IBM Content Navigator (ICN)

Websphere CWWIM4537E No Principal is Found

October 7, 2020

After successfully installing and configuring IBM Content Navigator (ICN) 2.0.3.7 into a Separate deployed WAS JVM, received error while logging in for all domain users.

The user id or password is not valid for the server after providing the correct credentials. Below is the screenshot of the problem description:

websphere cwwim4537e no principal is found

Here is the SystemOut.log entry of exception:

websphere cwwim4537e no principal is found

com.ibm.websphere.wim.exception.PasswordCheckFailedException:
CWWIM4537E No principal is found from the ‘it_cptr_op3’ principal name.
at com.ibm.ws.wim.ProfileManager.loginImpl(ProfileManager.java:3699)
at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:339)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at com.ibm.ecm.struts.actions.authentication.LTPASSOLogon.doJAASLogin(LTPASSOLogon.java:342)
doContainerLogin(ContainerLogonAction.java:288)
executeBaseAction(DesktopLogonAction.java:185)
at com.ibm.ecm.jaxrs.Actions.loadAndExecuteAction(Actions.java:280)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest
(InvokeMethodHandler.java:63)
at org.apache.wink.server.internal.RequestProcessor.handleRequestWithoutFaultBarrier
(RequestProcessor.java:207)
at org.apache.wink.server.internal.RequestProcessor.handleRequest(RequestProcessor.java:154)
at org.apache.wink.server.internal.servlet.RestServlet.service(RestServlet.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1657)
at com.ibm.ecm.filters.ESAPIWafFilter.doFilter(ESAPIWafFilter.java:231)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)

Problem was still the same even though done the following tasks:

  • Add entrt of com.ibm.websphere.orb.uniqueServerName on JVM.
  • Exporting and importing LTPA keys manually.
  • Import Your Content Engine LTPA Keys (ICN Configuration profile)

Please do the following steps into your ICN deployed WAS JVM:

  1. Logon to WAS admin Console.
  2. Go to Security -> Global Security.
  3. Select Federated Repositories -> AD (Select your domain)
  4. Under the Security section amend the Login Properties field from cn to cn;uid.
  5. Apply, Save and close the WAS console.
  6. Restart the WAS and try to logon again.
ibm content navigator desktop authentication

Users will logon successfully afterwards.

You Might Also Like

No Comments

Leave a Reply