Troubleshooting security configurations

The following topics help to troubleshoot specific problems related to configuring and enabling security configurations.

Refer to Security components troubleshooting tips for instructions on how to troubleshoot errors related to security.

Refer to SPNEGO TAI troubleshooting tips for instructions on how to troubleshoot errors related to diagnosing Simple and Protected GSS-API Negotiation (SPNEGO) trust association interceptor (TAI) problems and exceptions.

Deprecated feature:

In WAS v6.1, a trust association interceptor (TAI) that uses the SPNEGO to securely negotiate and authenticate HTTP requests for secured resources was introduced. This function was deprecated in WebSphere Application Server 7.0. SPNEGO web authentication has taken its place to provide dynamic reload of the SPNEGO filters and to enable fallback to the application login method. depfeat

• Errors when configuring or enabling security
  

• Errors after enabling security
  

• Access problems after enabling security
  

• Errors after configuring or enabling Secure Sockets Layer
  

• Errors configuring Secure Sockets Layer encrypted access
  

• Single sign-on configuration troubleshooting tips
  

• (iseries) Enterprise Identity Mapping troubleshooting tips
  

• Authorization provider troubleshooting tips
  

• (iseries) Password decoding troubleshooting tips
  

Subtopics

• Security components troubleshooting tips
  This document explains basic resources and steps for diagnosing security-related issues in WebSphere Application Server.

• Security configuration and enablement errors
  Use this information to troubleshoot problems with configuring or enabling security.

• Security enablement followed by errors
  Use this information if you are experiencing errors after security is enabled.

• Access problems after enabling security
  Use this information if you are experiencing access problems after enabling security.

• SSL errors for security
  We might encounter various problems after configuring or enabling SSL. You may not be able to stop the deployment manager after configuring the SSL. You may not be able to access resource using HTTPS. The client and the server may not be able to negotiate the proper level of security. The problems mentioned here are only a few of the possibilities. Solving these problems is imperative to the successful operation of WAS.

• Errors configuring SSL encrypted access for security
  We might have errors returned when we are trying to configure SSL for encrypted access. Some of the common errors you might encounter and suggestions on how to fix the problems are described.

• Single sign-on configuration troubleshooting tips for security
  Several common problems can occur when you configure single sign-on (SSO) between a WAS and a Domino server. Some such problems are: Failure to save the Domino Web SSO configuration, authentication failures when accessing a protected resource, and SSO failures when accessing a protected resource. We can take some actions to correct these error situations and restore the SSO.

• (iseries) Enterprise Identity Mapping troubleshooting tips
  The following information provides troubleshooting information for Enterprise Identity Mapping (EIM) configuration or connection factory configuration.

• Security authorization provider troubleshooting tips
  This article describes the issues you might encounter using a Java Authorization Contract for Containers (JACC) authorization provider. Tivoli Access Manager is bundled with WebSphere Application Server as an authorization provider. However, we also can plug in our own authorization provider.

• (iseries) Password decoding troubleshooting tips for security
  If the password encoding is corrupted and we cannot decode a password, we can complete one of the following tasks.

• SPNEGO trust association interceptor (TAI) troubleshooting tips (deprecated)
  Presented here is a list of troubleshooting tips useful in diagnosing Simple and Protected GSS-API Negotiation (SPNEGO) TAI problems and exceptions.

• SPNEGO troubleshooting tips
  We can securely negotiate and authenticate HTTP requests for secured resources in WebSphere Application Server using the SPNEGO. We might encounter issues using Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) as the web authentication service for WebSphere Application Server.