PK84188: ORG.OMG.CORBA.NO_PERMISSION (4942430D) VMCID: 0X49424000 MINOR CODE: 30D WHEN CSIV2 IS BEING USED WITH RMI / IIOP REQUEST

Fixes are available

APAR status

Closed as program error.

Error description

WebSphere may throw a org.omg.CORBA.NO_PERMISSION (4942430D)
vmcid: 0x49424000  minor code: 30D when processing a RMI / IIOP
request where CSIv2 is being used.

SASRas=all tracing in the server will show the exception being
thrown from CSIServerRIBase.processIdentityToken (see below).
The error may be thrown from the Servant or Control region.

Trace: 2009/02/18 14:42:25.853 01 t=7B3510 c=0.DF key=P8
(13007002)
   ThreadId: 0000003d
   FunctionName:
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW
   SourceId:
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW
   Category: FINEST
   ExtendedMessage: SystemException class:
org.omg.CORBA.NO_PERMISSION,
message: Authentication failed. Could not validate Client Aut
 hentication Token and/or Client Certificates during Identity
Assertion; org.omg.CORBA.NO_PERMISSION: Authentication failed.
Could not validate Client Authentication Token and/or Client
Certificates during Identity Assertion  vmcid: 0x49424000  minor
code: 30D com pleted: No
  at
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processI
dentityToken(CSIServerRIBase.java:1464)
  at
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIForCFW.receiv
e_request(CSIServerRIForCFW.java:392)
  at
com.ibm.rmi.pi.InterceptorManager.invokeInterceptor(InterceptorM
anager.java:631)
  at
com.ibm.rmi.pi.InterceptorManager.iterateServerInterceptors(Inte
rceptorM
anager.java:517)
  at
com.ibm.rmi.pi.InterceptorManager.iterateReceiveRequest(Intercep
torManag
er.java:777)
  at
com.ibm.ws390.orb.WS390InterceptorManager.interceptInboundReques
t(Unknow
n Source)
  at com.ibm.ws390.orb.CommonBridge.invoke(Unknown Source)
  at com.ibm.ws390.orb.ORBEJSBridge.invoke(Unknown Source)
  at sun.reflect.GeneratedMethodAccessor85.invoke(Unknown
Source)
  at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
Accessor
Impl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:618)
  at
com.ibm.ws390.orb.parameters.ORBEJSBridgeInvoke.ORBEJSBridgeInvo
keParmSe
tter(ORBEJSBridgeInvoke.java:149)
  at
com.ibm.ws390.orb.CommonBridge.nativeRunApplicationThread(Native
Method)
  at com.ibm.ws390.orb.CommonBridge.runApplicationThread(Unknown
Source)
  at
com.ibm.ws.util.ThreadPool$ZOSWorker.run(ThreadPool.java:1670)

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server V6.1.0 for z/OS                      *
****************************************************************
* PROBLEM DESCRIPTION: For a WebSphere Application Server      *
*                      for z/OS Controller or Servant          *
*                      Region, the error                       *
*                      org.omg.CORBA.NO_PERMISSION with        *
*                      error code 4942430D is thrown when      *
*                      using CSIv2 stateless sessions with     *
*                      Identity Assertion enabled, Basic       *
*                      Authentication disabled, and Client     *
*                      Certificate Authentication disabled.    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
For a WebSphere Application Server for z/OS Controller or
Servant Region, there is an exception while attempting to
perform Identity Assertion for a stateless CSIv2 session when
there are no basic authentication and no client certificates
received from a local client using the Local Comm protocol.
The exception is org.omg.CORBA.NO_PERMISSION with error code
4942430D. When SASRas=all tracing is enabled, the following
message is displayed,

org.omg.CORBA.NO_PERMISSION,
message: Authentication failed. Could not validate Client
Authentication Token and/or Client Certificates during
Identity Assertion; org.omg.CORBA.NO_PERMISSION:
Authentication failed.
Could not validate Client Authentication Token and/or Client
Certificates during Identity Assertion  vmcid: 0x49424000  minor
code: 30D com pleted: No
  at
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.processI
dentityToken(CSIServerRIBase.java:1464)

Problem conclusion

The code was modified such that the sending server's identity
is retrieved from the transport layer when using stateless
CSIv2 sessions.

APAR PK84188 is currently targeted for inclusion in
Service Level (Fix Pack) 6.1.0.27 of WebSphere
Application Server V6.1 for z/OS.

Please refer to URL:
//www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
for Fix Pack availability.

Temporary fix

Comments

APAR Information

APAR number
PK84188
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-04-06
Closed date
2009-05-14
Last modified date
2009-10-03

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

PK90281

Fix information

Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500

Applicable component levels

R610 PSY UK49671
UP09/09/21 P F909

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 December 2021

Tips

PK84188: ORG.OMG.CORBA.NO_PERMISSION (4942430D) VMCID: 0X49424000 MINOR CODE: 30D WHEN CSIV2 IS BEING USED WITH RMI / IIOP REQUEST

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R610 PSY UK49671

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

Document Information

Share your feedback

Need support?