Users who run clients can programmatically set up the authorization scheme to be enforced on a per invocation basis. The properties and configuration information required depends on the configured authorization scheme. Refer to Section 3, “Configuring ”

2. Command line tools

There is no support for this type of interface.

3. Graphical user interfaces

This component has no graphical user interfaces.

4. Troubleshooting

4.1. Authorization failed

Using self authorization: Ensure that the client is running with the same credentials as the effective server-side credential (resource, service, container credential, in the order of occurrence).
Using host authorization:
- Ensure that the effective server-side credential (resource, service, container credential, in the order of occurrence) is the host credential of the machine on which the service is running.
- Ensure that the client is not using 127.0.0.1 as the host address to access the service, but the actual host name.
Using identity authorization: Ensure that the DN matches the server's DN exactly. If using the command line interface quotes might have to be placed around the DN string for spaces to be maintained.

4.2. No authorization with delegation fails

When using GSI Secure Conversation delegation of credentials cannot be done if no authorization of the server is done (that is, if client side authorization is set to none). Use any other form of authorization while delegating.

Alternatively, Delegation Service can be used to delegate credentials in scenarios where delegated credentials are required but no authorization of the server is required.

	Important
	Delegating credentials without authorizing server is not recommended since a malicious server can obtain the client's credential.

Prev	Up	Next
GT4 WS AA Admin Guide	Home	GT4 WS AA Developer's Guide