IBM Support

ProblemDetermination: JAAS login WebSphere Application Server

Troubleshooting


Problem

ProblemDetermination to assist in the analysis of Java™ Authentication and Authorization Service (JAAS) login problems for IBM WebSphere Application Server.

Resolving The Problem

Problem determination documents provide in-depth review and investigation into the information collected by MustGather.

Login module
Login modules are responsible for logging in, making the authentication check, and creating the principal that is stored in the subject.

WebSphere Application Server comes with three login modules already registered and configured in the WebSphere Administrative Console under Security > Global Security > Authentication > JAAS Configuration:

  • ClientContainer
com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl
  • DefaultPrincipalMapping
com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule
  • WSLogin
com.ibm.ws.security.common.auth.module.WSLoginModuleImpl

You may also write your own custom login module

The login module performs the following steps:

1. Initializes the login module, initiates the necessary objects
2. Sets up the callback handler and the callback methods
3. Walks through the callbacks one by one
4. Authenticates the user with the information returned from the callbacks
a. If the authentication is successful, it creates a principal based on the authentication data and inserts it into the subject setup during initialization
b. If the authentication fails, the module destroys the objects and returns with a failed flag.


JAAS login process
Application starts the login process
  • LoginContext is initialized
-LoginModule is invoked. Depending on the code design, a user/password can be
provided with the created CallbackHandler object.

-After verification of the supplied user ID and password, the LoginModule creates
a Subject which contains the user's realm and a credential.
  • Application retrieves the created Subject from LoginContext
  • Using the doAs method, the application invokes an Action under the acquired Subject

Files
security.xml - located in <install_root>/config/cells/<cellname> directory. Holds all WebSphere Application Server Global security settings including JAAS configuration.

Traces
Tracing instructions can be found here.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0;6.1;6.0.2","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21232421

Page Feedback