PQ98023: SUPPORT IS BEING ADDED TO OPTIONALLY SPECIFY OMVSSRV AS THE SESSION TYPE WHEN BUILDING THE UTOKEN IN WEBSPHERE V5.0

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Currently the UTOKEN is built with the default session type of
TSO. Support is being added so that customers can optionally
specify OMVSSRV as the session type for the UTOKEN to be built.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Users who authenticate using thread     *
*                      identity need to be authorized for TSO  *
*                      sessions. Support is needed for         *
*                      customers who do not wish to grant      *
*                      access to TSO for WebSphere users.      *
*                      Requiring access to session type        *
*                      OMVSSRV is an acceptable alternative.   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
New function is required to allow customers to optionally
specify that the thread identity credentials be built using
OMVSSRV as the session type instead of TSO.
Problem conclusion
A new custom property, security.zOS.session.OMVSSRV, is added to
the global security support. If the value of this property is
true, all thread identity credentials for the server will be
built using session type OMVSSRV. Otherwise, thread identity
credentials will be built using session type TSO.

APAR PQ98023 requires changes to documentation.

NOTE: Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text. To access the latest on-line
documentation, go to the product library page at:

www.ibm.com/software/webservers/appserv/zos_os390/library.html

The following text has been added to the "Global security
settings"(usec_rgsp) article in the Version 5.0.2 and later
information centers.

Custom properties: Overriding the default TSO session type

An application might connect to an Enterprise Information
System (EIS) and use the thread identity support. The thread
identity support is provided by the connection management
component of WebSphere Application Server for z/OS. In this
situation, a security credential that is based on the current
thread identity encapsulates the security information for the
user that is associated with the connection. By default, the
session type associated with  the user is TSO. If you have
WebSphere Application Server for z/OS users that use the thread
identity support, you must define the users as TSO users. If you
prefer not to define the users as TSO users, you can use the
security.zOS.session.OMVSSRV custom property, which changes the
session type for the user identity in the security credential
from TSO to OMVSSRV. However, if you use the user information
for authentication at the target EIS, such as IMS, the user must
be an authorized OMVSSRV user. To specify the custom property,
complete the following steps:
1. Click Security > Global Security > Custom Properties.
2. In the Name field, type security.zOS.session.OMVSSRV.
Important: This custom property name is case sensitive.
3. In the value field, type true.
4. Click Apply and Save.

Step 5 has been added to the "Using thread identity support"
(tdat_conthidep) article in the Version 5.0.2 and later
information centers.

5. Optional: Set the security.zOS.session.OMVSSRV custom
property to true.

Your application might connect to an Enterprise Information
System (EIS) and use the thread identity support. The thread
identity support is provided by the connection management
component of WebSphere Application Server for z/OS. In this
situation, a security credential that is based on the current
thread identity encapsulates the security information for the
user that is associated with the connection. By default, the
session type associated with the user is TSO. If you have
WebSphere Application Server for z/OS users that use the thread
identity support, you must define the users as TSO users. If you
prefer not to define the users as TSO users, you can use the
security.zOS.session.OMVSSRV custom property, which changes the
session type for the user identity in the security credential
from TSO to OMVSSRV. However, if you use the user information
for authentication at the target EIS, such as IMS, the user must
be an authorized OMVSSRV user.
To specify the custom property, complete the following steps:
a. Click Security > Global Security > Custom Properties.
b. Click New.
c. In the Name field, type security.zOS.session.OMVSSRV
   Important: This custom property name is case sensitive.
d. In the value field, type true
e. Click Apply and Save.

APAR PQ98023 is associated with SERVICE LEVEL W502025 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ98023
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-12-06
Closed date 2005-03-08
Last modified date 2005-04-16

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ98056 PK04346

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK01263    UP05/03/14 P F503

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ98023.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ98023
IBM Group: Software Group
Modified date: Apr 16, 2005