PQ60372: WEBSPHERE AUTHENTICATION FAILS WHEN USERID BELONGS TO DOUBLE BYTE CHARACTER SET (DBCS) GROUP NAME


APAR

APAR status
Closed as program error.

Error description
Problem occurs either:
- when logging into Websphere Application Server admin console
- when logging into portal server (WPS)
when the login userid is an ldap userid that belongs to a group
name that is double byte character set (I.E. Japanese dbcs grou
name).
Login fails authentication with message indicating userid or
password may be invalid. Adminserver orb tracing shows a marsha
exception.
Problem occurs either:- when logging into Websphere Application Server admin console- when logging into portal server (WPS)when the login userid is an ldap userid that belongs to a groupname that is double byte character set (I.E. Japanese dbcs grouname).Login fails authentication with message indicating userid orpassword may be invalid. Adminserver orb tracing shows a marshaexception.
Local fix
testfix is to replace iioprt.jar and rmiorb.jar with patched
files and set ORBCharEncoding=UTF8 on server (in admin config).
Efix has been created to package this fix.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users of    *
*                 double byte characters, WPS, and Domino      *
*                 LDAP to get authentication.                  *
****************************************************************
* PROBLEM DESCRIPTION: User is authenticated by Domino LDAP    *
*                      to login to WPS. If the user has been   *
*                      registered to DBCS name group on        *
*                      Domino, a user cannot login to WPS      *
*                      due to invalid user id.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A client talks to server(session bean) by RMI,  both client
and server are running in Japanese machine.  In the server,
user uses IDL to create a credential object, and this object
contains some double byte char string. However, this RMI call
can not return, and throws a CORBA Marshal exception.
java.rmi.ServerException: RemoteException occurred in server
thread; nested exception is:

 java.rmi.MarshalException: CORBA MARSHAL 0 No; nested
exception is:thread; nested exception is:java.rmi.MarshalException: CORBA MARSHAL 0 No; nested
org.omg.CORBA.MARSHAL minor code: 0 completed: No java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:exception is:org.omg.CORBA.MARSHAL minor code: 0 completed: Nojava.rmi.MarshalException: CORBA MARSHAL 0 No; nested
org.omg.CORBA.MARSHAL minor code: 0 completed: No org.omg.CORBA.MARSHAL minor code: 0 completed: No ----- Begin backtrace for detail java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is:exception is:org.omg.CORBA.MARSHAL minor code: 0 completed: Noorg.omg.CORBA.MARSHAL minor code: 0 completed: No----- Begin backtrace for detailjava.rmi.MarshalException: CORBA MARSHAL 0 No; nested
org.omg.CORBA.MARSHAL minor code: 0 completed: No org.omg.CORBA.MARSHAL minor code: 0 completed: No ----- Begin backtrace for detail org.omg.CORBA.MARSHAL minor code: 0 completed: No
exception is:org.omg.CORBA.MARSHAL minor code: 0 completed: Noorg.omg.CORBA.MARSHAL minor code: 0 completed: No----- Begin backtrace for detailorg.omg.CORBA.MARSHAL minor code: 0 completed: No
Problem conclusion
Problem occurs when a local copy is made in the stubs of data
containing non default tcs.Util.copyObject(s).  The failure
occurs because there is no connection from which to get the
tcs, so default ASCII is used.  This is not appropriate for
Japanese codesets and other DBCS languages.  The solution is
to get the default tcs from the orb that was set via the
property com.ibm.CORBA.ORBCharEncoding and use this during
the copy.
Temporary fix
Comments
APAR information
APAR numberPQ60372
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-04-22
Closed date2002-06-20
Last modified date2002-06-27

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one


Modules/Macros
ORB
or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ60372
IBM Group: Software Group
Modified date: 2002-06-27