All Apps and Add-ons

JMX Authentication to Websphere 8.5.5

mux
Explorer

We have the Splunk_TA_jmx 3.1.1 as well as Splunk_TA_ibm-was 3.1.0 . We are running Splunk 6.4.1 connecting to Websphere 8.5.5.

At the time of the meeting we were able to make the connection work, but now it looks like we still can’t access any of the more advanced JMX data due to a security restriction in WAS. It looks like the user that Splunk is connecting with does not have the sufficient role to access the data. We are currently connecting with an ID that is cindigured as an administrator, so it should have all the access it needs. Based on the messages, I’m not sure if the user ID is getting passed since the error seem to think the user is “UNAUTHENTICATED”. I have put the username and password of the Admin ID into the configuration task, but that doesn’t seem to work. Is there somewhere else this needs to be configured? We can connect with the userid via the JCOSNOLE

16:54:07.606 com.ibm.rmi.corba.ClientDelegate invoke:754 pool-1-thread-3 ORBRas[default] javax.management.JMRuntimeException: ADMN0022E: Access is denied fo
r the getName operation on J2CManagedConnectionFactory MBean because of insufficient or empty credentials.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Verifying if related to Known Issue ADDON-8208

0 Karma

mux
Explorer

We believe it is realted to ADDON-8208, do you know if there is a timeframe when that will be fixed?

0 Karma

sloshburch
Splunk Employee
Splunk Employee

@mux - I see the support case was resolved with some ssl tweaks on the IBM side (thanks @tengmark_splunk, @tylerengmark!). Would you post your solution? Depending on what it was, I may see if appropriate to have it included in our docs.

0 Karma

mux
Explorer

That was for the connection itself, We did resolve that by changing a websphere setting but have not been able to pass credentials.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Oh ok - thanks for clarifying. I understand y'all were gonna open a support ticket for this to have the credential passing part investigated. I don't see such a case but let me know if I missed something? A support case is the best way to get attention and help with this.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

I understand the support case was closed and there may have been some config needed on the WAS side. Is that the resolution to this question @mux?

0 Karma

ppawelcz
New Member

Hi mux,
can you provide more details how this issue was solved by changing websphere settings?

0 Karma

DomenicTroilo1
Loves-to-Learn Lots

Hi, we are also seeing the same error "unknown credentials" with out JMX connection to WebSphere.   Did you just disable security in WebSphere (BAD can not be done on our servers) or did you update some security settings in WebSphere?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...