Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

urgent help needed : WebSPhere security problems

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,

We use WebSphere 4.0.6 security (Form based authentication) for authenticating users against LDAP servers. We have only one role in our application "Auth Role" which is mapped to "All Authenticated Users" built in group. While deploying the application, we mapped "Auth Role" to "All Authenticated Users" built in group. However, when we tried to login with valid user id /password I am getting a 403 Forbidden page and the log file shows this error :

[12/5/04 2:28:01:183 MST] 4047b7bb WebCollaborat A SECJ0129A: Authorization failed for psudhakar while invoking GET on default_host:/services/iibv/welcome.wss, Authorization failed, Not granted any of the required roles: Auth Role

The same setup works in our dev and test environment but not in production. I am really stuck with this problem and any help is greatly appreciated.

Thank You.
 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sudha,
I think the only way to figure the problem out for sure is to do a detailed compare on test vs. production configuration, but on the face of it, it sounds suspiciously like a problem we had recently.
LDAP had the right person in the right group & the right permissions asigned to the group, but WebSphere didn't recognise the person as belonging to the group.
If you think this might be your problem too, try setting up the permissions in application.xml for individual users rather than groups. If this fixes it, then you should go into the 'Advanced LDAP Settings" in the admin cnosole & play around with the values of "Group Member ID Map". "group:member; memberof:member" works for us, but I think it depends what implementation of LDAP you're using (ours is Active Directory).

Good luck!
Louise
 
If you are using a rototiller, you are doing it wrong. Even on this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic