APAR status
Closed as program error.
Error description
Here's how the problem was reported to Distributed Security team
by zOS Security team:
I was assisting an internal IBMer in getting an interop between
ZOS client and Windows server (5.02) . In both cases, the Z
client looks at the IOR, detects an error and kicks it out.
This apar refers to Case #2 as follows:
Case 2 : TAG_NULL_TAG . Windows puts in a length of one and an
empty zero byte. Z expects a length of zero (and skips 4 bytes),
resulting in a misread of target supports/requires and
subsequent misalignment of the rest of the data. The Z code
needs to change to handle this but the spec says the NULL tag
is supposed to have a length of zero.
Currently the application is setup with basic authentication
over non-SSL. This has been tested to work from distributed
cliet to distributed ejb, or z/os client to z/os ejb. We
believe that the credentials don't flow since the z/os client
and the distributed application server can't negotiate a
compatable set of security settings, and the client ends up
choosing no authenctication and no ssl, (no security context)
in the trace. Further diagnosis, needs to be done between both
the distributed server and the z/os client. Currently the z/os
client has TRACEDETAIL=(3,E)
As a workaround for now from distributed changed SSL support to
TCP/IP, changed the server to basic authentication required, and
made the above security xml change integrity=false, identity
assertion enabled, and
Added following parms to orbservice
server1 -> orbservice -> customer properties
com.ibm.CORBA.ORBWCharDefault=UCS2
com.ibm.CORBA.ORBCharEncoding=ISO8859_1
and added a patched sas.jar from the distributed development
which fixed a null tag.
Local fix
workaround testFix from Peter Birk resolved the issue.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server who need to *
* interoperate with Application Servers *
* running on Z/OS with security enabled. *
****************************************************************
* PROBLEM DESCRIPTION: A data structure "TAG_NULL_TAG" was an *
* incorrect lenght. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The data structure "TAG_NULL_TAG" had length of 1 when the
expected length was 0.
Problem conclusion
The length of "TAG_NULL_TAG" was corrected.
Temporary fix
Fix test provided
Comments
APAR information |
APAR number |
PQ81214 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-11-20 |
Closed date |
2003-12-18 |
Last modified date |
2003-12-18 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|