(iseries)

Enterprise Identity Mapping troubleshooting tips

The following information provides troubleshooting information for Enterprise Identity Mapping (EIM) configuration or connection factory configuration.

AdminControl service is not available

Symptom	Explanation
The following message is displayed: Message: WASX7017E: Exception received while running file "/QIBM/ProdData/OS400/Java400/cfgIdToken.jacl"; exception information: com.ibm.ws.scripting.ScriptingException: AdminControl service not available.	The application server or deployment manager of the WAS profile is not started, or the wsadmin option -conntype NONE is specified.

Configuration-related messages returned by the sample application to the web browser session

Symptom	Explanation
The following message is displayed: Message: com.ibm.as400.access.AS400SecurityException: User ID is not known.	The EIM does not contain a mapping for the user ID used to log in to the sample application.
The following message is displayed: Message: com.ibm.as400.access.ServerStartupException: Password encryption indicator is not valid.	The target iSeries server is not configured for Enterprise Identity Mapping (EIM).
The following message is displayed: Message: java.net.ConnectException: A remote host refused an attempted connect operation.	The target server is not an iSeries server.
The following message is displayed: Message: The lookup for the connection factory failed. Either the connector is not configured, or the servlet resource reference (JNDI name) is not set correctly in the web.xml file. The servlet expects the resource reference in web.xml to be eis/IdentityToken_Shared_Reference.	Either the connector is not configured, or the servlet resource reference (JNDI name) is not set correctly in the web.xml file. The servlet expects the resource reference in the web.xml file to be eis/IdentityToken_Shared_Reference.
The following message is displayed: Message: The JAAS Subject object was not passed to the Java 2 Connector (J2C) connector because WAS security is not correctly configured for the servlet.	WebSphere Application Server administrative security is not enabled.
The following message is displayed: Message: javax.resource.ResourceException: com.ibm.eim.jndi.DomainJNDI:method_name: failed to connect to initial directory context.	This message is caused by one of the following issues: The authentication data entry configured for the connection factory contains an incorrect LDAP distinguished name. The authentication data entry configured for the connection factory contains an incorrect LDAP password. The LDAP host name configured for the connection factory is incorrect. The LDAP port configured for the connection factory is incorrect. The LDAP server is not started. The Enterprise Identity Mapping (EIM) domain name configured for the connection factory is incorrect. The EIM parent name configured for the connection factory is incorrect.
The following message is displayed: Message: javax.resource.ResourceException: Input URL is null or not valid.	An LDAP host name is not configured for the connection factory.
The following message is displayed: Message: com.ibm.as400.access.AS400SecurityException: An unknown problem occurred.	The target iSeries server is not joined to the EIM domain configured for the connection factory, or the EIM source registry name is incorrect.

Perform the following steps to enable trace for EIM:

This trace is only available for idTokenRA.JCA15.rar.

1. From the console, select Servers > Application Servers > server_name > Change Log Details Levels.

2. Click the Runtime tab.

3. Select Save runtime changes to configuration as well.

4. Remove any previous entries in the text field, and type the following:
   com.ibm.jca.idtoken.*=all: com.ibm.eim.token.*=all

5. Click Apply and save the changes.

Related tasks

Troubleshooting security configurations

Configure single sign-on capability with Enterprise Identity Mapping