GSKit
Posted: Tue Mar 10, 2026 12:42 pm
Hi everyone, I have an issue accessing the API that returns a token to me.
Claude AI told me the reason and the solution, what do you think about it?
Actions to test (in order of priority)
Check the permissions on the *SYSTEM keystore file:
In the 5250 command line, run:
WRKLNK '/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB' --> I don't have access
then option 9 (Display authority). Your profile (or *PUBLIC) must have at least *R (read) access.
If this is not the case, ask an admin to run:
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB') USER(YOUR_PROFILE) DTAAUT(*R)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB') USER(YOUR_PROFILE) DTAAUT(*R)
___________________________________________________
Here is the call log:
The log confirms that gsk_env_init fails — my profile does not have authorization to access the *SYSTEM keystore.
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
TLS version 1.3 support enabled
initializing GSK environment
(GSKit) Access to the key database is not allowed.
ssl_error(6003): (GSKit) Access to the key database is not allowed.
SetError() 24: gsk_env_init: (GSKit) Access to the key database is not allowed.
http_close(): entered
________________________________________________________
Here is how I access this API:
// =================================================================
// GETTOKEN : OAuth2 PUT call to retrieve an access_token
// =================================================================
Dcl-Proc GETTOKEN Export;
Dcl-pi GETTOKEN;
Prm_Token char(2048);
Prm_TokenType char(50);
Prm_Retour char(3);
Prm_MessageErreur char(200);
end-pi;
Dcl-S lUrl varchar(400);
Dcl-S lBody varchar(2000);
Dcl-S lMyJSON varchar(32767:4) Inz(*Blanks);
Dcl-S lRc int(10) Inz;
Dcl-S lErreur_http int(10);
Dcl-S lwwErrorMsg char(80);
lMyJSON = *blanks;
Prm_Token = *blanks;
Prm_TokenType = *blanks;
Prm_Retour = *blanks;
Prm_MessageErreur = *blanks;
file_debug = '/tmp/token' + %trim(user) + '.log';
if w_debug = 'O';
http_debug(*ON: file_debug);
else;
http_debug(*OFF: file_debug);
endif;
Http_xproc(HTTP_POINT_ADDL_HEADER:%paddr(SetHeaderToken));
lUrl = 'https://wamwg-int.groupement.systeme-u.fr'
+ '/wam/oauth2/intranet_u_centrale/access_token';
http_setCCSIDs( 1208: 0 );
http_setoption( 'NETWORK-CCSID' : '1208' );
HTTP_SetFileCCSID(1208);
// SSL Initialization: *SYSTEM certificate store (DCM)
https_init('*SYSTEM');
monitor;
lBody = 'grant_type=client_credentials'
+ '&client_id=suiviperf-adiddaaxxxion-ms-int'
+ '&client_secret=%5DdBH6%5gght%21KLR%24%3F.fk%3Fp%23'
+ '&scope=default';
lRc = http_req( 'POST'
: lUrl
: *omit
: lMyJSON
: *omit
: lBody
: 'application/x-www-form-urlencoded' );
If lRc = 1 or lRc = 200;
data-into Ds_Token
%DATA(lMyJSON
: 'doc=string case=convert +
allowextra=yes allowmissing=yes')
%PARSER('YAJLINTO');
Prm_Token = Ds_Token.access_token;
Prm_TokenType = Ds_Token.token_type;
Prm_Retour = '200';
else;
Prm_Retour = %Char(lRc);
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;
on-error;
http_error(lErreur_http);
lwwErrorMsg = http_error(lErreur_http);
http_dmsg('GETTOKEN Error #' +
%trim(%editc(lErreur_http:'L')) +
': '+ lwwErrorMsg);
Prm_Retour = %subst(lwwErrorMsg:10:3);
if Prm_retour = '404';
Prm_MessageErreur = 'HTTP/1.1 404 Not Found';
else;
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;
endmon;
Return;
End-Proc GETTOKEN;
```"
Claude AI told me the reason and the solution, what do you think about it?
