PQ66082: SSO FAILS FOR DBCS USERNAME FOR WAS 3.5.6


APAR

APAR status
Closed as program error.

Error description
Customer found their WPS/Domino could perform SSO while uid is
in English characters, but could not do SSO while uid is in
DBCS Chinese.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security        *
*                 users whose security name contains double    *
*                 byte characters                              *
****************************************************************
* PROBLEM DESCRIPTION: SSO fails if security name contains     *
*                      double byte characters.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
SSO fails for security names containing double byte characters
due to incorrect LTPA Token. The first problem is that double
byte character was treated as single byte character during
encryption and decryption. The second problem is digital
signature is incorrectly calculated by assuming all characters
are single bytes. So user data and digital signature are
incorrectly mapped.
Problem conclusion
Use UTF8 rule while converting user data to byte array, and
also using UTF8 to reverse byte array to string.
Temporary fix
send testing eFix
Comments
APAR information
APAR numberPQ66082
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-09-10
Closed date2002-09-18
Last modified date2002-09-18

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ66082
IBM Group: Software Group
Modified date: 2002-09-18