Troubleshooting Problems in the JAAS Modules

In order to troubleshoot JAAS modules,

Procedure

  1. Add JAAS to the EMS server trace options in the main server configuration file: 
    console_trace = DEFAULT,+JAAS,+JVM,+JVMERR
  2. Enable debugging in the JAAS module itself, by setting the debug parameter to true: 
    EMSUserAuthentication {
      com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication required
      debug="true"
      tibems.ldap.url="ldap://ldapserver:389"
      tibems.ldap.user_pattern="CN=%u"
 };
    Warning: Note that enabling the debug flag may create security vulnerabilities by revealing information in the log file. This parameter should be enabled only for troubleshooting purposes.

Result

This will provide a list of parameters passed into LDAP, which is useful in identifying any mistyped parameters or default values that need to be changed. Verbose output is provided to help identify the problem.

When developing a custom JAAS module, it is possible for a runtime exception inside a JAAS method to cause the JAAS module to fail. In those cases, catching and printing exceptions to the default output stream provides valuable information.