Actions to test (in order of priority)
Check the permissions on the *SYSTEM keystore file:
In the 5250 command line, run:
WRKLNK '/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB' --> I don't have access
then option 9 (Display authority). Your profile (or *PUBLIC) must have at least *R (read) access.
If this is not the case, ask an admin to run:
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB') USER(YOUR_PROFILE) DTAAUT(*R)
CHGAUT OBJ('/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB') USER(YOUR_PROFILE) DTAAUT(*R)
___________________________________________________
Here is the call log:
The log confirms that gsk_env_init fails — my profile does not have authorization to access the *SYSTEM keystore.
SSL version 2 support disabled
SSL version 3 support disabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
TLS version 1.3 support enabled
initializing GSK environment
(GSKit) Access to the key database is not allowed.
ssl_error(6003): (GSKit) Access to the key database is not allowed.
SetError() 24: gsk_env_init: (GSKit) Access to the key database is not allowed.
http_close(): entered
________________________________________________________
Here is how I access this API:
// =================================================================
// GETTOKEN : OAuth2 PUT call to retrieve an access_token
// =================================================================
Dcl-Proc GETTOKEN Export;
Dcl-pi GETTOKEN;
Prm_Token char(2048);
Prm_TokenType char(50);
Prm_Retour char(3);
Prm_MessageErreur char(200);
end-pi;
Dcl-S lUrl varchar(400);
Dcl-S lBody varchar(2000);
Dcl-S lMyJSON varchar(32767:4) Inz(*Blanks);
Dcl-S lRc int(10) Inz;
Dcl-S lErreur_http int(10);
Dcl-S lwwErrorMsg char(80);
lMyJSON = *blanks;
Prm_Token = *blanks;
Prm_TokenType = *blanks;
Prm_Retour = *blanks;
Prm_MessageErreur = *blanks;
file_debug = '/tmp/token' + %trim(user) + '.log';
if w_debug = 'O';
http_debug(*ON: file_debug);
else;
http_debug(*OFF: file_debug);
endif;
Http_xproc(HTTP_POINT_ADDL_HEADER:%paddr(SetHeaderToken));
lUrl = 'https://wamwg-int.groupement.systeme-u.fr'
+ '/wam/oauth2/intranet_u_centrale/access_token';
http_setCCSIDs( 1208: 0 );
http_setoption( 'NETWORK-CCSID' : '1208' );
HTTP_SetFileCCSID(1208);
// SSL Initialization: *SYSTEM certificate store (DCM)
https_init('*SYSTEM');
monitor;
lBody = 'grant_type=client_credentials'
+ '&client_id=suiviperf-adiddaaxxxion-ms-int'
+ '&client_secret=%5DdBH6%5gght%21KLR%24%3F.fk%3Fp%23'
+ '&scope=default';
lRc = http_req( 'POST'
: lUrl
: *omit
: lMyJSON
: *omit
: lBody
: 'application/x-www-form-urlencoded' );
If lRc = 1 or lRc = 200;
data-into Ds_Token
%DATA(lMyJSON
: 'doc=string case=convert +
allowextra=yes allowmissing=yes')
%PARSER('YAJLINTO');
Prm_Token = Ds_Token.access_token;
Prm_TokenType = Ds_Token.token_type;
Prm_Retour = '200';
else;
Prm_Retour = %Char(lRc);
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;
on-error;
http_error(lErreur_http);
lwwErrorMsg = http_error(lErreur_http);
http_dmsg('GETTOKEN Error #' +
%trim(%editc(lErreur_http:'L')) +
': '+ lwwErrorMsg);
Prm_Retour = %subst(lwwErrorMsg:10:3);
if Prm_retour = '404';
Prm_MessageErreur = 'HTTP/1.1 404 Not Found';
else;
if %len(lMyJSON) > 0;
Prm_MessageErreur = %subst(lMyJSON : 1 :
%min(%len(lMyJSON) : 200));
endif;
endif;
endmon;
Return;
End-Proc GETTOKEN;
```"