Fix (APAR): PI40003 Status: Fix Release: 8.5.5.5 Operating System: AIX,HP-UX,IBM i,Inspur K-UX,Linux,Mac OS,Solaris,Windows,z/OS Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 266450 Date: 2015-05-20 Abstract: Security roles mapped to special subject "All authenticated in trusted realms" for OSGi applications are ignored at runtime. Description/symptom of problem: PI40003 resolves the following problem: ERROR DESCRIPTION: Authorization configuration is not being honored for OSGi applications configured to map security roles to Special Subject type "All authenticated in trusted realms". Users authenticated in a trusted realm are not granted the privileges associated with the Role. LOCAL FIX: N/A PROBLEM SUMMARY USERS AFFECTED: WebSphere Application Server users of OSGi applications. PROBLEM DESCRIPTION: Security roles mapped to special subject "All authenticated in trusted realms" are ignored at runtime for OSGi applications. RECOMMENDATION: None When processing the security configuration for an OSGi application, the runtime populates an authorization table for the application. In the case where a security role has been mapped to the special subject "All authenticated in trusted realms", the object inserted into the table is only partially initialized with the required data and later processing by the security component will ignore the entry which has no effect. PROBLEM CONCLUSION: The component that populates the authorization table for OSGi applications was modified to set the missing Name data into the object added to the table. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.7. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release 8.5 x__ Application Server (Express or BASE) x__ Network Deployment (ND) __ Liberty Core __ Edge Components __ Developer Install Fix to all WebSphere installations unless special instructions are included below. Special Instructions: None NOTE: The user must: * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required. The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before applying the iFixes. Restart WebSphere Application Server after applying the iFixes. Directions to remove fix: The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before removing the iFixes. Restart WebSphere Application Server after removing the iFixes. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere Application Server. Additional Information: