PQ58739: USER AUTHENTICATION CREATES TWO CREDENTIALS INSTEAD OF ONE.

Fixes are available
WebSphere Application Server Version 4.0 Fix Pack 3 (Version 4.0.3)
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)
PQ58739: LTPA performance issue - Searches are done twice instead of once

APAR

APAR status
Closed as program error.

Error description
WebSphere security performs MapCredentials immediately followed
by Validate when a user makes the first request. Both of these
calls end up authenticating the same user twice. In particular,
the call to getGroupsForUser takes several seconds on each of
the two occasions. If we could take away one of these
(seemingly redundant) calls (the one made during Validate),
this would significantly improve performance for the customer.
Local fix
an efix has been created for the problem
ltp-cred-cache-354.jar
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Servers users of       *
*                 LTPA authentication with custom login.       *
****************************************************************
* PROBLEM DESCRIPTION: Performance improvement for LTPA        *
*                      authentication with custom login or     *
*                      Form login                              *
****************************************************************
* RECOMMENDATION: Apply this efix to improve performance for   *
*                 Ltpa authentication.                         *
****************************************************************
This is a performance improvement efix.  In this efix, we
use credential cache technique to reduce the number of LTPA
server calls. For custom/Form login with Ltpa authentication,
the number of ldap searches are reduced by half.
Problem conclusion
Unnecessary ldap searches may cause performance problem.
Temporary fix
The efix PQ58739-354.jar is placed in
wasdoc0\Apars\PQ58739\3.5.x
Comments
The efix has been send to client before the APAR was created,
so we rename the efix with Apar name.
APAR information
APAR numberPQ58739
Reported component nameWAS ADVANCED SU
Reported component ID5648C8402
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-03-05
Closed date2002-03-13
Last modified date2002-04-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ59461PQ60461

Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:PQ59461PQ60461Modules/Macros

Fix information
Fixed component nameWAS ADVANCED SU
Fixed component ID5648C8402

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ58739
IBM Group: Software Group
Modified date: 2002-04-24