0

I'm looking to connect to a DB2 Warehouse on Cloud (DB2 WoC) Server using JDBC and IBMid/Password, provided IAM is enabled on the database instance. It is enabled on my Db2 WoC server. Here's the piece of code I'm trying to connect (This method is described here):

import com.ibm.db2.jcc.DB2SimpleDataSource
val dataSource: DB2SimpleDataSource = new DB2SimpleDataSource()

dataSource.setDriverType(4)
dataSource.setDatabaseName("BLUDB")
dataSource.setServerName("<server url>")
dataSource.setPortNumber(50001)
dataSource.setSslConnection(true)
dataSource.setSecurityMechanism(com.ibm.db2.jcc.DB2BaseDataSource.PLUGIN_SECURITY)
dataSource.setPluginName("IBMIAMauth")
val conn = dataSource.getConnection("<ibmid>", "<password>")

While trying to connect using this way, I get an error Connection authorization failure occurred. Reason: Invalid GSSAPI server credential. ERRORCODE=-4214, SQLSTATE=28000. Searching for this error on the internet led me to nowhere. Why is this happening? (My server URL is correct).

EDIT: I'm using db2jcc4.jar driver version 4.26.14 and I'm running this code on my local system trying to connect to the server url.

mustaccio
  • 18,234
  • 16
  • 48
  • 57
Sparker0i
  • 1,787
  • 4
  • 35
  • 60
  • Edit your question to add the exact version of the jdbc driver that you are using, and whether that driver itself is running on premises, or also in the cloud. – mao Aug 02 '19 at 13:59
  • I'm trying to run the code through my local system and I'm using db2jcc4 driver version 4.26.14 – Sparker0i Aug 02 '19 at 14:13
  • Can you also edit to include the (redacted) entries in your db2dsdriver.cfg? – mao Aug 02 '19 at 15:56
  • Hi, I'm using [DB2 Warehouse](https://cloud.ibm.com/catalog/services/db2-warehouse) provisioned by IBM Cloud. I'm not sure how to access the file you're mentioning on the cloud. – Sparker0i Aug 02 '19 at 17:20
  • This is an XML file on your local workstation that is not present unless created by user action. You can use either the db2cli command line tool to create and edit it, or you can hand-edit. Suggest that *before* you try your own java program with userid/password for IAM, that you first get the ibm tool called CLPPlus (it is a java program) working with the same credentials per the docs at https://www.ibm.com/support/knowledgecenter/en/SS6NHC/com.ibm.swg.im.dashdb.security.doc/doc/iam.html#iam__odbc When CLPPlus works with these credentials then work on your jdbc , they share same config. – mao Aug 02 '19 at 21:11

1 Answers1

1

Not really an answer but this is too big for a comment.

You can troubleshoot connectivity problems without CLPPlus, as the driver itself contains an embedded test program that you can invoke like so:

java -cp /path/to/db2jcc4.jar com.ibm.db2.jcc.DB2Jcc \
-url "jdbc:db2://whatever.bluemix.net:50001/BLUDB:sslConnection=true;sslCertLocation=/path/to/DigiCertGlobalRootCA.crt;" \
-user whatever -password "secret"

Note the reference to the server certificate.

The above works on both the JDBC 3.0 driver db2jcc.jar which is now depreciated, and the JDBC 4.0 driver db2jcc4.jar

Paul Vernon
  • 3,818
  • 1
  • 10
  • 23
mustaccio
  • 18,234
  • 16
  • 48
  • 57