IBM BS029ML - WebSphere Portal Server Self Help Manual page 147

[8/17/07 16:45:23:294 EDT] 2934440 ServletInstan E SRVE0100E: Did not realize
init() exception thrown by servlet portal: javax.servlet.UnavailableException:
Initialization of one or more services failed.
In this case, an expired client certificate caused the system to fail.
If there is any message related to the SSL handshake, you need to check the client certificate
created when the TAM runtime was configured on WebSphere Application Server.
Enable traces on TAM
In certain cases, it is desirable to enable the WebSEAL traces along with those in WebSphere
Application Server and Portal. To enable the WebSEAL Web traces, run the following
commands from the PDAdmin console:
pdadmin> server task <webseald-server> trace set pdweb.debug 9 file
path=C:\temp\webseald.trace\pdweb.debug
pdadmin> server task <webseald-server> trace set pdweb.snoop 9 file
path=C:\temp\webseald.trace\pdweb.snoop
To disable these traces: run these commands:
pdadmin> server task <webseald-server> trace set pdweb.snoop 0
pdadmin> server task <webseald-server> trace set pdweb.debug 0
If the problem is with authorization with TAM, we recommend adding a "debug=true" custom
attribute to the PDLoginModule in the WebSphere Application Server administrative console
(select Security → Global security → JAAS Configuration → Application Logins →
Portal_Login → JAAS Login Modules → com.tivoli.mts.PDLoginModule → Custom
properties and add debug as the name and true as the value). This will generate debug
information to the SystemOut.log upon logging in similar to Example 4-22.
Example 4-22 PDLoginModule debug output
[5/26/07 14:46:02:346 EDT] 13de60b4 SystemOut
com.tivoli.mts.PDLoginModule
[5/26/07 14:46:02:346 EDT] 13de60b4 SystemOut
loader
[5/26/07 14:46:02:456 EDT] 13de60b4 SystemOut
[5/26/07 14:46:02:687 EDT] 13de60b4 SystemOut
PDPrincipal
[5/26/07 14:46:02:697 EDT] 13de60b4 SystemOut
PDCredential
To reconfigure TAM configuration, do not simply disable security. The TAM settings have to be
manually removed from the Portal configuration before trying to disable security.
Portal access control (PAC)
When debugging PAC related problems, check the following:
Make sure that the user is indeed in the group (if permissions were assigned to groups).
One simple test is to assign the user individually and see if that helps.
Use the XMLAccess utility to generate an export of the object tree, and follow the tree to
check that the roles are assigned.
If rights should not be given and you cannot discover where they were set, check for the
virtual principals of which all users are members.
O delegate class name:
O Using the current thread class
O user_dn is null
O [PDLoginModule]: added
O [PDLoginModule]: added
Chapter 4. WebSphere Portal security
133