Description

Customer has configured the WebSphere 6.0 Application/Portal Server to utilize a User Registry which is not the SiteMinder User Directory. The WebSphere User Registry was configured for "Realm Support". Since the SiteMinder User Directory, and the WebSphere User Registry are not the same system, and the User's SiteMinder ID is not the same value as the User's WebSphere ID, the Customer implemeted "User Mapping".

From review of the TAI's logfile, the "Mapped" ID being propagated to WebSphere is correct, however the TAI is then reporting the following error when attempting to retrieve User Attributes from the WebSphere User Registry, and the request fails;

SM TAI failed to get user registry attributes: WMM-UR: The syntax of the member DN "xxxxxx" is invalid.

Solution

When a WebSphere User Registry is configured for Realm Support, WebSphere prepends the UserID with the Realm; for instance "WMMUR/User1". The SiteMinder TAI could not locate the User Attributes due to the pre-pending of the Realm to the UserId.

The v6.0 for WebSphere 6.x CR-05 release contains the following fix to address this issue for environments in which the WebSphere User Registry has been configured for Realm Support;

CR-005
60355 - SM TAI failed to get user registry attributes: WMM-UR: The
syntax of the member DN "XXXXX" is invalid. Check if the special
characters are escaped.