Appreciations accepted

Vladlen Litvinov, the author: If you have some job offer for me, I'm ready to discuss it. View Vladlen Litvinov's profile on LinkedIn

Password

Saturday, October 18, 2014

It's impossible to open Administration Console for Content Platform Engine in IBM BPM 8.5.5

If you use the username not-a-DEadmin in IBM BPM 8.5.5 - you cannot open Administration Console for Content Platform Engine. The URL is https://<hostname>:<port>/acce.
You get the message in your browser:

Error Page Exception
SRVE0260E: The server cannot use the error page specified for your application to handle the Original Exception printed below.
 

Original Exception:
Error Message: com.ibm.ws.security.web.WebSecurityException: AuthorizationFailed
Error Code: 403


If we open SystemOut.log for managed node, we see the message there:

WebCollaborat A   SECJ0129E: Authorization failed for user vlitvinov:defaultWIMFileBasedRealm while invoking GET on default_host:/acce/, Authorization failed, Not granted any of the required roles: DOC_STORE_ADMIN_USERS

So you must give your user the role DOC_STORE_ADMIN_USERS. For this:
1. Open ISC.
2. Applications > WebSphere enterprise applications > IBM_BPM_DocStoreAdmin_<Clustername> >  Security role to user/group mapping
3. Map the role DOC_STORE_ADMIN_USERS to your user.
4. Save the configuration, syncronize nodes and restart the application.

Or you can use wsadmin commands, for example:

./wsadmin.sh localhost 8879 -lang jython -username wasadmin -password wasadmin

wsadmin>AdminApp.edit('IBM_BPM_DocStoreAdmin_BPMAPC.SingleCluster', '[ -MapRolesToUsers [[DOC_STORE_ADMIN_USERS AppDeploymentOption.No AppDeploymentOption.No "vlitvinov|bpmadmin" "" AppDeploymentOption.No "" "" ]]]' )
wsadmin>AdminConfig.save()
wsadmin>quit 


After the commands. syncronize nodes and restart the application.
 
Then you will be able to open Administration Console for Content Platform Engine.

No comments:

Post a Comment