APAR status
Closed as program error.
Error description
Problem has been resolved in internal defect #179238
This defect is due to the change put into defect 179145. The
change was in the mapDNToName method which is typically only
called when LDAP is the user registry.
However, in CTS, the RI sends an Identity Assertion token with a
DN (instead of Certificate) when the RI client authenticates to
the RI server.
The fix here is to only return a DN in mapDNToName in the case
of a user registry type of LDAP, otherwise return the CN of the
DN as it used to do.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
* using Identity Assertion and a user *
* registry aside from Light-weight Directory *
* Access Protocol (LDAP). *
****************************************************************
* PROBLEM DESCRIPTION: Identity Assertion fails. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Identity Assertion fails as the algorithm assumes a security
name in the format of a Distinguished Name (DN).
Problem conclusion
DNs are now only required if LDAP is in use as the user
registry.
Temporary fix Comments
APAR information |
APAR number |
PQ79836 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-10-20 |
Closed date |
2003-12-16 |
Last modified date |
2003-12-16 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|