APAR status |
Closed as program error.
| Error description
Environment:
WebSphere Application Server 3.5.6
.
Description:Environment:WebSphere Application Server 3.5.6.
Customer was using WAS 3.5.3, and when trust association is
enabled, they are still able to authentication via other methods
(basic, certificate, etc.). After upgrading to WAS 3.5.6,
enabling trust association caused any authentication to be
treated as if it is coming from WebSeal. As a result,
authentication done via basic, certificate, etc. fail because
they don't contain the header information that the trust
association interceptor expects. Description:Customer was using WAS 3.5.3, and when trust association isenabled, they are still able to authentication via other methods(basic, certificate, etc.). After upgrading to WAS 3.5.6,enabling trust association caused any authentication to betreated as if it is coming from WebSeal. As a result,authentication done via basic, certificate, etc. fail becausethey don't contain the header information that the trustassociation interceptor expects. Local fixProblem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who *
* enable Trust Association with WebSeal. *
****************************************************************
* PROBLEM DESCRIPTION: After Trust Association is enabled with *
* WebSeal, authentication fails if the *
* request is not via WebSeal. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
After Trust Association is enabled with WebSeal,
authentication fails if the request is not from WebSeal.
If the request header contains a 'via' tag (even if
this tag has no value), authentication functioned as expected.
However, if the 'via' tag was missing, then authentication
fails. Problem conclusion
The WebSeal Trust Association interceptor now checks if the
'via' tag value is not present and treats this condition the
same as if the 'via' tag was not present in the request
header. Temporary fix
send a testing eFix to customer Comments
APAR information | APAR number | PQ61020 | Reported component name | WAS ADVANCED SU | Reported component ID | 5648C8402 | Reported release | 350 | Status | CLOSED PER | PE | NoPE | HIPER | NoHIPER | Submitted date | 2002-05-10 | Closed date | 2002-05-22 | Last modified date | 2002-05-29 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:
PQ61724PQ61737PQ61738
Modules/Macros APAR is sysrouted TO one or more of the following:PQ61724PQ61737PQ61738Modules/Macros
|
Fix information |
Fixed component name | WAS ADVANCED SU | Fixed component ID | 5648C8402 |
Applicable component levels | R350 PSY | UP |
|