• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

urgent help needed : WebSPhere security problems

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

We use WebSphere 4.0.6 security (Form based authentication) for authenticating users against LDAP servers. We have only one role in our application "Auth Role" which is mapped to "All Authenticated Users" built in group. While deploying the application, we mapped "Auth Role" to "All Authenticated Users" built in group. However, when we tried to login with valid user id /password I am getting a 403 Forbidden page and the log file shows this error :

[12/5/04 2:28:01:183 MST] 4047b7bb WebCollaborat A SECJ0129A: Authorization failed for psudhakar while invoking GET on default_host:/services/iibv/welcome.wss, Authorization failed, Not granted any of the required roles: Auth Role

The same setup works in our dev and test environment but not in production. I am really stuck with this problem and any help is greatly appreciated.

Thank You.
 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sudha,
I think the only way to figure the problem out for sure is to do a detailed compare on test vs. production configuration, but on the face of it, it sounds suspiciously like a problem we had recently.
LDAP had the right person in the right group & the right permissions asigned to the group, but WebSphere didn't recognise the person as belonging to the group.
If you think this might be your problem too, try setting up the permissions in application.xml for individual users rather than groups. If this fixes it, then you should go into the 'Advanced LDAP Settings" in the admin cnosole & play around with the values of "Group Member ID Map". "group:member; memberof:member" works for us, but I think it depends what implementation of LDAP you're using (ours is Active Directory).

Good luck!
Louise
 
Have you no shame? Have you no decency? Have you no tiny ad?
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic