MWS connection to IS failed

Hi,
In MWS, Administration->My WebMethods->Servers, checking status give us this error in mws

2011-05-31 14:38:28 ART (wsclient:FATAL) [RID:102] - com.webmethods.caf.wsclient.proxy.impl.WSClientDynamicProxy: HTTP error response:

Access Denied


java.rmi.RemoteException: HTTP error response:

Access Denied

Integration Server logs reports:

[14896]2011-05-31 14:38:28 ART [ISS.0053.0002C] Access denied for user Administrator on port 5556 -> ‘soap/rpc’ from 159.68.3.172.
[14895]2011-05-31 14:38:22 ART [ISS.0012.0012D] Authentication of user “Administrator” failed with exception: Login Failure: all modules ignored.

All passwords has been checked.

Please we need help

regards.

Hi,

   Can you please check whether the CentralUsers Functional Alias has configured at JDBC Connection pool section? And also check whether SAML url has updated in extended fields section.

If everything is configured, Please check whether you have applied all the relevant latest fixes with the Webmethods Version.

Thanks.
Venkata

We’ve exactly the same problem. Only difference is we get this problem only if we are using Active Directory user to access MWS Monitoring screen.

We’ve following set-up…

  1. CenteralUser jdbc pool is configured to look at MWS DB schema
  2. Role in MWS is created MWSMonitorUsers which has our Business users group from AD as members. Also it means that AD look is working fine as it allows us look up AD groups/users and add as a member to MWS Role.
  3. Using MWS Permissions Management have set role MWSMonitorUsers to view Monitoring pages and also start/stop/suspend/resubmit process/service/documents etc.
  4. In IS ACL MonitorUsers is assigned to above system\MWSmonitorUsers role.
  5. SAML URL is configured and is pointing to right MWS.
  6. Logged in as Sysadmin to MWS and navigated to Folders > System > Managers > command > dir . Where clicked on authenticateuser and set authenticate to true.

We can see failed services and resubmit them when login as Administrator, however as user of AD we can login to MWS and navigate to the IS–>Service Page where it throws Access Denied Error. In IS log (at trace level) I noticed following…

2011-08-22 13:36:19 BST [ISC.0039.0001D] POST /soap/rpc
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- Host: ivvtcspdev01.dx.local:5111
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- Connection: Keep-Alive
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- User-Agent: TME-GLUE/8.0
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- SOAPAction: “”
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- Content-Type: text/xml; charset=UTF-8
2011-08-22 13:36:19 BST [ISC.0038.0002D] <-- Content-Length: 622
2011-08-22 13:36:19 BST [ISC.0038.0002D] ‘soap/rpc’ from 172.16.4.37.

==========================

Any help will be great. Thanks in advance…
server.log (3.13 KB)

2011-08-22 13:36:19 BST [ISC.0039.0001D] POST /soap/rpc
2011-08-22 13:36:19 BST [ISC.0038.0002D] Host: ivvtcspdev01.dx.local:5111
2011-08-22 13:36:19 BST [ISC.0038.0002D] Connection: Keep-Alive
2011-08-22 13:36:19 BST [ISC.0038.0002D] User-Agent: TME-GLUE/8.0
2011-08-22 13:36:19 BST [ISC.0038.0002D] SOAPAction: “”
2011-08-22 13:36:19 BST [ISC.0038.0002D] Content-Type: text/xml; charset=UTF-8
2011-08-22 13:36:19 BST [ISC.0038.0002D] Content-Length: 622
2011-08-22 13:36:19 BST [ISC.0038.0002D] Authorization: Basic cGF0ZWxhOmFncGF0ZWwz
2011-08-22 13:36:19 BST [WmAuditingSC.queue.2010D] Attempting to insert event onto queue ‘Session Queue’
2011-08-22 13:36:19 BST [ISS.0012.0003T] Client did not provide a session ID. Creating a new session

56206870ccbb11e089e4e25c6d98e4ea.
2011-08-22 13:36:19 BST [CommonLib.CDS.0002D] directory search:
query: (&(objectclass=person)(sAMAccountName=patela))
timeout: 0s
baseDN: DC=dx,DC=local
maxSize: 100
2011-08-22 13:36:19 BST [CommonLib.CDS.0002D] directory search results:
time: 15ms
2011-08-22 13:36:19 BST [CommonLib.CDS.0002D] Normalizing dn: CN=Ashish Patel,OU=Technology Department,DC=dx,DC=local
directory
2011-08-22 13:36:19 BST [CommonLib.CDS.0002D] Normalized dn: cn=ashish patel,ou=technology department,dc=dx,dc=local
directory
2011-08-22 13:36:19 BST [ISS.0012.0012D] Authentication of user “patela” failed with exception: Login Failure: all modules

ignored.
2011-08-22 13:36:19 BST [ISS.0033.0140T] Removed session 56206870ccbb11e089e4e25c6d98e4ea from memory.
2011-08-22 13:36:19 BST [WmAuditingSC.queue.2010D] Attempting to insert event onto queue ‘Session Queue’
2011-08-22 13:36:20 BST [MED.0206.0041T] DCProcessor of type com.softwareag.pg.pgmen.processors.IntervalProcessor started.
2011-08-22 13:36:20 BST [WmSharedCacheSC.impl.0100D] Attempting to insert/update cache entry
2011-08-22 13:36:20 BST [MED.0206.0024D] Interval processor tick interval incremented to: 201
2011-08-22 13:36:20 BST [MED.0206.0012D] Spring bean workqueue task load : {CollectionWorkQueue=0, ReportingWorkQueue=0}
2011-08-22 13:36:20 BST [MED.0206.0042T] DCProcessor of type com.softwareag.pg.pgmen.processors.IntervalProcessor completed

in 0 mSecs
2011-08-22 13:36:20 BST [WmAuditingSC.destination.1127T] Record of type com.wm.app.b2b.server.audit.type.SessionRecordType

are logging to table WMSESSION with the following SQL statement = INSERT INTO WMSESSION (ROOTCONTEXTID, PARENTCONTEXTID,

