This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I used performLogin method in LoginHelper. Is there a timeout for credential? Say, I perform login. Do i need to do that again 5 hours later? The problem is that I got Credentials are inValid message. Here is the details: 10:08liujo Hi, we have an urgent problem with Websphere 4.0. 10:08liujo It throws "Credentials are invalid" error message. 10:08liujo This happens when our corba server, acting as the 10:08liujo client to the app server, has been connected to the 10:08liujo app server for a while (a day or two). Then all subsequent 10:08liujo calls to ejb functions are rejected. 10:09liujo Any idea why and how to fix the problem? 10:10liujo Let me add that 10:10liujo Even re-login fails to revalidate the credentials. 10:18liujo 10:18poppro yep 10:18liujo ctrl-g 10:19liujo xxx 10:19liujo I see 10:19poppro indicates that you have an urgent request and somebody should help you! 10:20poppro sorry I can't 10:20liujo got it 10:20liujo Please help with the above (long) question about credentials 10:22sunva I would assume we have IBM WS tech support... if nobody here can help... 10:23liujo I may have to do THAT if no one has an answer here 10:25poppro clarriad or colljos may help you 10:25poppro ;o) 10:37clarriad Hi 10:37clarriad I personally haven't seen that error before 10:37liujo hi 10:38clarriad Has this occured only once or is it a reproducable problem? 10:38liujo It is re-produceable 10:38liujo The error message is very long and suggesting: 10:39liujo it suggest SSL connection, sas.client.props 10:39liujo and sas.server.props 10:40liujo I am wondering if there is a " never expire" setting somewhere 10:42clarriad If you can't re-login again then it sounds more fundamental than it just expiring 10:42colljos Hi - please can you clarify the following: 10:44colljos Is the "credentials invalid" message associated with SSL or an authenticated user request to an EJB ? 10:45colljos Is your CORBA Server using SAS with programmatic login to originally authenticate user ? 10:46liujo I am not sure how the SSL is setup 10:46colljos I'm trying to understand if you have an Application or Infrastructure (WebSphere security) problem 10:46liujo I think I am in the second case 10:46colljos right - Are you running WebSphere with Security enabled ? 10:47colljos (ie. Console, Security Center, security enabled box) 10:47liujo I think we are 10:47liujo Here is the exact message from the server: 10:47liujo [SecureAssociationInterceptorImpl.client_unmarshalled_request]: 10:47liujo JSAS0060W: Unable to build security context. Many times problems with the client and/or server configuration is to blame for these errors. Most of the time it's related to SSL connections not being created. This could be due to invalid settings in the sas.client.props or the sas.server.props. Maybe the UJC.JAR is not specified in the classpath or is not the same version as the server. 10:47liujo The JDK you are using must also have the JSSE extention classes in /java/jre/lib/ext directory. The java.security file must include the IBMJCE provider. If the problem persists, contact support for assistance. 10:47colljos OK 10:48colljos We have seen this problem and already logged it with IBM 10:48colljos awaiting resolution 10:48liujo What do you do in the interim? 10:48colljos wait ;-) 10:49colljos But we have no side effects 10:49liujo do you have to restart the client? 10:49liujo or the server? 10:49colljos ie. the messages are sporadic and random, and the connections are automatically re-established between Client & Servers 10:50colljos nope - but then again we are not using CORBA servers as clients 10:50colljos Ocassionally I have had to restart clients (but not had this problem recently) 10:51liujo But I don't think this only applys to corba client 10:51colljos specifically the Admin Console would need re-starting 10:51colljos sure 10:51colljos Are you running WAS4 AE on Solaris ? 10:51liujo What do you restart admin console for? 10:51liujo Yes on solaris 10:52colljos admin console is just another client to WebSphere 10:52liujo Oh 10:52colljos and thus suffers the same Security problem 10:52karandan Just to clarify. We are not using a CORBA client. We are using a Java based Corba Server which acts as a regular java client to the EJB hosted in WAS4.0 on Solaris. 10:53karandan There is an additional message in the stdout file produced by the app server: 10:53karandan JSAS0435E: Credentials are invalid. Login again to get new credentials. Sometimes it is necessary to restart the cl 10:53karandan ient and/or server to ensure that you are using new credentials. Once credentials are marked invalid, they cannot be 10:53karandan come valid again. 10:53colljos interesting - that message I have NOT yet seen! 10:54liujo Any I am checking my log file again, I do see that the app server send back data a minute a minute after that exception 10:55colljos I suggest you raise this as an official bug with IBM Support 10:55liujo So maybe this one will not be a show-stopper 10:56colljos not a showstopper per se but I'd defintely raise it with a high severity (ie. cannot roll out into production due to this problem) 10:57colljos because you don't want to have to keep re-starting clients for re-authentication 10:57liujo yes, my earlier line was a continuation to my line before, not to your line about rasing to IBM 10:57karandan Jose...what's the process to raise this with IBM? 10:58colljos Contact IBM Support using our Passport Advantage contract agreement 10:58colljos I have all the details for logging calls from London but will need to do a bit of research for US details .. 10:58colljos unless you have a useful IBM Account Manager ? 10:59karandan no I don't or haven't had any contact with IBM directly. 10:59colljos ok - let me make a couple of phone calls to find out 10:59karandan Thanks. 11:01liujo Thanks 11:10colljos guys - I'll forward you a copy of the SSL security session establishment problem I submitted to IBM 11:11hongjb hi liujo 11:12hongjb i looked at the sas.server.props file in properties folder 11:12liujo see private 11:13hongjb there is a property called com.ibm.CORBA.loginTimeout Jun Hong [This message has been edited by Jun Hong (edited November 21, 2001).]
Jun Hong<br />SCJP, SCJD, SCWCD, SCEA<br />IBM Certified Systems Expert(V4.0)