SSO Token Propagation in Connections 5.5
Exception getting opaque token from originating server.
com.ibm.websphere.security.auth.WSLoginFailedException: SSO token uniqueID not
null, but opaque token not found. Need to re-challenge the user to login again
When attempting to login to connections 5.5 where an SSO solution is in place you may come across behavior where the login page continues to refresh as the login is attempted repeatedly.
In Websphere Application Server 220.127.116.11 and 18.104.22.168 there are two settings which can contradict each other in certain circumstances if they are both set to true.
Step 28b in the following documentation instructs users to enable security token propagation in the WebSphere Integrated Console. This step instructs WebSphere to request user object information from the upstream server where the request originated. If this token propagation is not selected, WAS will attempt to get user object information from the LDAP.
In these versions, there is a custom security property which is set to true by default:
com.ibm.websphere.security.disableGetTokenFromMBean = true
This setting can contradict the propagation setting and result in the above error.
Resolving the problem
There are two options to resolve this issue.
1) Disable security token propagation which will force WAS to get a user object from LDAP
2) Set the custom property to False to allow WAS to get the user object from the originating server.
This decision is a performance decision depending on overall system traffic.
Translate this page: