PQ91656; 5.0.2.6: Registry does not receive valid
password
Downloadable files
Abstract
The user registry does not receive a valid password if it
contains umlauts or other unrecognized characters.
Download Description
PQ91656 resolves the following problems:
USERS AFFECTED:
WebSphere® Application Server security users implementing custom login.
PROBLEM DESCRIPTION:
When using SSOAuthenticator to perform custom login, authentication fails
if the user password contains characters other than those in the the
platform code pages.
RECOMMENDATION:
When using SSOAuthenticator to perform custom login, if the user password
contains characters not in the
platform code pages, authentication fails. The cause is that the platform
code page is used to convert
the password into bytes.
PROBLEM CONCLUSION:
SSOAuthenticator now encodes password strings using UTF8 instead of
default encoding.
Also contains PQ88519:
USERS AFFECTED:
WebSphere Application Server who have enabled security and are
implementing Custom Login via the deprecated class SSOAuthenticator.
PROBLEM DESCRIPTION:
The WASReqURL cookie was not automatically removed when using
SSOAuthenticator.
RECOMMENDATION:
The WASReqURL cookie was not removed while using SSOAuthenticator to
perform custom login. The reason for this was no domain was specified on
the cookie when it was created, but a domain was specified when destroying
the cookie. This caused some browsers not to destroy the cookie.
PROBLEM CONCLUSION:
When destroying the WASReqURL cookie, the domain is no longer set to match
when it is created.
Prerequisites
Please download the UpdateInstaller below to install this fix.