IBM Support

PM91803: SERVER CANNOT WRITE TO KEYSTORE FILE RUNNING WSADMIN.SH ADMINTASK.EXPORTSAMLSPMETADATA REQUEST AGAINST RACF KEYRI

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The following error is seen: CWPKI0699E: The
    CellDefaultTrustStore keystore is marked as a read-only access.
    The Application Server cannot write data to this keystore file
    
    when running wsadmin.sh
    AdminTask.exportSAMLSpMetadata request against RACF keyring.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server using the exportSAMLMetadata         *
    *                  command.                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: User unable to export SAML metadata     *
    *                      if the keystore is read only.           *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Users are not able to export SAML metadata information if SAML
    is configured with a read only keystor file.
    

Problem conclusion

  • Move the check for read only keystore to the paths where the
    could would attempt to write something to the keystore file.
    
    APAR PM91803 is currently targeted for inclusion in WebSphere
    Application Server Fix Packs 7.0.0.31 of WebSphere Application
    Server.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM91803

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-06-25

  • Closed date

    2013-07-23

  • Last modified date

    2014-02-05

  • APAR is sysrouted FROM one or more of the following:

    PM90014

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R700 PSY UI13725

       UP14/01/11 P F401

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: WebSphere Application Server for z/OS
General

Software version: 7.0

Reference #: PM91803

Modified date: 05 February 2014