IBM BS029ML Self Help Guide - Page 147
Portal access control PAC, Security, Global security, JAAS Configuration, Application Logins
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 147 highlights
[8/17/07 16:45:23:294 EDT] 2934440 ServletInstan E SRVE0100E: Did not realize init() exception thrown by servlet portal: javax.servlet.UnavailableException: Initialization of one or more services failed. In this case, an expired client certificate caused the system to fail. If there is any message related to the SSL handshake, you need to check the client certificate created when the TAM runtime was configured on WebSphere Application Server. Enable traces on TAM In certain cases, it is desirable to enable the WebSEAL traces along with those in WebSphere Application Server and Portal. To enable the WebSEAL Web traces, run the following commands from the PDAdmin console: pdadmin> server task trace set pdweb.debug 9 file path=C:\temp\webseald.trace\pdweb.debug pdadmin> server task trace set pdweb.snoop 9 file path=C:\temp\webseald.trace\pdweb.snoop To disable these traces: run these commands: pdadmin> server task trace set pdweb.snoop 0 pdadmin> server task trace set pdweb.debug 0 If the problem is with authorization with TAM, we recommend adding a "debug=true" custom attribute to the PDLoginModule in the WebSphere Application Server administrative console (select Security → Global security → JAAS Configuration → Application Logins → Portal_Login → JAAS Login Modules → com.tivoli.mts.PDLoginModule → Custom properties and add debug as the name and true as the value). This will generate debug information to the SystemOut.log upon logging in similar to Example 4-22. Example 4-22 PDLoginModule debug output [5/26/07 14:46:02:346 EDT] 13de60b4 SystemOut com.tivoli.mts.PDLoginModule [5/26/07 14:46:02:346 EDT] 13de60b4 SystemOut loader [5/26/07 14:46:02:456 EDT] 13de60b4 SystemOut [5/26/07 14:46:02:687 EDT] 13de60b4 SystemOut PDPrincipal [5/26/07 14:46:02:697 EDT] 13de60b4 SystemOut PDCredential O delegate class name: O Using the current thread class O user_dn is null O [PDLoginModule]: added O [PDLoginModule]: added To reconfigure TAM configuration, do not simply disable security. The TAM settings have to be manually removed from the Portal configuration before trying to disable security. Portal access control (PAC) When debugging PAC related problems, check the following: Make sure that the user is indeed in the group (if permissions were assigned to groups). One simple test is to assign the user individually and see if that helps. Use the XMLAccess utility to generate an export of the object tree, and follow the tree to check that the roles are assigned. If rights should not be given and you cannot discover where they were set, check for the virtual principals of which all users are members. Chapter 4. WebSphere Portal security 133
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/147.png)