APAR status
Closed as program error.
Error description
Cache is based on short login name, not security name (DN).
TAI sends the DN instead of shortname to websphere, thus
credential for the DN is not cached and user gets authenticated
multiple times. This causes performance problems.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server who have *
* enabled security and configured Trust *
* Association to authenticate users. *
****************************************************************
* PROBLEM DESCRIPTION: Using Trust Association may cause *
* significant performance issues in *
* requests which are validated by the *
* Trust Association Interceptor. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
WebSphere security credential is cached based on user's login
name, not uniqueSecurityName. If a Trust Association
Iterceptor passes the uniqueSecurityName (which is the user's
DN for LDAP registries), security had to map user to
security credential multple times instead of just once, which
degrades security performance.
Problem conclusion
The cache now allows for security credential lookup by a
user's uniquesecurityname.
Temporary fix
Provide test fix
Comments
APAR information |
APAR number |
PQ88472 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-05-05 |
Closed date |
2004-05-10 |
Last modified date |
2004-05-10 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|