Troubleshooting Web Express Logon

Web Express Logon depends on a number of independent processes working together to function properly. Some of these processes run on the Z and I Emulator for Web client while others run on other host systems. When one or more of these processes break down, you must be able to determine which process is causing the problem in order to resolve it appropriately. This portion of the document is devoted to that purpose.

If you have problems with Web Express Logon, analyze the type of results you receive and any accompanying informational messages. Some of these informational messages are included as part of the Z and I Emulator for Web client by way of an interactive panel, and/or they may be part of a server-based log.

Assuming that Web Express Logon is not functioning properly (that is, you are not logged in a host emulation session), ask yourself the following questions:
  1. Did the Z and I Emulator for Web client display an error message panel?
    • If yes, skip to Web Express Logon client-side messages.
    • If no, verify the following on your session configuration panel:
      • Have you enabled Express Logon for the session that you are currently running? To do this, highlight your session and select Properties under the Configure drop-down menu in the Deployment Wizard. On the left side of the window, select Express Logon under Connection and click Yes to enable Express Logon.
      • Is this a 5250 session and you are using a Kerberos passticket for authentication? If so, you will need to make sure you select Yes for the Use Kerberos Passticket option on the Express logon window of session properties.
  2. Are you using macro-based automation? If so, verify the following items:
    • When creating the macro, verify that you selected Web Express Logon (not Certificate Express Logon) on the Record macro window.
    • If you are expecting the macro to run when the session is started, verify that you have selected Auto-Start macro in your session configuration.
  3. Did your automation macro run but not provide the appropriate credentials to log in the user? This means that you have properly accessed the Credential Mapper Web application, but something is not functioning properly within that environment. You should enable server-side logging and attempt another credential automation event. Then look in the log that is created and refer to Web Express Logon server-side messages.
  4. Are you using IBM WebSphere Application Server and have Java 2 security enabled? If so, please check to make sure that the following permissions are granted in the was.policy file, which is located in the META-INF directory.
    permission "<<ALL FILES>>", "write";
    You can change <<ALL FILES>> to whichever directory you specifed in the CMPI_TRACE_LOG_FILE parameter in the web.xml file.
    permission java.lang.RuntimePermission "accessClassInPackage.sun.jdbc.odbc";
    This applies to the JDBC database Host Credential Mapper (HCM).