APAR status |
Closed with unknown close code.
| Error description
With user info( such as first name or last name)
in DBCS chinese characters, after login to
the WPS or WAS successfuly, then when access the
domino web server, domino will challege the user
with a login page with error msg
"Your session with the server has expired or is invalid".
But when SSO from one WPS server to the other WPS server
or SSO from one WAS server to the other WAS was fine.
when the user info totally in english charcters (SBCS),
the SSO from WAS or WPS to domino is fine, and so do
from domino to WAS/WPS is fine. The problem only happens
when user info has chinese field ( uid is in english, but
first name or last name is in chinese DBCS chars ).
.
WAS Change Team (L3) supplied an efix and it fixed the problem.
.
The root cause for this defect is that WebSphere and Domino
calculate digital signature differently if user name
contains dbcs. While converting user name to byte array to
calculate digital signature,websphere treated every character
as single byte character. With this fix, Websphere is now
using UTF8 to calculate digital signature. Local fix
request a copy of the efix from WAS C/T. Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security *
* customers who use double byte characters *
* in user's security name. *
****************************************************************
* PROBLEM DESCRIPTION: SSO between WebSphere and non *
* WebSphere products(such as Domino) *
* fails if user security name contains *
* double byte characters. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
SSO between websphere and non WebSphere products fails if
security name contains double byte character. The root cause
is was a difference in algorithms used to create digital
signatures. Problem conclusion
Change WebSphere security to follow UTF8 conversion rule to
calculate digital signature. First using UTF8 rule to convert
user name to a byte array, then caclulate digital signature
from the byte array. Temporary fix
provide test eFix Comments
APAR information | APAR number | PQ61389 | Reported component name | WEBSPHERE AE AI | Reported component ID | 5648C8400 | Reported release | 350 | Status | CLOSED | PE | NoPE | HIPER | NoHIPER | Submitted date | 2003-03-03 | Closed date | 2003-03-03 | Last modified date | 2003-03-17 |
APAR is sysrouted FROM one or more of the following: PQ66136
APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:PQ66136APAR is sysro
Modules/Macros uted TO one or more of the following:Modules/Macros
|
Fix information |
Fixed component name | WEBSPHERE AE AI | Fixed component ID | 5648C8400 |
Applicable component levels | R400 PSY | UP |
|