We want to build a front-end web application to consume the WPS’ HumanTask API using JAX-WS. This web application should be able to query current tasks for a specific user, claim tasks not claimed previously by any other user, complete tasks and so on. This web application will be deployed on a WAS 7.0 on a different cell than the one providing the HumanTask service (Currently we are using another WPS instance as the WAS but eventually it will be a simple WAS without WPS features). We synchronized LTPA generation keys by means of following steps:
- Login to one cell
- Go to "Security" > "Global Security". Under "Authentication" click on "LTPA"
- Under "Cross-cell single sign on"
- Establish a password
- Confirm the password
- Input the file name into which the LTPA keys will be exported
- Click on "Export keys"
- Log out
- Copy the generated file to the other server
- Login to the other cell
- Go to "Security" > "Global Security". Under "Authentication" click on "LTPA"
- Under "Cross-cell single sign on"
- Input previous password
- Confirm password
- Input the file name with the exported LTPA keys
- Click on "Import keys"
- Restart server
We developed a simple web application with GWT as a proof of concept with a simple UI and a web service client which consumes the HumanTask JAX-WS service. This web application is protected behind a Siteminder authenticator (when first entering web application Siteminder agent redirects to a web form asking for credentials). Web service client has been developed following JAX-WS standards, no additional dependencies have been added, we rely on WebSphere JAX-WS implementation (Apache Axis2). Once deployed we tested two scenarios without luck:
Scenario A:
- By default WPS’ HumanTask service provider is attached to policy set “BPC Web Service” with default policy set binding and policy set sharing disabled.
- We configure our HumanTask service client to use same policy set as service provider.
Log in to custom web application. When trying to query current tasks we get following exception:
com.ibm.wsspi.wssecurity.core.SoapSecurityException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: Login Failure: all modules ignored ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityGeneratorHandler$2@6fef6fef
No error message at service provider side.
Scenario B:
- Change WPS’ HumanTask service provider configuration enabling policy set sharing through HTTP GET. This way service provider WSDL contains information about the policy set.
- Change policy set configuration at service client to obtain policy set from provider using HTTP GET.
Log in to custom web application. When trying to query current tasks we get following exception:
javax.xml.ws.soap.SOAPFaultException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: Login module com.ibm.ws.wssecurity.wssapi.token.impl.UNTConsumeLoginModule login() method returned false ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@54a054a0
Before reaching the point where previous exception is reported we see following warning at service client logs:
CWWSS7053W: No web services security custom bindings were found. Default bindings will be used.
At service provider logs we can see following error:
CWWSS5514E: An exception while processing WS-Security message.
And a set of FFDCs are generated reporting the same exception we got at service client side.
Someone who could help us would be great!
