开发者

com.ibm.websphere.security.WSSecurityException: the realms do not match

I'm getting this exception when trying to access a JAX-WS webservice running on the same WAS 7.0 server as the client.

Caused by: javax.xml.ws.WebServiceException: java.io.IOException: Unable to deserialize the Subjects in this Context, cause: the realms do not match

I have a realm set up for user authentication and this call works fine with that realm disabled. Both server and client are running in the same cell.

My current thinking is that my web service is not providing any realm inf开发者_运维技巧ormation at all, causing this problem, so I need to do something in my web service to provide a realm - but what? Even google-fu is failing me on this one!


The Realm is set in the LTPA token assigned to the call, and the realms of the client and server needs to match.

I.e. if client authenticates the user and sets and LTPA token with realm="Ldap1:389" then the server needs to have the same realm set. Or it needs to explicitly trust the given realm. This can be set up in WAS admin console, for an explanation of LTPA have a look here: http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_ltpa.html


It turned out to be that there needed to be a trust relationship between my local file-based admin realm and the realm I set up for my users to log on with.

WAS seems to do a lot of security gubbins under the covers, but turning on trace output for WSSecurity stuff helps shed light on problems.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