PQ51887: EXPIRED CREDENTIAL ON A SESSION REPEATEDLY GIVES OUT " PRINCIPALAUTHENTICATORIMPL VALIDATE IBM WEBSPHERE" ERROR

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Expired Credentials on a Session repeated gives out the
following error message in the tracefile. No visibile effect on
funtionality observed.
.
PrincipalAuthenticatorImpl validate IBM WebSphere Security   0,
0, com.ibm.WebSphereSecurity.ValidationFailedException
.
Change in the LTPA Credential timeout changes the time it takes
for the cred to timeout.
Local fix
fix does not do a relogin but it does remove the security
session on the client side for the expired credential so that
it could relogin if the userid/password credentials are made
available (either via cache or login).
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server 3.5 users   *
*                 of security.                                 *
****************************************************************
* PROBLEM DESCRIPTION: Expired credential on session does not  *
*                      get clean up on the client.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the LTPA token expired on the client session, server
throws validation failed exception when client makes
a request to the server.  However, server does not throw back
the failure reason back along with the exception.  This causes
client to not refresh the LTPA token and fails all of the
subsequent requests.
Problem conclusion
Server now throws back the correct exception message and
the client will update the session accordingly.
Temporary fix
Available
Comments
APAR information
APAR numberPQ51887
Reported component nameWAS ADVANCED SU
Reported component ID5648C8402
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-08-28
Closed date2002-01-30
Last modified date2002-01-30

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED SU
Fixed component ID5648C8402

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ51887
IBM Group: Software Group
Modified date: 2002-01-30