MVJE - What to do when getting forbidden response from zos connect

Version 5
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MainView for Java Environments


    COMPONENT:

    MainView for Java Environments



    QUESTION:

    What to do when MVJE is getting forbidden response from zos connect


    ANSWER:

    You would need to look at zos connect for any error messages. If it is not obvious, the following path are recommended:

       
    1. verify are we using the right keyrings,      
           
      1. Is the pas CA in the zos connect trust store?
      2.    
      3. Is the zosconnect CA in the pas keystore and truststore (it works best if they are the same)?
      4.   
    2.  
    3. is the certificate mapped to the userid?
    4.  
    5. check BBGZDFLT CLASS(APPL) ACCESS(READ) ID (PAS)
    6.  
    7. check EJBROLE in RACF – pas needs read     
           
      1. BBGZDFLT.zos.connect.access.roles.zosConnectAccess
      2.    
      3. BBGZDFLT.com.ibm.ws.management.security.resource.allAuthenticatedUsers
      4.    
      5. BBGZDFLT.com.ibm.ws.management.security.resource.Reader
      6.    
      7. BBGZDFLT.com.ibm.ws.management.security.resource.Administrator
      8.   
    8.  
    9. look at zos connect ee server.xml     
           
      1. <zosconnect_zosConnectManager        requireAuth="true"                 requireSecure="true"   globalAdminGroup=“MVJEGROUP/>
      2.    
      3. <safAuthorization id="saf-authorization“ racRouteLog="ASIS"/>
      4.    
      5. <ssl id="..."  clientAuthenticationSupported="true"        />      
      6.   

     


    Article Number:

    000371522


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles