PQ83791: BOSS_WIZARD COMPONENT - WRONG REFID FOR SINGLESIGNON SSO CAUSE UPDATES TO LTPA TO BE MADE IN THE ICSF AREA INSTEAD OF LTPA | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The customer scenario was that they made updates to the domainname in the SSO panel for LTPA Authentication Mechanisms. The ICSF domainname gets updates (in the wsadmin console and security.xml) for SSO (SingleSignOn - Single Sign On) but not to the LTPA area. .. The problem was due to the wrong refId for the singleSignon of ICSF_1 in the security.xml. The refId for each type should be unique within the xml file. .. However, it has the following 2 singleSignon definitions .. <authMechanisms xmi:type="security:LTPA" xmi:id="LTPA_1" OID="oid:1.3.18.0.2.30.2" authContextImplClass="com.ibm. ISecurityLocalObjectTokenBaseImpl. WSSecurityContextLTPAImpl" authConfig="system.LTPA" simpleAuthConfig="system.LTPA" authValidationConfig= "system.LTPA" timeout="120" password="{xor}PSkr"> ... <singleSignon xmi:id="SingleSignon_1" requiresSSL="false" domainName="" enabled="true"/> ... </authMechanisms> <authMechanisms xmi:type="security:CustomAuthMechanism" xmi:id="ICSF_1" OID="oid:1.3.18.0.2.30.4" authContextImpl- Class="null" authConfig="system.ICSF" simpleAuthConfig= "system.ICSF" authValidationConfig="system.ICSF"> ... <singleSignon xmi:id="SingleSignon_1" requiresSSL="true" domainName="ABC" enabled="true"/> ... </authMechanisms> The second SingleSignon_1 should be changed to SingleSignon_2. .. So, the fix is simply to change the second SingleSignon_1 to SingleSignon_2. ..Local fix .. the fix is simply to change the second SingleSignon_1 to SingleSignon_2.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Wrong refid for singlesignon SSO cause * * updates to LTPA to be made in the ICSF * * area instead of LTPA. * **************************************************************** * RECOMMENDATION: * **************************************************************** Customer updated the LTPA SSO domain name but could not get SSO to work. The trace indicated there was no domain name. In the security.xml file the, ICSF SSO domain name had been updated, not the LTPA SSO domain name. The same thing happened if something under LTPA trust Association was turned on. The cause of the problem was due to the wrong refId for the singleSignon of ICSF_1 in the security.xml. The refId for each type should be unique within the xml file. There are two 2 SingleSignon_1 definitions in the security.xml. The second SingleSignon_1 should be changed to SingleSignon_2.Problem conclusion ISPF Dialog skeleton files for the security.xml have been updated to change the second SingleSignon_1 to SingleSignon_2. A post-installer script will be provided for customer applying this APAR fix on a already configued WebSphere Application Server V5.0 for z/OS. APAR PQ83791 is associated with SERVICE LEVEL W502003 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ83791.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ83791
IBM Group: Software Group
Modified date: Feb 28, 2006
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.