IBM Support

PM88959: Client security might not be enabled with certain settings.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When specifying a clientSecurity properties file in the
WebSphere eXtreme Scale monitoring console, client security
might not be enabled, or it might erroneously do authentication
when it should not.

The following error might be displayed when you attempt to
connect to the domain from the monitoring console logs:

5/6/13 21:13:25:012 EDT] 00000030 WXSAdminCatal 3
com.ibm.websphere.objectgrid.ObjectGridRuntimeException:
CWOBJ1325E:
There was a Client security configuration error. The catalog
server at
endpoint host.domain:2,000 is configured with SSL.
However,
the Client does not have a security configuration. The Client
security
configuration is null.
com.ibm.websphere.objectgrid.ObjectGridRuntimeException:
CWOBJ1325E:
There was a Client security configuration error. The catalog
server at
endpoint host.domain:2,000 is configured with SSL.
However,
the Client does not have a security configuration. The Client
security
configuration is null.
at
com.ibm.ws.objectgrid.naming.LocationServiceFactory.bootstrap(Lo
cationSe
rviceFactory.java:330)
at
com.ibm.ws.objectgrid.naming.LocationServiceFactory.bootstrap(Lo
cationSe
rviceFactory.java:154)
atPage 31 of 32
com.ibm.ws.xs.admin.util.WXSAdminCatalogConnection$1.call(WXSAdm
inCatalo
gConnection.java:278)
at
com.ibm.ws.xs.admin.util.WXSAdminCatalogConnection$1.call(WXSAdm
inCatalo
gConnection.java:271)
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:34
5)
at java.util.concurrent.FutureTask.run(FutureTask.java:177)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec
utor.jav
a:1121)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe
cutor.ja
va:614)
at java.lang.Thread.run(Thread.java:779)
...

Additionally, the "clientCertificateAuthencation" setting
in the client.properties file might not be read properly
by the runtime environment, causing the following exception:

[5/22/13 9:11:17:327 EDT] 00000022 FfdcProvider  W

com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC
Incident
emitted on

/opt/ibm/wxs/ObjectGrid/console/logs/ffdc/WXSStatsMonitorSer
ver_124c
1bf2_13.05.22_09.11.17.3206624022641281381056.txt

com.ibm.ws.objectgrid.catalog.wrapper.LocationServiceWrapper.res
etRemote
215

[5/22/13 9:11:17:328 EDT] 00000022 StatsRetrieve W   The
connection
attempt to the catalog service domain failed. Verify that the
catalog
service is running. The following exception caused this error
to occur:
[com.ibm.websphere.objectgrid.ConnectException:

com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException

[originating=10.96.70.21:0;exid=0]: cluster security is
enabled but
CredentialGenerator is not found in
ClientSecurityConfiguration
at

com.ibm.ws.objectgrid.ObjectGridManagerImpl.connect(ObjectGridMa
nagerImp
l.java:1258)

at

com.ibm.ws.xs.stats.client.routing.StatsRetrieverRouter.resetCon
text(Sta
tsRetrieverRouter.java:196)

at

com.ibm.ws.xs.stats.client.routing.StatsRetrieverRouter.getInsta
nce(Stat
sRetrieverRouter.java:172)

at

com.ibm.ws.xs.app.CatalogListener.updateGridInfo(CatalogListener
.java:13
7)

at

com.ibm.ws.xs.app.DomainConnectionUpdater.setConnectionInfo(Doma
inConnec
tionUpdater.java:112)

....

....

Caused by:
com.ibm.websphere.objectgrid.ObjectGridRuntimeException:
com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException

[originating=10.96.70.21:0;exid=0]: cluster security is
enabled but
CredentialGenerator is not found in
ClientSecurityConfiguration
at

com.ibm.ws.objectgrid.catalog.wrapper.xio.XIOServiceMessageHandl
er.<init
>(XIOServiceMessageHandler.java:99)

at

com.ibm.ws.objectgrid.catalog.wrapper.LocationServiceWrapperXIO.
buildILo
cationServiceClient(LocationServiceWrapperXIO.java:111)

....

.....

... 54 more

Caused by:
com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException
[originating=10.96.70.21:0;exid=0]: cluster security is
enabled but
CredentialGenerator is not found in
ClientSecurityConfiguration
at

com.ibm.ws.objectgrid.catalog.wrapper.xio.XIOServiceMessageHandl
er.<init
>(XIOServiceMessageHandler.java:71)

... 62 more

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED:  Administrators of WebSphere eXtreme Scale   *
*                  V7.1.1, V8.5, and V8.6 monitoring console   *
*                  who use client security properties.         *
****************************************************************
* PROBLEM DESCRIPTION: Certain client security properties are  *
*                      not properly read by the runtime        *
*                      environment.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The monitoring console did not correctly process the
securityEnabled and clientCertificateAuthentication properties
from the client security properties file.
As a result, using transport layer security without using
credential security never allows securityEnabled to be set to
"true". Also, the clientCertificateAuthentication property is
not properly read, which causes the exceptions mentioned in
the Error Description.

Problem conclusion

  • The runtime environment was corrected to properly read and
interpret securityEnabled and clientCertificateAuthentication
properties. This APAR has been included in the latest
cumulative fixes for the following releases: 7.1.1.1, 8.5.0.3,
8.6.0.1, and 8.6.0.2. For information about downloading these
release, see the following web page:
http://www-01.ibm.com/support/docview.wss?uid=swg27018991

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM88959
    • 

  • Reported component name
    WS EXTREME SCAL
    • 

  • Reported component ID
    5724X6702
    • 

  • Reported release
    860
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-05-13
    • 

  • Closed date
    2013-06-18
    • 

  • Last modified date
    2013-06-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WS EXTREME SCAL
    • 

  • Fixed component ID
    5724X6702
    • 



Applicable component levels


    

  • R711  PSY
       UP
    • 

  • R850  PSY
       UP
    • 

  • R860  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            18 June 2013
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback