PK28460: LTPA TOKEN VALIDATION FAILED BEFORE THE EXPIRATION TIME OUT VALUE.

 Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for AIX
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for HP-UX
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Linux
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for HP-UX
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Solaris
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Windows
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Linux
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Solaris
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Windows
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for AIX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Windows
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Solaris
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Windows
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Solaris
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Solaris
6.1.0.7 WebSphere Application Server V6.1 Fix Pack 7 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for AIX
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for AIX
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Windows
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for HP-UX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Linux
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Windows
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for HP-UX
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for i5/OS
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for i5/OS
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for AIX
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Linux
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Windows
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Windows
6.1.0.9 WebSphere Application Server V6.1 Fix Pack 9 for AIX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for i5/OS
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Windows
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for HP-UX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for HP-UX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for AIX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for HP-UX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Linux
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for HP-UX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Linux
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Windows
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for HP-UX
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Linux
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Linux
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Solaris
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for AIX
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for i5/OS
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Windows
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Solaris
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Linux
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for HP-UX



APAR status
Closed as program error.

Error description
Scenario :
- User "A" logs into the WebSphere Application Server
    admin console at 10:17.
  - User "A" clicks "logout" on the WebSphere Application
    Server admin console at 10:27
  - They then switch browsers and log back into the
   WebSphere Application server console with  user "A" at 10:28

  - User "A" is kicked out of the Admin console at 10:44 because
    LTPA token validation failed.

Stack Trace :


[6/24/06 10:17:11:284 SGT] 6775e0b1 FormLoginServ d Form based
login: userid/password present in the form. User is: A
...
[6/24/06 10:27:43:945 SGT] 6775e0b1 FormLogoutSer > formLogout
[6/24/06 10:27:43:945 SGT] 6775e0b1 FormLogoutSer d LTPA
Enabled, clearing LTPA Cookie

...
[6/24/06 10:28:41:114 SGT] 1e9da0a9 FormLoginServ d Form based
login: userid/password present in the form. User is: A
...
[6/24/06 10:44:11:827 SGT] 2ec26098 WebAuthentica < validate:
LTPA token validation failed


So we can see the user logged in for 10 minutes before logging
out  Then logged back in again for another 16 minutes before
being kicked out for a total of 27 minutes. The LTPA timeout is
set to 33 minutes

so it looks like it is using the original LTPA token. From the
trace, I never see this LTPA token's timeout updated:

Conclusion.

LTPA Token expiration time is taken from the WSCredential that
resides in the cache
Local fix
Disable the authCache value. Define a custom JVM property as
follows.

 Name: com.ibm.websphere.security.util.authCacheEnabled
 Value: false

Use the following link to enable custom property

http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp
?topic=/com.ibm.websphere.nd.doc/info/ae/ae/urun_rconfproc_jvm.h
tml
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 who utilize the FormLogout function          *
****************************************************************
* PROBLEM DESCRIPTION: When you log out of WebSphere           *
*                      Application Server, either via          *
*                      application or administrative console,  *
*                      the user credentials are not properly   *
*                      removed from the AuthCache. This        *
*                      causes a user, who logs back in, to     *
*                      obtain the previous credential expire   *
*                      time. This may cause users to be        *
*                      force logged out sooner than expected.  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
WebSphere Application Server was incorrectly leaving the user
credential in the AuthCache when a user was logged out.
Problem conclusion
WebSphere Application Server has been modified to correctly
remove the AuthCache credential entry when a user is logged out.

The fix for this APAR is currently targeted for inclusion
in cumulative fix 5.1.1.13 and fixpacks 6.0.2.17 and 6.1.0.5.
Please refer to the recommended updates page for delivery
information:

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information
APAR number PK28460
Reported component name WAS NETWRK DEPL
Reported component ID 5630A3601
Reported release 00W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-07-21
Closed date 2006-10-04
Last modified date 2006-12-20

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PK34164

Modules/Macros
SECURITY          

Publications Referenced

Fix information
Fixed component name WAS NETWRK DEPL
Fixed component ID 5630A3601

Applicable component levels
R00A PSY    UP
R00H PSY    UP
R00S PSY    UP
R00W PSY    UP
R103 PSY    UP
R10A PSY    UP
R10H PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PK28460
IBM Group: Software Group
Modified date: Dec 20, 2006