What can cause error message "TibrvException[error=27,message=Not permitted]" when connecting to a RV secure daemon?
Article ID: KB0078771
Updated On:
| Products | Versions |
|---|---|
| TIBCO Rendezvous | - |
| Not Applicable | - |
Description
Secure daemons restrict client access in three ways:
• Only authorized clients can connect to a secure daemon.
• Secure daemons restrict the combinations of network and UDP or PGM service over which client transports can communicate.
• Secure daemons limit the subject space that its clients can access.
If the client program does not satisfy any one of above three criteria, it will cause the error message of "TibrvException[error=27,message=Not permitted]".
• Only authorized clients can connect to a secure daemon.
• Secure daemons restrict the combinations of network and UDP or PGM service over which client transports can communicate.
• Secure daemons limit the subject space that its clients can access.
If the client program does not satisfy any one of above three criteria, it will cause the error message of "TibrvException[error=27,message=Not permitted]".
Issue/Introduction
What can cause error message "TibrvException[error=27,message=Not permitted]" when connecting to a RV secure daemon?
Environment
Version: 8.x.x
Resolution
For #2 and #3, just go to RV secure daemon browser interface to add "Authorize Network and Service Pairs" and "Authorize Subjects" according to the client program's parameters.
For #1, here is a sample procedure. The context includes,
secure daemon uses self-signed certificate;
client uses Java API;
PEM format certificate.
step1:
a/ if the client program opts to accept any daemon identity, before creating the transport, call
TibrvSdContext.setDaemonCert(daemonName, TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_CERT)
if the client program opts to authenticate the daemon's identity, before creating the transport, call
TibrvSdContext.setDaemonCert(daemonName, daemonCert)
daemonCert is the text of the secure deamon's identity certificate. This certificate is specfied as "Daemon to Clients" under "certificate->certicate use". Copy the content of this certificate from the secure daemon and feed it into the client program.
step2:
a/ if the secure daemon opts to authenticate the client using user name and password, then
on secure daemon side, add the user/password on secure daemon;
on client side, call TibrvSdContext.setUserNameWithPassword(username,password).
if the secure daemon opts to authenticate the client using certificate, then
on client side, create a certificate, and call TibrvSdContext.setUserCertWithKey(userCertWithKey,password).
on secure daemon side, create a dummy user, and assign a cert to it with public key of the client's certificate.
For #1, here is a sample procedure. The context includes,
secure daemon uses self-signed certificate;
client uses Java API;
PEM format certificate.
step1:
a/ if the client program opts to accept any daemon identity, before creating the transport, call
TibrvSdContext.setDaemonCert(daemonName, TibrvSdContext.TIBRV_SECURE_DAEMON_ANY_CERT)
if the client program opts to authenticate the daemon's identity, before creating the transport, call
TibrvSdContext.setDaemonCert(daemonName, daemonCert)
daemonCert is the text of the secure deamon's identity certificate. This certificate is specfied as "Daemon to Clients" under "certificate->certicate use". Copy the content of this certificate from the secure daemon and feed it into the client program.
step2:
a/ if the secure daemon opts to authenticate the client using user name and password, then
on secure daemon side, add the user/password on secure daemon;
on client side, call TibrvSdContext.setUserNameWithPassword(username,password).
if the secure daemon opts to authenticate the client using certificate, then
on client side, create a certificate, and call TibrvSdContext.setUserCertWithKey(userCertWithKey,password).
on secure daemon side, create a dummy user, and assign a cert to it with public key of the client's certificate.
Feedback
Yes
No
Powered by
