PQ83791: BOSS_WIZARD COMPONENT - WRONG REFID FOR SINGLESIGNON SSO CAUSE UPDATES TO LTPA TO BE MADE IN THE ICSF AREA INSTEAD OF LTPA

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The customer scenario was that they made updates to the
domainname in the SSO panel for LTPA Authentication
Mechanisms.  The ICSF domainname gets updates
(in the wsadmin console and security.xml) for SSO
(SingleSignOn - Single Sign On) but not to the LTPA area.
..
The problem was due to the wrong refId for the singleSignon of
ICSF_1 in the security.xml.  The refId for each type should be
unique within the xml file.
..
However, it has the following 2 singleSignon definitions
..
<authMechanisms xmi:type="security:LTPA" xmi:id="LTPA_1"
    OID="oid:1.3.18.0.2.30.2" authContextImplClass="com.ibm.
    ISecurityLocalObjectTokenBaseImpl.
    WSSecurityContextLTPAImpl" authConfig="system.LTPA"
simpleAuthConfig="system.LTPA" authValidationConfig=
   "system.LTPA"     timeout="120" password="{xor}PSkr">
   ...
<singleSignon xmi:id="SingleSignon_1" requiresSSL="false"
    domainName="" enabled="true"/>
...
</authMechanisms>
<authMechanisms xmi:type="security:CustomAuthMechanism"
   xmi:id="ICSF_1" OID="oid:1.3.18.0.2.30.4" authContextImpl-
   Class="null" authConfig="system.ICSF" simpleAuthConfig=
   "system.ICSF" authValidationConfig="system.ICSF">
...
<singleSignon xmi:id="SingleSignon_1" requiresSSL="true"
   domainName="ABC" enabled="true"/>
   ...
</authMechanisms>
The second SingleSignon_1 should be changed to SingleSignon_2.
..
So, the fix is simply to change the second SingleSignon_1 to
  SingleSignon_2.
..
Local fix
..
the fix is simply to change the second SingleSignon_1 to
SingleSignon_2.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Wrong refid for singlesignon SSO cause  *
*                      updates to LTPA to be made in the ICSF  *
*                      area instead of LTPA.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Customer updated the LTPA SSO domain name but could not get SSO
to work. The trace indicated there was no domain name. In the
security.xml file the, ICSF SSO domain name had been updated,
not the LTPA SSO domain name. The same thing happened if
something under LTPA trust Association was turned on.

The cause of the problem was due to the wrong refId for the
singleSignon of  ICSF_1 in the security.xml.
The refId for each type should be unique within the xml file.
There are two 2 SingleSignon_1 definitions in the security.xml.
The second SingleSignon_1 should be changed to SingleSignon_2.
Problem conclusion
ISPF Dialog skeleton files for the security.xml have been
updated to change the second SingleSignon_1 to SingleSignon_2.
A post-installer script will be provided for customer applying
this APAR fix on a already configued WebSphere Application
Server V5.0 for z/OS.

APAR PQ83791 is associated with SERVICE LEVEL W502003 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ83791
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-01-27
Closed date 2004-02-26
Last modified date 2006-02-28

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ85594    UP04/03/02 P F403

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ83791.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ83791
IBM Group: Software Group
Modified date: Feb 28, 2006