IBM Support

SECJ0129E/Access Denied error when trying to access IMS Config Tool

Troubleshooting


Problem

Accessing the IMS Configuration Utility tool with a websphere administrator , a message about access denied is shown though this is the administrator used to installed the application with.

Symptom

A message about access denied in shown in the web browser and the systemout.log shows an error like the following:


[30/10/12 21:46:39:452 GMT] 00000031 WebCollaborat A SECJ0129E: Authorization failed for user wasadmin:defaultWIMFileBasedRealm while invoking GET on admin_host:webconf/faces/app/main.xhtml, Authorization failed, Not granted any of the required roles: Web Configurator Admin
[30/10/12 21:46:39:452 GMT] 00000031 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\WebSphere\AppServer\profiles\Dmgr01\logs\ffdc\dmgr_31c631c6_12.10.30_21.46.39.452427718121467630381.txt com.ibm.ws.security.web.WebCollaborator.authorize 1288

Cause

This can be due to the following:

- The 'WebConfAdmins' group does not exists. It controls access to the IMS Configuration Utility when application security is enabled. This can happened during installation, when deploying the ISAM ESSO IMS Ears manually. Though the install guide has a step about switching on application security in the manual deployment section, it does not mention any steps about adding this group or adding the WebSphere administrator to this group for the IMS Config utility.

- The WAS Administrator you are using is not a member of the 'WebConfAdmins' group.

Environment

ISAM ESSO IMS 8.2

Resolving The Problem

The security of the IMS Configuration Utility is controlled by this role 'Web Configurator Admin'. Which is linked to the group 'WebConfAdmins'.

This role is mentioned in the ISAM ESSO 8.2 Deployment Guide under the 'Application server security' -> 'Enable application security'

  • Check whether the 'WebConfAdmins' group exists:

    1. Log on to the IBM Integrated Solutions Console.
    2. On the Integrated Solutions Console navigation pane, select Users and Groups > Manage Groups.
    3. Click on 'Search' to show all the groups.
    4. Navigate to the last page to check if the 'WebConfAdmins' group is present.
  • Create the Group if it does not exist.
    1. Click on the 'Create..' button
    2. Enter WebConfAdmins as the group name.
  • Add your WAS user to the group.
    1. Click on the 'Members' tab, then the 'Add Users...' button.
    2. Click on 'Search' button to list your WAS users
    3. Select the user who should be able to use the IMS Configuration Utility.
    4. Click the 'Add' button.
    5. Click the 'Close' button.
    6. Click the 'General' button and the 'OK' button to save the new group.
  • Stand Alone Installation:
    1. Restart the Application Server
  • Cluster Installation:

  • 1. Log on to the IBM Integrated Solutions Console.
    2. On the Integrated Solutions Console navigation pane, select System
    administration > Nodes.
    3. Select the check box for the node where the IMS Server is installed.
    4. Click Full Resynchronize.
    5. Stop all the nodes n the Cluster.
    6. Stop and restart the Deployment Manager.
    7. Restart the nodes in the Cluster.

[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"IMS Server","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2;8.2.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 September 2019

UID

swg21616291

Page Feedback