IBM BS029ML Self Help Guide - Page 123
Tools for troubleshooting security problems, Access Control PAC related issues.
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 123 highlights
When the traces are enabled statically, the trace specification should be shown at the top of the log: [8/2/07 11:51:32:609 EDT] 0000000a ManagerAdmin I TRAS0017I: The startup trace state is *=info:com.ibm.ws.wmm.*=all:com.ibm.websphere.wmm.*=all:WSMM=all:com.ibm.ws.securi ty.*=all:com.ibm.wps.engine.commands.*=all:com.ibm.wps.puma.*=all:com.ibm.wps.serv ices.puma.*=all:com.ibm.wps.services.authentication.*=all:com.ibm.wps.sso.*=all. When the traces are enabled dynamically, there should be a line like the following: [8/21/07 9:39:14:656 EDT] 00000046 ManagerAdmin I TRAS0018I: The trace state has changed. The new trace state is *=info:com.ibm.ws.wmm.*=all:com.ibm.websphere.wmm.*=all:WSMM=all:com.ibm.wps.ac.*= all. Tip: The traces enabled statically can also be disabled at runtime using the admin console or the Enable Tracing portlet. 4.3.3 Tools for troubleshooting security problems WebSphere Portal is a complex product set. To administer a site based on Portal, we assume administrators are equipped with basic LDAP knowledge: Understanding the basic LDAP directory structure. Being able to use LDAP tools, such as ldapsearch or LDAP browser, to verify user and groups, and to generate the output of a subtree, a user, or a group in LDAP Data Interchange Format (LDIF). Understanding the meaning and implication of the common LDAP server return codes, or at least being able to search them on the internet, such as: - 4 - Sizelimit exceeded - 10 - Referral - 6 - No such attribute - 32 - No such object - 49 - Invalid credentials - 50 - Insufficient access rights - 53 - Unwilling to perform. XMLaccess is a configuration and deployment tool provided only in WebSphere Portal. Under certain circumstances, we recommend a full export using XMLaccess, especially for Portal Access Control (PAC) related issues. To debug single sign-on or session related problems, we frequently refer to the HTTP header and cookie information. LiveHttpHeaders is a Firefox extension. It shows detailed data of what comes into the browser and what goes out. The data captured by the tool would give us a lot of debugging information about clients, cookies, protocols, URLs, and so on. Chapter 4. WebSphere Portal security 109