APAR status
Closed as program error.
Error description
Client uses WebSphere 5.0.2 server and JDK 1.3.1,
Symptom: Authentication fails on wrong credentials as expected
the first time around. It is noticed that when login is tried
the 3rd time, it passes authentication even with wrong
credentials.
This has been fixed in defect 171860. i.e
When clientAuthRequired = true, client allows unauthenticated
cred to flow.
Customer needs a fix built on WSAS 5.0.2.0.
Testcase and instruction are stored on WASDoc1.
Local fix
Replace sas.jar and iwsorb.jar with fix for defect 171860 from
the client jdk.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users using *
* client authentication which succeeds the *
* third time after wrong credentials are *
* entered for the first two times. *
****************************************************************
* PROBLEM DESCRIPTION: When clientAuthRequired = true, *
* client allows unauthenticated Subject *
* to flow through. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Authentication fails on wrong credentials as expected
the first time around. It is noticed that when login is tried
the third time, it passes authentication even with wrong
credentials.
Problem conclusion
UNAUTHENTICATED is no automatically rejected for client
authentication.
The fix for this APAR is currently targeted for inclusion in
fixpack 5.0.2.11. Please refer to the Recommended Updates
page for delivery dates:
http://www-1.ibm.com/support/docview.wss?rs=180&context
=SSEQTP&uid=swg27004980
Temporary fix
Sent a testfix.
Comments
APAR information |
APAR number |
PK00145 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-01-27 |
Closed date |
2005-02-23 |
Last modified date |
2005-05-17 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|