CONTEXTID, MSGID, SERVERID, AUDITTIMESTAMP, INSERTTIMESTAMP, SESSIONSTATE, USERID, SESSIONNAME, RPCS, AGE, SESSIONID)

VALUES (?, ?, ?, ?, ?, ?, GETUTCDATE(), ?, ?, ?, ?, ?, ?)
2011-08-22 13:36:20 BST [WmAuditingSC.destination.1127T] Record of type com.wm.app.b2b.server.audit.type.SessionRecordType

are logging to table WMSESSION with the following SQL statement = INSERT INTO WMSESSION (ROOTCONTEXTID, PARENTCONTEXTID,

CONTEXTID, MSGID, SERVERID, AUDITTIMESTAMP, INSERTTIMESTAMP, SESSIONSTATE, USERID, SESSIONNAME, RPCS, AGE, SESSIONID)

VALUES (?, ?, ?, ?, ?, ?, GETUTCDATE(), ?, ?, ?, ?, ?, ?)
2011-08-22 13:36:20 BST [ISS.0053.0002C] Access denied for user patela on port 5111 -> ‘soap/rpc’ from 172.16.4.37.

Hi,

Did you get to resolve this issue. We are facing the same issue. When we click on the service detail icon in the Monitoring->INtegartion->services page, we get an access denied exception.

PFB the logs.

SAML artifact “AAFtd3MgICAgICAgICAgICAgICAgIDAxNjI3NjI0MDAxODA0NjM5MzYz” resolved to login name “uid=xxxxx,ou=internal,ou=ctm_webmethods,o=apps.xxxxxx.com”.
Successfully authenticated user “appldap-dev/xxxxx”
ACLManager: allow check for user “appldap-dev/xxxxx” on ACL “Administrators” is returning true.
ACLManager: allow check for user “appldap-dev/xxxxx” on ACL “MonitorUsers” is returning true.
Client provided session ID 54655690f83811e18569d45b4e77e0d6 for an existing session.
User “appldap-dev/xxxxx” already authenticated in session 54655690f83811e18569d45b4e77e0d6; skipping authentication.
ACLManager: allow check for user “appldap-dev/xxxxx” on ACL “MonitorUsers” is returning true.
Client did not provide a session ID. Creating a new session 54895950f83811e1856cfb37cfccd753.
Authentication of user “xxxxx” failed with exception: Login Failure: all modules ignored.
Access denied for user xxxxx on port 5501 -> ‘WmMonitor/wsdl/getServiceDetails.wsdl’ from 48.113.34.5.

Environment: 8.2

Thanks in Advance…

I am facing same issue in MWS 8.2. Can any one help me how to resolve this.

Regards,
Mona

Hi,
I am facing this issue while connecting to PartnerProfiles tab in MWS. Where as I am able to connect through TN console and able to create enterprice and partner profiles.
When I connected with MWS ,I am getting the following message.

“HTTP error response:

Access Denied

Can u guys help to resolve this please. :shock:

Thanks.

You have to configure MWS to talk to IS and IS to talk to MWS first only then TN related details will be accessible through MWS.

In IS admin, set WmMonitor homepage with MWS details. Reload the package once set…
In MWS, under System settings, > servers configure IS server details… Execute ‘Check Server settings’ and see if it appears in green.
In MWS, under System settings > TN servers, configure IS server detail again where TN is installed…

You should see TN transactions, profiles and all through MWS now.

-Senthil

Hi,

After logging into MWS as an Administrator on each tab am getting error like java.rmi.RemoteException: HTTP error response:

Access Denied

. Please help me to solve this error.

Thanks,
Jithender

Is it a fresh set-up? Can you check if WmMonitor is present. Check the settings of WmMonitor homepage. Also check if SAML URL is correctly configured on IS.

Additionally check for the ACL/Role TNAdministrators.

I had an issue here on my 9.5, esp. when using Central User Management.

Regards,
Holger

Hello Mahesh/Holger,

Thanks for your reply.

Yes this is a fresh setup (wm 9.8 trail version), and also i have checked the both wmMonitor homepage and SAML both of them are configured correctly.

@Holger: Checked the ACL/TNAdministrators as well and i have full access.

Also on the IS Admin page can you check this shows as Configured and try to restart IS/MWS after the initial configuration done and Central pool is assigned:

Security > User Management -->
General
Central User Management Configured

HTH,
RMG

Hello RMG,

I just checked it and it is not configured, can you please tell me the steps so that i will configure that now.

Hi Jithender,

this is done in the IS-Admin UI under Settings -> JDBC Pools.

Create a new pool pointing to the database schema you have used when installing the MWS.

Assign the new pool to the function CentralUsers.

Test the pool and the function.
Restart the function.

It might be neccessary to restart the IS completely to get this feature enabled.

Regards,
Holger

Thanks Holger,

It’s working fine now.

Thanks All for your help.