CWWKS1101W message setting up REST API with z/OSMF running under CA Top Secret
Article ID: 131085
Updated On:
Products
CA Top Secret
CA Top Secret - LDAP
Issue/Introduction
Setting up REST API in z/OSMF and getting an error with a SAF call is initAcee (IRRSIA00) is returning
8,8,20 (decimal)
when certificate with subject
CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server,
S002,O=ABC Company,C=US.
The trace string is:
/ecurep/pmr/2/5/25378,122,000/2019-04-03/25378.122.000.zosmfServer.dump-
19.04.03_13.40.48.zip_unpack/logs/trace.log
shows:
Caused by: com.ibm.ws.security.saf.SAFException: CWWKS2910E: SAF service
IRRSIA00_CREATE did not succeed. SAF return code 0x00000008. RACF
return code 0x00000008. RACF reason code 0x00000014. Internal error code
0x00000006.
... 52 more
[4/3/19 13:40:15:102 CDT] 00001861 id=68f91e55
com.ibm.ws.security.authentication.AuthenticationException < <init>
Exit
com.ibm.ws.security.authentication.AuthenticationException: CWWKS1101W:
CLIENT-CERT Authentication did not succeed for the client certificate
with dn CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server
S002,O=ABC Company,C=US. The dn does not map to a user in the registry.
com.ibm.ws.security.authentication.jaas.modules.CertificateLoginModule.l
ogin(CertificateLoginModule.java:129)
com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.
The SAF call is initAcee (IRRSIA00) is returning
8,8,20 (decimal)
when certificate with subject
CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server,
S002,O=ABC Company,C=US.
8,8,20 (decimal)
when certificate with subject
CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server,
S002,O=ABC Company,C=US.
The trace string is:
/ecurep/pmr/2/5/25378,122,000/2019-04-03/25378.122.000.zosmfServer.dump-
19.04.03_13.40.48.zip_unpack/logs/trace.log
shows:
Caused by: com.ibm.ws.security.saf.SAFException: CWWKS2910E: SAF service
IRRSIA00_CREATE did not succeed. SAF return code 0x00000008. RACF
return code 0x00000008. RACF reason code 0x00000014. Internal error code
0x00000006.
... 52 more
[4/3/19 13:40:15:102 CDT] 00001861 id=68f91e55
com.ibm.ws.security.authentication.AuthenticationException < <init>
Exit
com.ibm.ws.security.authentication.AuthenticationException: CWWKS1101W:
CLIENT-CERT Authentication did not succeed for the client certificate
with dn CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server
S002,O=ABC Company,C=US. The dn does not map to a user in the registry.
com.ibm.ws.security.authentication.jaas.modules.CertificateLoginModule.l
ogin(CertificateLoginModule.java:129)
com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.
The SAF call is initAcee (IRRSIA00) is returning
8,8,20 (decimal)
when certificate with subject
CN=prdplex-zosmf.abccompany.com,OU=SS zOSMF SHA2 Server,
S002,O=ABC Company,C=US.
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Need to permit the started task id access to an APPL(IZUDFLT).
The certificate for the STC ACID was being presented for validation on the call for APPL(IZUDFLT). The access is rejected because the STC ACID IZUSRV was not permitted to APPL(IZUDFLT).
The certificate for the STC ACID was being presented for validation on the call for APPL(IZUDFLT). The access is rejected because the STC ACID IZUSRV was not permitted to APPL(IZUDFLT).
Feedback
Yes
No
Powered by
