Credentials Exception

This is a very common error you get when you access Workplace.


Error Message:
Credentials Exception

Exception Class:

There could be more than one reason for getting this exception. If you see something like this in the Error Stack Trace -

"Caused by: org.omg.CORBA.COMM_FAILURE: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: com.ibm.jsse2.util.h: No trusted certificate found vmcid: 0x49421000 minor code: 70 completed: No " which leads to the hand shake failure between Content Engine and Application Engine.

Lets first understand the architecture.

Application Engine comes with a J2EE application called Workplace to be hosted on an application server say, WebSphere. Workplace is a fontend window for your FileNet System, where you can have process configuration, workflow management, initiating workflows, search designs and so on. So, Workplace alone is a J2EE app unless you configure and point to your process engine, content engine and so on.

In FileNet version 4.0, Content Engine is also a J2EE application. So this has to be deployed on, say, WebSphere.

The Workplace's authentication is carried out through Content Engine. Meaning, When you access workplace, workplace throws you a page to authenticate, the credentials what you give are first passed to Content Engine, and the Content Engine, sends a query to LDAP and so on. As soon as it gets your Authentication and Authorization, it passes response to workplace. And workplace knows what to show you with your set of credentials.

So, AE communicates with CE on a specific port and with specific set of parameters. It needs Security check. If you do not implement SSL Handshake between your AE and CE this is the thing whats going to happen: AE takes your login and password from the browser, tries to pass the info to CE, CE App Server checks the incoming request for its Cert info. If it is a trusted request, it allows the request to reach its service methods, otherwise, it rejects the request, and your FileNet API, com.filenet.wcm.toolkit.util.WcmException catches that error and throws this Error Message "Credentials Exception".

How to deal with it?

Keeping FileNEt 4, WAS 6.1.xx versions in mind -

You need to make sure SSL Fruitful Handshake to happen between AE and Ce, meaning you need to make sure CE trusts AE to access its resources.

In WAS 6.1.xx, Trust stores are no more in WAS_PROFILE_HOME/etc but in WAS_PROFILE_HOME/config/cells/cellname/nodes/nodename. The Default trust store is trust.p12

So you need to open this guy, export as a crm file. Do this on AE and CE too.

Meaning, Add CE arm file to AE Trust Store and Add AE arm file to CE Trust store.

You can bounce all the services and recycle temp.

No comments: