CWWKS1101W message setting up REST API with z/OSMF running under CA Top Secret

book

Article ID: 131085

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Setting up REST API in z/OSMF and getting an error with a SAF call is initAcee (IRRSIA00) is returning 
8,8,20 (decimal) 
when certificate with subject 

CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server, 
S002,O=ABC Company,C=US. 

The trace string is: 

/ecurep/pmr/2/5/25378,122,000/2019-04-03/25378.122.000.zosmfServer.dump- 
19.04.03_13.40.48.zip_unpack/logs/trace.log 

shows: 

Caused by: com.ibm.ws.security.saf.SAFException: CWWKS2910E: SAF service 
IRRSIA00_CREATE did not succeed. SAF return code 0x00000008. RACF 
return code 0x00000008. RACF reason code 0x00000014. Internal error code 
0x00000006. 
... 52 more 

[4/3/19 13:40:15:102 CDT] 00001861 id=68f91e55 
com.ibm.ws.security.authentication.AuthenticationException < <init> 
Exit 

com.ibm.ws.security.authentication.AuthenticationException: CWWKS1101W: 
CLIENT-CERT Authentication did not succeed for the client certificate 
with dn CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server 
S002,O=ABC Company,C=US. The dn does not map to a user in the registry. 
com.ibm.ws.security.authentication.jaas.modules.CertificateLoginModule.l 
ogin(CertificateLoginModule.java:129) 
com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy. 

The SAF call is initAcee (IRRSIA00) is returning 
8,8,20 (decimal) 
when certificate with subject 

CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server, 
S002,O=ABC Company,C=US.

Environment

Release:
Component: TSSMVS

Resolution

Need to permit the started task id access to an APPL(IZUDFLT).

The certificate for the STC ACID was being presented for validation on the call for APPL(IZUDFLT). The access is rejected because the STC ACID IZUSRV was not permitted to APPL(IZUDFLT).