Trouble Shooting Authentication using IBM Lotus Connections v3.0

Trouble Shooting Authentication using Lotus Connections v3.0

A great way to increase innovation is through knowledge sharing.   Three products that I use every day are Rational Team Concert, Rational Asset Manager and Lotus Connections.  These products provide Change Management, Asset Management and Collaboration capabilities which are important for being able to innovate successfully with a team.   I am investigating new ways of using and integrating these products.  So recently I tried to install Lotus Connections to learn more.    After completing my installation process for IBM Lotus Connections I hit a problem where I was unable to login.  Each time I tried I was redirected me back to the login page after it successfully accepted my credentials.

Logging in to WAS I could see that LDAP was enabled with WAS. I could see the users in LDAP there.  Going to the profile directory I could see I successfully populated the profiles database with my ldap users.  The issue had to be with the authentication.  I wanted to share the method below that ultimately allowed me to trouble shoot and solve the problem.  I hit many other problems but those were well documented on the Web.  This one however wasn’t and I think it maybe useful for others who are deploying notes or just plain WebSphere applications.

 Troubleshooting Security Problems in WebSphere

  1.  Enable Tracing – Turn on tracing to get the right level of logging to trouble shoot.   In the Integrated Solutions Console to go Troubleshooting logs and trace.

i.      Select your server in my case it was connections _server1

ii.      Select Diagnostic Trace

iii.      Configuration

iv.      In the components field replace  *=info with

*=info:com.ibm.ws.security.*=all:com.ibm.websphere.wim.*=all:

com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all

orig  *=info

2.       Confirm that you have global security / Single Sign On SSO

    1. a.      General Properties  Enabled
    2. b.      Required SSL unselected
    3. c.       Domain name with a leading period.  Mine was .funbox2.com
    4. d.      Enable Interoperability Mode and Web inbound Securty
    5. 3.       Confirm that you have federated repositories for Global Security
      1. a.      Confirm that  you have both defaultWIFIleBasedRealm and  LDAP RELM
      2. b.      Confirm your Repository Identifier  is setup with your directory server, host and port
      3. c.       Binding DN pointing to cn=root and  bind password  for LDAP root
      4. d.      Ensure LoginProperties is set to uid
      5. e.       Certificate Mapping to EXACT_DN
      6. 4.       Restart your Connections Server
      7. 5.       Use baretail.exe to trace the SystemOut.log file C:\Program Files\IBM\WebSphere\AppServer1\profiles\AppSrv01\logs\connections_server1
      8. 6.       Use baretail.exe to trace the trace.log file C:\Program Files\IBM\WebSphere\AppServer1\profiles\AppSrv01\logs\connections_server1

This showed the error “REALM doesn’t match”

The SystemOut.log file had this key error:

[2/17/12 7:58:02:265 PST] 0000004f J2EEContext   E   ASYN9999E: Unexpected Exception Occurred: com.ibm.websphere.asynchbeans.SerialDeserialException: Exception while deserializing a saved service.  Service=security. Unable to deserialize the Subjects in this Context, cause: the realms do not match

  1. 7.       At this point I shared the trace and logs with a friend who was familiar with these types of security errors.  He thought the error was likely caused by not having a three level url.   That included www.funbox2.com
  2. 8.       Since I was testing in a local sandbox I modified the hosts file C:\WINDOWS\system32\drivers\etc  I was missing the one with http://www.funbox2.com

127.0.0.1              localhost

127.0.0.1              funbox2.com

127.0.0.1              www.funbox2.com

  1. 9.       Updated the LotusConnections-config.xml so that it referred to hostname www.funbox2.com instead of funbox2.com for all occurrences of it.

C:\Program Files\IBM\WebSphere\AppServer1\profiles\AppSrv01\config\cells\funbox2Cell01\ \LotusConnections-config\LotusConnections-config.xml

  1. 10.   TO ensure the config changes get propogated across the WAS cluster / cell go back into the Integrated Solutions Console.  System Adminstration / Cell /  Nodes/ Select the node and do a Full Re-sychronize.

This solved my Lotus Connections Login problem and I can now use IBM Lotus Connections.    I now can claim I have successfully installed IBM Lotus Connections.

Advertisements

About Carlos

Principal Technical Product Manager for Bluemix in IBM Software. The postings on these blogs are the authors own and don’t represent IBM’s positions, strategies or opinions.
This entry was posted in Lotus Connections, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s