Getting LoginModule authentication with RACF failed error when logging into CA OPS/MVS Web Services

book

Article ID: 5906

calendar_today

Updated On:

Products

CA OPS/MVS Event Management & Automation

Issue/Introduction

I am receiving an intermittent unauthorized error when testing the CA OPS/MVS OPSVIEW Web Service in Google Chrome to the mainframe Tomcat sever (OPSWS). If I recycle the server, then the process flows though fine. My event is present in the OPSLOG. But, the subsequent attempts fail with an authentication error. I am wondering if there is a setting or parameter in the tomcat server that is causing this condition.

STDOUT of OPSWS:
ÝOS390LoginModule¨ authentication with RACF succeeded
userID = #dbis
ÝOS390LoginModule¨ added OS390Principal and OS390PasswordCredential to Subject
ÝOS390LoginModule¨ completed logout processing
ÝOS390LoginModule¨ authentication with RACF failed.
Contents of PlatformReturned object:
success = false
errno = 163
errno2 = 151783456
errnoMsg = EDC5163I SAF/RACF extract error.
ÝOS390LoginModule¨: aborted authentication attempt
ÝOS390LoginModule¨ authentication with RACF failed.
Contents of PlatformReturned object:
success = false
errno = 163
errno2 = 151783456
errnoMsg = EDC5163I SAF/RACF extract error.
ÝOS390LoginModule¨: aborted authentication attempt
ÝOS390LoginModule¨ authentication with RACF failed.
Contents of PlatformReturned object:
success = false
errno = 163
errno2 = 151783456
errnoMsg = EDC5163I SAF/RACF extract error.
ÝOS390LoginModule¨: aborted authentication attempt

Cause

Missing APPL authority by RACF

RACF Return code: 00000034

Environment

> CA OPS/MVS® Event Management and Automation for JES2 - MVS Release:12.2 > OPSVIEW > /stc/opsws/web/apache-tomcat-7.0.40 > RACF > Google Chrome > Tomcat

Resolution

Create RACF user security for the service by adding the User/Group to APPL(OMVSAPPL) Class with READ authority.

Additional Information

CA OPS/MVS: How to Implement External Security with RACF