IBM Support

WebSphere Portal remote search does not work after enabling global security

Troubleshooting


Problem

WebSphere® Portal remote search does not work after you enable global security. You follow all the steps in the Information Center correctly, including export and import of LTPA keys. Still the search EJB client cannot connect to the remote search server.

Symptom

The remote search server's (server1) SystemOut.log shows the following exception:

[8:13:28:915 PDT] 00000031 LTPAServerObj E SECJ0375E: Mismatch of realms during token validation.


[8:13:29:191 PDT] 00000031 LTPAServerObj E SECJ0373E: Cannot create credential for the user <null> due to failed validation of the LTPA token. The exception is com.ibm.websphere.security.CustomRegistryException: The realm in the token: WMMRealm does not match the current realm: myldapserver.myorg.com:389

Cause

The above exception indicates that, for the exported LTPA key from WebSphere Application Server on a portal using the WMM custom registry, the realm value is exported as null instead of the default realm name of wmmRealm.

The exported LTPA key shows "com.ibm.websphere.ltpa.Realm=null"

Resolving The Problem

When a user exports the LTPA key from WebSphere Application Server on a portal using WMM custom registry, there is a known issue where the realm value is exported as null instead of the default realm name, wmmRealm.

Refer to the following technote for steps to resolve; it explains how to update the realm value in WebSphere Application Server, as well as how to modify the security.xml file to add a realm value to ensure that future LTPA exports contain the correct realm value:


You should confirm the following items:
  • Edit the security.xml file on the Dmgr to add the realm value
  • Synchronize the cluster to push the security.xml to the nodes
  • Restart the cluster to load the new security.xml

After making the suggested changes as described in the technote #1198736, then manually change the Realm in the exported LTPA key and import it into the Remote Search machine.

[{"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSphere Portal","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1;6.0","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
03 December 2021

UID

swg21313414

Page Feedback