Access Denied when MWS connect IS

I use WebMethod 9.6.
I cannot connect IS. Log will show like this

com.webmethods.caf.wsclient.proxy.impl.WSClientDynamicProxy: HTTP error response:

Access Denied


java.rmi.RemoteException: HTTP error response:

Access Denied

How can I fix this problem?

PS. I am a newbie. My company will use this product. So, I will try it first.

Do you have admin privileges?

Try with default user and password:

user: Administrator
password: manage

Yes, I used it. But, it still doesn’t work

My log looks like this :
Failed SAML authentication
com.webmethods.portal.PortalException: [POP.012.0002.wm_xt_samlsecurityservice] The SAML artifact is invalid or has expired.
at com.webmethods.portal.portlet.wm_xt_samlsecurityservice.service.SamlSecuritySvc.validateSamlAssertion(SamlSecuritySvc.java:299)
at com.webmethods.portal.portlet.wm_xt_samlsecurityservice.endpoint.SamlServiceEndpoint.samlAssertionHandler(SamlServiceEndpoint.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.axis.providers.java.MsgProvider.processMessage(MsgProvider.java:126)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at com.webmethods.portal.webservices.servlet.PortalAxisServlet.doPost(PortalAxisServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at com.webmethods.portal.webservices.servlet.PortalAxisServlet.service(PortalAxisServlet.java:390)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1448)
at com.webmethods.portal.webservices.auth.BasicAuthFilter.doFilter(BasicAuthFilter.java:75)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at com.webmethods.portal.framework.impl.RequestFilter.doFilter(RequestFilter.java:56)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:744)
2014-09-02 09:24:08 ICT (Framework:INFO) [WS:4] - WebService Request: http://www.oasis-open.org/committees/security completed in 27

Did you configure SAML?

I use default configuration. I cano log in separate MWS and IS, but on MWS I cannot check connection (It doesn’t have authorization.). Moreover, I use embedded Database. Is it ok?

The 'SAML artifact is invalid or has expired" can come from a couple of different problems.

  1. Confirm that Central Users is working properly. In the IS Admin pages, navigate to Security->User Management and confirm that the Central User Management field shows ‘Configured’.

  2. The default SAML configuration assumes that MWS and IS are on the same machine. If not, you’ll need to configure IS with the location of MWS. This is configured in the IS page Settings -> Resources in the field MWS SAML Resolver URL.

  3. The SAML expiration can be misleading in cases where the user is authenticated by IS but the user doesn’t have rights to execute the IS server. There is a retry mechanism that attempts the web service call a second time, but the SAML artifact has already been used - leading to the “invalid artifact” message. Check the IS logs for a " authenticated" message just before the “access denied” message.