTokenFactory, security.mappingCallbackHandlerFactoryClass=com.ibm.ws.security.auth.callback.WSMappingCallbackHandlerFactoryImpl, com.ibm.CSI.rmiOutboundPropagationEnabled=true, security.ltpa.expirydate=120, security.primaryAdminId=uid=wpsbind,cn=apps,dc=sh,dc=unicom, com.ibm.audit.auditServiceEnabled=false, com.ibm.wsspi.security.token.defaultTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory, security.registry.ldap.props={security.registry.ldap.searchTimeLimit=120, java.naming.security.credentials=XXXXXX, LDAP.server.pwd=XXXXXX, com.ibm.ssl.remotePort=389, com.ibm.ssl.remoteHost=ldapr.sh.unicom.local, groupmember.idmap=ibm-allGroups:member;ibm-allGroups:uniqueMember, user.filter=(&(uid=%v)(|(objectclass=ePerson)(objectclass=Person))), java.naming.security.principal=uid=wpsbind,cn=apps,dc=sh,dc=unicom, group.idmap=*:cn, security.registry.ldap.reuseConn=true, group.filter=(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))), dirType=custom, user.idmap=*:uid, ldap.basedn=dc=unicom, LDAP.server.id=, LDAP.server.realm=ldapr.sh.unicom.local:389, CustUserRegImplClass=com.ibm.ws.security.registry.ldap.LdapRegistryImpl, java.naming.provider.url=ldap://ldapr.sh.unicom.local:389, certificate.map.mode=exactDNMode}, com.ibm.websphere.security.performTAIForUnprotectedURI=true, com.ibm.ws.security.zOS.useSAFidForTransaction=false, security.toplevel.properties={com.ibm.wsspi.security.audit.auditServiceProvider=DEFAULT=com.ibm.ws.security.audit.defaultAuditServiceProviderImpl, com.ibm.CSI.supportedTargetRealms=, com.ibm.CSI.rmiOutboundLoginEnabled=false, com.ibm.ws.security.defaultLoginConfig=system.DEFAULT, com.ibm.wsspi.security.token.propagationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.CSI.rmiInboundLoginConfig=system.RMI_INBOUND, com.ibm.ws.security.webInboundLoginConfig=system.WEB_INBOUND, com.ibm.ws.security.ssoInteropModeEnabled=true, com.ibm.CSI.rmiOutboundLoginConfig=system.RMI_OUTBOUND, com.ibm.wsspi.security.token.authorizationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.websphere.security.audit.auditEventFactory=J2EE=com.ibm.ws.security.audit.defaultAuditEventFactoryImpl, com.ibm.audit.auditServiceEnabled=false, com.ibm.security.useFIPS=false, com.ibm.CSI.rmiOutboundPropagationEnabled=true, com.ibm.audit.auditPolicy=REQUIRED, com.ibm.audit.auditSpecification=J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled, security.enablePluggableAuthentication=true, com.ibm.ws.security.webChallengeIfCustomSubjectNotFound=true, com.ibm.ws.security.webInboundPropagationEnabled=false, com.ibm.CSI.rmiInboundPropagationEnabled=true, com.ibm.wsspi.security.ltpa.tokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory|com.ibm.ws.security.ltpa.LTPAToken2Factory|com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.audit.auditQueueSize=5000, com.ibm.websphere.security.DeferTAItoSSO=com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl, com.ibm.wsspi.security.token.singleSignonTokenFactory=com.ibm.ws.security.ltpa.LTPAToken2Factory, com.ibm.wsspi.security.token.authenticationTokenFactory=com.ibm.ws.security.ltpa.LTPATokenFactory}, cellname=was03Cell01, com.ibm.ws.security.spnego.useHttpFilterClass2=false, nodename=was03Node01, com.ibm.CSI.rmiInboundLoginConfig=system.RMI_INBOUND, shortservername=OtherServer1, security.authMechForwardCred=true, security.serverPasswd=XXXXXX, security.activeUserRegistry.props={security.registry.ldap.searchTimeLimit=120, java.naming.security.credentials=XXXXXX, LDAP.server.pwd=XXXXXX, com.ibm.ssl.remotePort=389, com.ibm.ssl.remoteHost=ldapr.sh.unicom.local, groupmember.idmap=ibm-allGroups:member;ibm-allGroups:uniqueMember, user.filter=(&(uid=%v)(|(objectclass=ePerson)(objectclass=Person))), java.naming.security.principal=uid=wpsbind,cn=apps,dc=sh,dc=unicom, group.idmap=*:cn, security.registry.ldap.reuseConn=true, group.filter=(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))), dirType=custom, user.idmap=*:uid, ldap.basedn=dc=unicom, LDAP.server.id=, LDAP.server.realm=ldapr.sh.unicom.local:389, CustUserRegImplClass=com.ibm.ws.security.registry.ldap.LdapRegistryImpl, java.naming.provider.url=ldap://ldapr.sh.unicom.local:389, certificate.map.mode=exactDNMode}, security.registry.ldap.SSLEnabled=false, com.ibm.ws.security.webPropagationTransport=JMX, security.activeAuthMechanism=LTPA, com.ibm.websphere.ltpa.PublicKey=null, com.ibm.audit.auditQueueSize=5000, security.authMechAuthAlias=system.DEFAULT, security.ltpa.trustAssociationEnabled=false, com.ibm.CSI.rmiOutboundLoginConfig=system.RMI_OUTBOUND, security.enableAuthorizationAttributes=false, IBMJCE=IBMJCE, com.ibm.wsspi.security.web.webAuthReq=lazy, com.ibm.CSI.rmiOutboundMappingEnabled=false, com.ibm.websphere.security.registry.maxUseridSize=256, ${WAS_TEMP_DIR}=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/temp, com.ibm.websphere.security.suppressExceptionStack=false, com.ibm.websphere.security.registry.propagateExceptionsToClient=false, com.ibm.CSI.disablePropagationCallerList=false, security.CacheTimeout=600, security.ltpa.sso.domain=.sh.unicom.local, ltpakeysetgroupname=CellLTPAKeySetGroup, com.ibm.websphere.security.allowAnyLogoutExitPageHost=false, com.ibm.ws.security.webChallengeIfCustomSubjectNotFound=true, com.ibm.ws.security.web.logoutOnHTTPSessionExpire=false, security.activeAuthMechanism.OID=oid:1.3.18.0.2.30.2, process.serverName=was03Cell01:was03Node01:OtherServer1, com.ibm.CSI.authenticateSpecialMethods=false, security.enablePluggableAuthentication=true, com.ibm.wsspi.security.token.propagationTokenFactory=com.ibm.ws.security.ltpa.AuthzPropTokenFactory, com.ibm.CSI.neverUseClientCertificateForCallerLogin=false, security.issuePermissionWarning=false, com.ibm.security.useFIPS=false, ${WAS_INSTALL_ROOT}=/opt/IBM/WebSphere/AppServer, com.ibm.websphere.ltpa.3DESKey=null, com.ibm.websphere.security.krb.support_ltpa=true, security.CacheCushionMin=3, com.ibm.wsspi.security.token.singleSignonTokenFactory=com.ibm.ws.security.ltpa.LTPAToken2Factory, com.ibm.websphere.security.audit.auditEventFactory=J2EE=com.ibm.ws.security.audit.defaultAuditEventFactoryImpl, server.short.name=null, com.ibm.ws.security.includeRunAsChangesInCallerList=false, com.ibm.ws.security.internalServerId=server:was03Cell01_was03Node01_OtherServer1, com.ibm.ws.security.ssoInteropModeEnabled=true, security.enforceFineGrainedJCASecurity=false} = com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultsecurityconfig] obtained. =
The dynamic JAAS login configuration is:
com.ibm.ws.security.auth.login.Configuration: Dumping JAAS Configuration
JAAS file configuration data:
system.WSS_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule LoginModuleControlFlag:required ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
use_appcontext_callback="false"
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false" ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.RMI_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.DEFAULT {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
JAASClient {
com.ibm.security.auth.module.Krb5LoginModule LoginModuleControlFlag:required
forwardable="true"
noAddress="true"
useDefaultCcache="false"
credsType="both"
tryFirstPass="true" ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.WEB_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.RMI_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
JAAS WCCM configuration data:
system.WSS_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule LoginModuleControlFlag:required ;
};
system.LTPA_WEB {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.web.AuthenLoginModule" ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
use_appcontext_callback="false"
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false" ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.RMI_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule LoginModuleControlFlag:required ;
};
ClientContainer {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule LoginModuleControlFlag:required ;
};
system.DEFAULT {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule LoginModuleControlFlag:required ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.WEB_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.RMI_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule LoginModuleControlFlag:required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule LoginModuleControlFlag:required ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule LoginModuleControlFlag:required ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy LoginModuleControlFlag:required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
= com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.
+Data for directive [defaultjaasconfig] obtained. =
==> Dump complete for com.ibm.ws.security.core.SecurityDM = Mon Jan 11 13:01:27 CST 2010
2同行回答
非常感谢,ziying查到的我实际已经查到过,只是最后IBM_CS_SS_SECURE_TOKEN=false这个参数没有设置,我现在设上后确实可以了,谢谢ziying收起
浏览1715
http://www.ibm.com/developerwork ... spa?threadID=167659
1) stop all websphere app servers and node agents in the cell
2) turn off administrative security in the cell (via the deployment manager)
3) restart the DM
4) perform a manual sync of all nodes (syncNode.bat)
5) turn on administrative security in the cell (via the deployment manager)
6) restart the DM
7) perform a manual sync of all nodes (syncNode.bat)
8) start node agents in the cell
9) start the websphere app servers
----------------------------------------------------
setting the following "custom property" of the core group:
IBM_CS_SS_SECURE_TOKEN=false
看看这个是否有帮助.收起
1) stop all websphere app servers and node agents in the cell
2) turn off administrative security in the cell (via the deployment manager)
3) restart the DM
4) perform a manual sync of all nodes (syncNode.bat)
5) turn on administrative security in the cell (via the deployment manager)
6) restart the DM
7) perform a manual sync of all nodes (syncNode.bat)
8) start node agents in the cell
9) start the websphere app servers
----------------------------------------------------
setting the following "custom property" of the core group:
IBM_CS_SS_SECURE_TOKEN=false
看看这个是否有帮助.收起
浏览1204