PQ59959: LTPATOKEN COOKIE NOT CREATED FOR THE CERTIFICATION AUTHENTICATION CASE

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Customer has a setup with WAS 3.5.3 where they use Trust
Association and users come via TA as well as without going
through it.  Customer notices significant performance
degradation in the case when TA is not used.  That seems to be
because customer uses certificate authentication and we do not
cache certificates.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security        *
*                 users of client certificate authentication.  *
****************************************************************
* PROBLEM DESCRIPTION: Ltpa Token cookie not returned for      *
*                      client certificate authentication.      *
****************************************************************
* RECOMMENDATION: This is a performance APAR. If you are       *
*                 using client certificate, and you also       *
*                 enable SSO, apply this eFix for better       *
*                 performance.                                 *
****************************************************************
While using client certificate authentication, if SSO is
enabled, Ltpa cookie is expected (could be verified from
browser). However, ltpa cookie was never returned. Whenever a
new request is made, the user is reauthenticated via the
user's certificate instead of being validated by an Ltpa
Token.  The former operation requires user registry calls
which can be very time consuming where the latter does not.
Problem conclusion
The expected Ltpa cookie is now returned for client
certificate authentication.
Temporary fix
PQ59959-356.jar
Comments
a testing eFix for 3.5.6 has been send to customer.
APAR information
APAR numberPQ59959
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-04-10
Closed date2002-05-01
Last modified date2002-05-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ61723

Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:PQ61723Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ59959
IBM Group: Software Group
Modified date: 2002-05-29