app-connector and JAAS alias issue when accessing HCL Connections repository

Troubleshoot the app-connector and JAAS alias issue when accessing HCL Connections repository.

Problem

When a user creates a new file or edits an uploaded file, an error message or error page is shown. A exception similar to the following one is found in the Docs server JVM log:

[4/27/15 17:05:04:664 CDT] 00000122 LCFilesQCSRep W   [S2S call Response Code]: 403 
[4/27/15 17:05:04:664 CDT] 00000122 LCFilesQCSRep W   [S2S call Response Body]: java.io.ByteArrayInputStream@ff915d20 
Exception occurred with error code: CLFAD1099, message: Error occurred while accessing the repository, 
and additional data: {} com.ibm.concord.spi.exception.RepositoryAccessException: 
Exception occurred with error code: CLFAD1099, message: Error occurred while accessing the repository, and additional data: {} 
[4/27/15 17:05:04:680 CDT] 00000122 Job     E   W:\job_cache\default_org\job_cache
\80\832\7d3b0bd9-ff34-4469-9d44-ca19365c9adc\239a6485dd1ba8eb32abb926dfdd8874\error.json
 com.ibm.concord.job.exception.JobExecutionException: com.ibm.concord.spi.exception.RepositoryAccessException: 
Exception occurred with error code: CLFAD1004, message: Cannot connect to repository server(SSL issue, etc.), 
and additional data: {"docUri":"7d3b0bd9-ff34-4469-9d44-ca19365c9adc","repo_err_code":"","repo_err_msg":"","repo_http_status":1004}

Cause

The users set in the JAAS alias for the HCL Connections administrator (by default, connectionsAdmin) and in the Files role app-connector are not the same or not workable.

Resolving the problem

  1. Find the user set in the JAAS alias for the HCL Connections administrator by clicking WebSphere Integrated Solutions Console > Security > Global Security > Java Authentication and Authorization Service > J2C authentication data.
  2. Find the user set in the Files role app-connector by clicking WebSphere Integrated Solutions Console > Applications > All applications > Files > Security role to user/group mapping.
  3. Verify that the two values that are found in step 1 and step 2 are the same. If not, change them, and then restart the Deployment Manager, nodes, Files application, and Connections Docs application.
  4. If the two values that are found in step 1 and step 2 are the same, complete the following steps to create a new JAAS alias for the HCL Connections administrator, and try again. 
    • Create a new JAAS alias. The user ID can be a WIM user or a user in LDAP. Click WebSphere Integrated Solutions Console > Security > Global Security > Java Authentication and Authorization Service > J2C authentication data > New.
    • Update the Files role app-connector to the same user ID that was set for the new JAAS alias. Click WebSphere Integrated Solutions Console > Applications > All applications > Files > Security role to user/group mapping.
    • Open <WAS_HOME>/profiles/<DMGR>/config/cells/{cellname}/IBMDocs-config/concord-config.json and change j2c_alias under com.ibm.docs.repository.files.LCFilesCMISRepositoryto the new created JAAS alias.
    • Restart the Deployment Manager, nodes, and Files and Connections Docs applications.