PK61863: AN OTS TRANSACTION TO CICS WILL FAIL IN THE APPLICATION SERVER CONTROL REGION WITH A COMM_FAILURE.

 Fixes are available

6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server



APAR status
Closed as program error.

Error description
When running an OTS transaction from a WebSphere application
server to CICS with security enabled, the transaction will fail
in the application server control region with the following
error:
BBOO0011W The function
ZIOPChannelBridge::pending_inbound_response(ORB_Request *)+1086
 received CORBA system
exception CORBA::COMM_FAILURE.  Error code is C9C26A37.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Users of WebSphere Application Server V6.1   *
*                 for z/OS who are using SAF authorization     *
*                 and using CSIv2 to communicate with CICS     *
*                 3.2. or later.                               *
****************************************************************
* PROBLEM DESCRIPTION: For CSIv2 communication between         *
*                      WebSphere Application Server and CICS   *
*                      3.2 or later, the CICS server is        *
*                      expecting a SAF identity to be sent     *
*                      by the WAS server.  However, even       *
*                      though the WAS server is configured     *
*                      to use local OS with SAF authorization, *
*                      the default configuration uses an       *
*                      internally generated identity as the    *
*                      server identity. Therefore, it was this *
*                      identity that was being sent to CICS,   *
*                      and resulting in a COMM_FAILURE error   *
*                      as it was not being recognized as a     *
*                      valid user.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The default security configuration for WebSphere is to use an
automatically generated server identity, and not the started
task identity that is defined in the SAF product. As a result,
when trying to communicate over CSIv2 to CICS, the communication
fails because the server identity is not a valid one.
Problem conclusion
A new security custom property has been defined, where the
name is "com.ibm.ws.security.zOS.useSAFidForTransaction" and
the value should be set to "true" in order to use a SAF
identity for transactional security even though the security
configuration is set to use the automatically generated server
identity.

APAR PK61863 requires changes to documentation.
.
NOTE: Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text. To access the latest on-line
documentation, go to the product library page at:


http://www.ibm.com/software/webservers/appserv/library

A change to the z/OS version of the WebSphere Application
Server Version 6.1 Information Center will be made available.

The topic "Security custom properties" will be updated
to include the following description of the new
com.ibm.ws.security.zOS.useSAFidForTransaction security
custom property:

com.ibm.ws.security.zOS.useSAFidForTransaction

This property is used to enable a server to use the user
identity for the z/OS started task as the server identity
when calling transactional methods, such as commit(), and
prepare(), that require the server identity. This behavior
occurs regardless of the server identity setting for that
server.

For example, you might have a server that is configured to
use the automatically generated server identity, which is
not an actual identity stored in a user repository. However,
this server needs to communicate with CICS 3.2, and CICS 3.2
requires SAF identities. If this property is set to true,
the server uses a SAF identity to communicate with CICS
instead of the automatically generated identity.

Default           false

APAR PK61863 is currently targeted for inclusion in Service
Level (Fix Pack) 6.1.0.17 of WebSphere Application Server V6.1
for z/OS.

Please refer to URL:
//www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
for Fix Pack availability.
Temporary fix Comments
APAR information
APAR number PK61863
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 610
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2008-02-28
Closed date 2008-04-30
Last modified date 2008-07-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSN    UP
R601 PSN    UP
R610 PSY UK36750    UP08/06/10 P F806

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK61863.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 610
Software edition:
Reference #: PK61863
IBM Group: Software Group
Modified date: Jul 2, 2008