Direct links to fixes
APAR status
Closed as fixed if next.
Error description
If you create a new deployment enviornment after the profiles have been created, if the "Prefix new alias names with the node name of the cell" flag has been set to true, the authentication aliases created will not match the ones used in the rest of the configuration. Thus, you while the security.xm will contain aliases such as this: <authDataEntries xmi:id="JAASAuthData_1456866536216" alias="Dmgr/BPMAdminAlias_Test" userId="dmgradmin_2" password="{xor}KD4sbjo7Kg=="/> Other files such as sib-engines.xml, we would see entries like this: <dataStore xmi:id="SIBDatastore_1456866544702" uuid="AA75BA7930BBE827" dataSourceName="jdbc/SharedDb" schemaName="bd2admin" authAlias="BPM_DB_ALIAS_Test"/> That is referring to the wrong authentication alias and will cause J2CA0044E errors when starting the DE that look like this: [3/1/16 13:22:19:520 PST] 0000007e PrivExAction E J2CA0044E: The Connection Manager failed to get a Subject from the security service associated with ConnectionFactory jdbc/SharedDb. Received exception javax.security.auth.login.LoginException: Incorrect authDataEntry and alias is: BPM_DB_ALIAS_Test at com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping.getMapped Subject(WSDefaultPrincipalMapping.java:529) at com.ibm.ejs.j2c.PrivExAction.run(PrivExAction.java:158) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon troller.java:118) at com.ibm.ejs.j2c.ServerFunction.getSubject(ServerFunction.java:12 09) at com.ibm.ejs.j2c.ServerFunction.getFinalSubject(ServerFunction.ja va:1297) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionM anager.java:988) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:644) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:853) at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.testConne ctionToDB(HAManagerMessagingEngineImpl.java:2133) at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.activate( HAManagerMessagingEngineImpl.java:1322) at com.ibm.ws.sib.admin.impl.JsActivationThread.run(JsActivationThr ead.java:94) This error will stop the DE from fully starting. You will see the exception in the Messaging Cluster. This behavior is only in BPM 8.5.6.x , it could not be recreated in BPM 8.5.5 and is fixed for BPM 8.5.7.
Local fix
The best way of dealing with this issue is to delete and recreate the DE with the property set to false. Thus: Log into Websphere Admin Console Delete the previously created DE. Go to the Security -> Global security -> JAAS-J2C authentication data page. Make sure that the "Prefix new alias names with the node name of the cell" property is set to false. Create the DE again.
Problem summary
The authentication alias names have the deployment manager's node name as the prefix (for example, Dmgr/BPM_DB_ALIAS_Test), but the authentication data alias references from other sources, such as the data sources, are missing that prefix. Referring to an authentication alias that doesn't exist causes J2CA0044E errors that look like this when the IBM BPM DE starts: [3/1/16 13:22:19:520 PST] 0000007e PrivExAction E J2CA0044E: The Connection Manager failed to get a Subject from the security service associated with ConnectionFactory jdbc/SharedDb. Received exception javax.security.auth.login.LoginException: Incorrect authDataEntry and alias is: BPM_DB_ALIAS_Test at com.ibm.ws.security.auth.j2c.WSDefaultPrincipalMapping.getMapped Subject(WSDefaultPrincipalMapping.java:529) at com.ibm.ejs.j2c.PrivExAction.run(PrivExAction.java:158) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon troller.java:118) at com.ibm.ejs.j2c.ServerFunction.getSubject(ServerFunction.java:12 09) at com.ibm.ejs.j2c.ServerFunction.getFinalSubject(ServerFunction.ja va:1297) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionM anager.java:988) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:644) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:853) at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.testConne ctionToDB(HAManagerMessagingEngineImpl.java:2133) at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.activate( HAManagerMessagingEngineImpl.java:1322) at com.ibm.ws.sib.admin.impl.JsActivationThread.run(JsActivationThr ead.java:94) This error stops the DE from fully starting. You see the exception in the Messaging cluster. member log files.
Problem conclusion
Temporary fix
Comments
APAR JR55442 is being closed CAN because this has been fixed in BPM857
APAR Information
APAR number
JR55442
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
856
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-02
Closed date
2016-03-28
Last modified date
2016-04-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"856","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 August 2023