APAR status
Closed as program error.
Error description
We are attempting to connect a WebSphere Application Server ND
server
to a WebSphere Application Server (V5) on z/OS using CSIv2 with
identity assertion.
The connection fails, and in the log we see the following
messages:
JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client
security
configuration (sas.client.props or outbound settings in GUI)
does not
support the server security configuration for the following
reasons:
ERROR 1: JSAS0616E: The client configuration specifies the
LTPA
authentication mechanism, but the server does not support it.
minor code: 494210CA completed: No
We have received a code bypass from WebSphere development (Peter
Birk). We need an APAR opened for an official fix.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who *
* have enabled security and are attempting *
* to interoperate with Z/OS when client *
* identity assertion is enabled and the *
* target server is configured to use the LTPA *
* authentication mechanism. *
****************************************************************
* PROBLEM DESCRIPTION: JSAS1477W: SECURITY CLIENT/SERVER *
* CONFIG MISMATCH is received. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When attempting to connect from a WebSphere Application Server
to a WebSphere Application Server on z/OS using CSIv2 with
identity assertion, the connection fails.
WebSphere Application Server (V5) on z/OS does not export an
IOR with LTPA as a supported authentication mechanism. Since
the configured authentication mechanism on WebSphere
Application Server using LTPA, the validation logic rejected
the request since z/OS doesn't support LTPA at this time.
The following messages occur:
JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client
security configuration (sas.client.props or outbound settings
in GUI) does not support the server security configuration for
the following reasons:
ERROR 1: JSAS0616E: The client configuration specifies the
LTPA authentication mechanism, but the server does not support
it.
minor code: 494210CA completed: No
Problem conclusion
Since identity assertion was selected, the client
authentication mechanism does not need to be validated.
Temporary fix Comments
APAR information |
APAR number |
PQ77960 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-08-29 |
Closed date |
2003-09-30 |
Last modified date |
2003-09-30 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|