Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------

Calling ISIM JAVA APIs is something that is basically a mixture of black magic, a corba trace and pure luck :-).
But here is my little list of things to check for VA (this was from a TDI setup):

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
5. a jaas_login_was.conf file - I believe this is available in the samples
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
7. update ssl.client.props property user.root to point to your property file location
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props

Some of these steps may not be relevant in all environment - but we have used this setup (for TDI) with proven record - so I hope this can help you. I plan to write up a general guideline when/if I get the time - but there is a lot of testing involved to make sure it will be accurate...

Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen
------------------------------

Original Message:
Sent: Wed August 07, 2019 05:52 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------

Hi Franz,

Thank you for your reply. I have done most of the things already as you mentioned. Please find my status below for the list of things you mentioned:

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
Done
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
Done
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
Done (obtained from WAS client installation)
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
I have included these properties files in my eclipse project's source directory and mentioned in the code to include those but they are not being picked up, the code is still going for the 2809 port on my laptop and not going for the appliance
5. a jaas_login_was.conf file - I believe this is available in the samples
Done
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
Done (but these values are not being picked up by the code)
7. update ssl.client.props property user.root to point to your property file location
Not done, but it should atleast proceed with the other steps and give SSL error
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props
Not done, but it should atleast proceed with the other steps and give SSL error

As you can see, I have completed all steps except last two which are for SSL and I expect SSL errors (which I will resolve once I am confident that at least my code is reaching ISIM Appliance). I am not sure how would my code know the location of sim server and port as it is not picking up from sas.client.props.

Yes it would be really helpful if you can publish a guide or a document. Till then, I hope we can figure it out here..

Best regards,

------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Wed August 07, 2019 08:00 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Calling ISIM JAVA APIs is something that is basically a mixture of black magic, a corba trace and pure luck :-).
But here is my little list of things to check for VA (this was from a TDI setup):

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
5. a jaas_login_was.conf file - I believe this is available in the samples
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
7. update ssl.client.props property user.root to point to your property file location
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props

Some of these steps may not be relevant in all environment - but we have used this setup (for TDI) with proven record - so I hope this can help you. I plan to write up a general guideline when/if I get the time - but there is a lot of testing involved to make sure it will be accurate...

Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 05:52 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------
​

Do not assume that CORBA works like that HTTP - it is a strange beast - in my experience you need to do a CORBA trace to see the underlying errors.
Here is a good site to check :  http://adaptivemanagementsolutions.co.uk/wpmain/?p=115
There is a lot of gold in there - especially the highlight on hostname resolution (reverse lookup must work...)
But again - details are all important here - so without a trace do not jump to conclusions about the errors you see...

HTH
Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen
------------------------------

Original Message:
Sent: Wed August 07, 2019 08:55 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hi Franz,

Thank you for your reply. I have done most of the things already as you mentioned. Please find my status below for the list of things you mentioned:

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
Done
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
Done
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
Done (obtained from WAS client installation)
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
I have included these properties files in my eclipse project's source directory and mentioned in the code to include those but they are not being picked up, the code is still going for the 2809 port on my laptop and not going for the appliance
5. a jaas_login_was.conf file - I believe this is available in the samples
Done
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
Done (but these values are not being picked up by the code)
7. update ssl.client.props property user.root to point to your property file location
Not done, but it should atleast proceed with the other steps and give SSL error
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props
Not done, but it should atleast proceed with the other steps and give SSL error

As you can see, I have completed all steps except last two which are for SSL and I expect SSL errors (which I will resolve once I am confident that at least my code is reaching ISIM Appliance). I am not sure how would my code know the location of sim server and port as it is not picking up from sas.client.props.

Yes it would be really helpful if you can publish a guide or a document. Till then, I hope we can figure it out here..

Best regards,

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Wed August 07, 2019 08:00 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Calling ISIM JAVA APIs is something that is basically a mixture of black magic, a corba trace and pure luck :-).
But here is my little list of things to check for VA (this was from a TDI setup):

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
5. a jaas_login_was.conf file - I believe this is available in the samples
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
7. update ssl.client.props property user.root to point to your property file location
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props

Some of these steps may not be relevant in all environment - but we have used this setup (for TDI) with proven record - so I hope this can help you. I plan to write up a general guideline when/if I get the time - but there is a lot of testing involved to make sure it will be accurate...

Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 05:52 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------
​

​Thanks for the link to the site. This was really helpful in terms of figuring out why my code was not picking up the server/port that I was supplying (in fact it was not reading my sas.client.props). Now, after following the tutorial on the site, it is reading the properties and picking up the values that I provide, but I am still unlucky in terms of making it work. With the correct values of server and port I am still getting the following error:

SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
Error Class: class com.ibm.websphere.security.auth.WSLoginFailedException
Error Message: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
Error LocalizedMessage: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
loginContext: com.ibm.itim.apps.InitialPlatformContext@83307793 - null

By the hostname resolution and reverse lookup, what I understand from the article is that my machine should be able to translate the hostname into IP (it is being done successfully using the hosts file, I tested with ping command to the hostname which resolved it correctly). But for the reverse lookup thing, I didn't get a clear understanding. Does that mean if I perform ping to IP with -a parameter, it should resolve to the hostname? If that's the case, it happens only if we have a DNS server (hosts file will not be able to do it I guess). Is my understanding correct for the reverse lookup?

Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------

Original Message:
Sent: Wed August 07, 2019 09:17 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Do not assume that CORBA works like that HTTP - it is a strange beast - in my experience you need to do a CORBA trace to see the underlying errors.
Here is a good site to check :  http://adaptivemanagementsolutions.co.uk/wpmain/?p=115
There is a lot of gold in there - especially the highlight on hostname resolution (reverse lookup must work...)
But again - details are all important here - so without a trace do not jump to conclusions about the errors you see...

HTH
Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 08:55 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hi Franz,

Thank you for your reply. I have done most of the things already as you mentioned. Please find my status below for the list of things you mentioned:

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
Done
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
Done
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
Done (obtained from WAS client installation)
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
I have included these properties files in my eclipse project's source directory and mentioned in the code to include those but they are not being picked up, the code is still going for the 2809 port on my laptop and not going for the appliance
5. a jaas_login_was.conf file - I believe this is available in the samples
Done
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
Done (but these values are not being picked up by the code)
7. update ssl.client.props property user.root to point to your property file location
Not done, but it should atleast proceed with the other steps and give SSL error
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props
Not done, but it should atleast proceed with the other steps and give SSL error

As you can see, I have completed all steps except last two which are for SSL and I expect SSL errors (which I will resolve once I am confident that at least my code is reaching ISIM Appliance). I am not sure how would my code know the location of sim server and port as it is not picking up from sas.client.props.

Yes it would be really helpful if you can publish a guide or a document. Till then, I hope we can figure it out here..

Best regards,

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Wed August 07, 2019 08:00 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Calling ISIM JAVA APIs is something that is basically a mixture of black magic, a corba trace and pure luck :-).
But here is my little list of things to check for VA (this was from a TDI setup):

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
5. a jaas_login_was.conf file - I believe this is available in the samples
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
7. update ssl.client.props property user.root to point to your property file location
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props

Some of these steps may not be relevant in all environment - but we have used this setup (for TDI) with proven record - so I hope this can help you. I plan to write up a general guideline when/if I get the time - but there is a lot of testing involved to make sure it will be accurate...

Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 05:52 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------
​

Hosts files should do the work as long as the name resolver is taking the hosts files into account. IIRC Windows is doing this by default - *ix is another story...

HTH
Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen
------------------------------

Original Message:
Sent: Wed August 07, 2019 03:45 PM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

​Thanks for the link to the site. This was really helpful in terms of figuring out why my code was not picking up the server/port that I was supplying (in fact it was not reading my sas.client.props). Now, after following the tutorial on the site, it is reading the properties and picking up the values that I provide, but I am still unlucky in terms of making it work. With the correct values of server and port I am still getting the following error:

SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
Error Class: class com.ibm.websphere.security.auth.WSLoginFailedException
Error Message: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
Error LocalizedMessage: SECJ0395E: Could not locate the SecurityServer at host/port: sim7017app.hrt.com/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
loginContext: com.ibm.itim.apps.InitialPlatformContext@83307793 - null

By the hostname resolution and reverse lookup, what I understand from the article is that my machine should be able to translate the hostname into IP (it is being done successfully using the hosts file, I tested with ping command to the hostname which resolved it correctly). But for the reverse lookup thing, I didn't get a clear understanding. Does that mean if I perform ping to IP with -a parameter, it should resolve to the hostname? If that's the case, it happens only if we have a DNS server (hosts file will not be able to do it I guess). Is my understanding correct for the reverse lookup?

Best regards,


------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Wed August 07, 2019 09:17 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Do not assume that CORBA works like that HTTP - it is a strange beast - in my experience you need to do a CORBA trace to see the underlying errors.
Here is a good site to check :  http://adaptivemanagementsolutions.co.uk/wpmain/?p=115
There is a lot of gold in there - especially the highlight on hostname resolution (reverse lookup must work...)
But again - details are all important here - so without a trace do not jump to conclusions about the errors you see...

HTH
Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 08:55 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hi Franz,

Thank you for your reply. I have done most of the things already as you mentioned. Please find my status below for the list of things you mentioned:

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
Done
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
Done
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
Done (obtained from WAS client installation)
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
I have included these properties files in my eclipse project's source directory and mentioned in the code to include those but they are not being picked up, the code is still going for the 2809 port on my laptop and not going for the appliance
5. a jaas_login_was.conf file - I believe this is available in the samples
Done
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
Done (but these values are not being picked up by the code)
7. update ssl.client.props property user.root to point to your property file location
Not done, but it should atleast proceed with the other steps and give SSL error
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props
Not done, but it should atleast proceed with the other steps and give SSL error

As you can see, I have completed all steps except last two which are for SSL and I expect SSL errors (which I will resolve once I am confident that at least my code is reaching ISIM Appliance). I am not sure how would my code know the location of sim server and port as it is not picking up from sas.client.props.

Yes it would be really helpful if you can publish a guide or a document. Till then, I hope we can figure it out here..

Best regards,

------------------------------
Jahanzaib Sarwar

Original Message:
Sent: Wed August 07, 2019 08:00 AM
From: Franz Wolfhagen
Subject: ISIM Java APIs

Calling ISIM JAVA APIs is something that is basically a mixture of black magic, a corba trace and pure luck :-).
But here is my little list of things to check for VA (this was from a TDI setup):

1. ISIM jars needs to be downloaded from the VA to ensure correct buildlevels
2. You need the tmsMessages.properties (and eventual language versions) packaged as a jar - these was not available for download from the VA - so you need to obtain these from e.g. an ISIM 6 installation
3. You need the correct WAS libraries - again these needs to be obtained from either a WAS client installation or e.g. from ISIM 6
4. WAS properties - sas.client.props + ssl.client.props + the Java lib orb.properties (I am not 100% sure about the last one is really necessary or it can be replaced by using the properties values directly...)
5. a jaas_login_was.conf file - I believe this is available in the samples
6. Update the sas.client.props properties com.ibm.CORBA.securityServerHost and com.ibm.CORBA.securityServerPort with the correct values - they can be found in Enrole.properties enrole.appServer.url
7. update ssl.client.props property user.root to point to your property file location
8. obtain ISIM WAS certificate from the VA and put this along a correct selfsigned certikate in a key store (on ISIM 6 you should be able to copy the trust.p12 and key.p12 from the WAS profile etc directory - be aware that WAS replaces the certificate  regularly if you stay with the default certificates) - the keystore(s) passwords in XOR format should be updated in the ssl.client.props

Some of these steps may not be relevant in all environment - but we have used this setup (for TDI) with proven record - so I hope this can help you. I plan to write up a general guideline when/if I get the time - but there is a lot of testing involved to make sure it will be accurate...

Regards
Franz Wolfhagen

------------------------------
Franz Wolfhagen

Original Message:
Sent: Wed August 07, 2019 05:52 AM
From: Jahanzaib Sarwar
Subject: ISIM Java APIs

Hello All,

I am trying to run ISAM Java API examples downloaded from appliance. I am running the create person example using eclipse IDE and getting the following error:

Aug 07, 2019 2:41:16 PM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Aug 07, 2019 2:41:17 PM com.ibm.WebSphereSecurityImpl.SecurityServerImpl
SEVERE: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
com.ibm.websphere.security.auth.AuthenticationFailedException: SECJ0395E: Could not locate the SecurityServer at host/port: 192.168.137.1/2809 to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
 at com.ibm.ws.security.auth.ContextManagerImpl.getSecurityServer(ContextManagerImpl.java:2330)
 at com.ibm.ws.security.auth.ContextManagerImpl.access$300(ContextManagerImpl.java:396)
 at com.ibm.ws.security.auth.ContextManagerImpl$10.run(ContextManagerImpl.java:4619)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5487)
 at com.ibm.ws.security.auth.ContextManagerImpl.runAsSpecified(ContextManagerImpl.java:5578)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4617)
 at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4424)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.loginWithUidAndPwd(WSLoginModuleImpl.java:491)
 at com.ibm.ws.security.common.auth.module.WSLoginModuleImpl.login(WSLoginModuleImpl.java:399)
 at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
 at java.lang.reflect.Method.invoke(Method.java:508)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
 at java.security.AccessController.doPrivileged(AccessController.java:650)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
 at com.isim.javaapi.Utils.getSubject(Utils.java:191)
 at com.isim.javaapi.CreatePerson.run(CreatePerson.java:85)
 at com.isim.javaapi.CreatePerson.main(CreatePerson.java:48)

I am not able to figure out where is the code getting the values for IP and port? Because in my enRole.properties file I have not specified these values. Also, this port 2809 is not listening on the appliance, so after finding our where to specify these values, which port will be used for this?

I am unable to find any good documentation for setting up ISIM Java APIs with ISIM new versions (appliances). Whatever I find is mostly for the old TIM deployed on WAS. Does anyone know of any documentation for the newer appliance based versions? Also, has anyone successfully used these JAVA APIs with appliance based ISIM?


Best regards,


------------------------------
Jahanzaib Sarwar
------------------------------
​