Fix (APAR):  PK38511

Status:  Fix

Release:  6.1.0.3

Operating System:  AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux Red Hat - pSeries,Linux zSeries,OS/390,OS/400,Solaris,Windows,z/OS

Supersedes Fixes:  

CMVC Defect:  PK38511

Byte size of APAR:  14934

Date: 2007-02-14

Abstract:  The default User Registry mapping for realm does not work for SSO.

Description/symptom of problem:  
 
PK38511 resolves the following problem:

ERROR DESCRIPTION:                                              
Single Sign-On does not work when configuring federated         
repository. SSO works when configuring stand-alone repository   
using the same LDAP server. When using federated repository,    
SSO does not work only for users who belong to Root DSE and it  
works for users who belong to organization.                     
To solve this issue, we need to change  uniqueUserIdMapping in  
wimconfig.xml to use externalName in stead of uniqueName as     
follows after applying this ifix;                               
From:                                                           
<config:uniqueUserIdMapping propertyForInput="uniqueName"       
propertyForOutput="uniqueName"/>                                
To:                                                             
<config:uniqueUserIdMapping propertyForInput="externalName"     
propertyForOutput="externalName"/>                              
wimconfig.xml file exists under                                 
$WAS_HOME/plugins/com/ibm/ws/wim/registory/util directory.      

LOCAL FIX:                                                      
None                                                            

PROBLEM SUMMARY

USERS AFFECTED:
This affects WebSphere Application Server
version 6.1 users who want to use single
sign on (SSO) using federated repository.

PROBLEM DESCRIPTION:
The default User Registry mapping for
realm does not work for SSO.

RECOMMENDATION:
None

The default User Registry mapping does not work for SSO. The
mapping needs to be changed. Once the mapping was changed a
code defect was found where the code was not setting
appropriate control for the adapter.

PROBLEM CONCLUSION:                                             
The ExternalNameControl is now passed to federated repository.  
                                                                
The fix for this APAR is currently targeted for inclusion       
in fixpack 6.1.0.9.                                             
Please refer to the recommended updates page for delivery       
information:                                                    
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980   
                                                                


Directions to apply fix:  Fix applies to Editions:
Release 6.1.0.3
x__ Application Server (Express or BASE)
x__ Network Deployment (ND)

Install Fix to:
Method:
__ Application Server Nodes
__ Deployment Manager Nodes
x__ Both

NOTE:
The user must:
* Have Administrative rights in Windows, or be the Actual Root User in a UNIX environments.
* Logged in with the same authority level when unpacking a fix, fix pack or refresh pack.
* Be at V6.1.0.3 or newer of the Update Installer. This can be checked by reviewing the level of the Update Installer in file <was_root>/updateinstaller/version.txt.

The Update Installer can be downloaded from the following link:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991

For detailed instructions to Extract the Update Installer see the following Technote:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21205400

1) Copy PK38511.pak file directly to the maintenance directory

2) Shutdown WebSphere
Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that maintenance is being applied to.

3) Launch Update Installer

4) Enter the installation location of the WebSphere product you want to update.

5) Select the "Install maintenance package" operation.

6) Enter the file name of the maintenance package to install (PK38511.pak file which was copied in the maintenance directory).

7) Install the maintenance package.

8) Restart WebSphere


Directions to remove fix:  NOTE:
* The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments.
* FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED
* DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED
* YOU MAY REAPPLY ANY REMOVED FIX

Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied.

1) Shutdown WebSphere
Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that uninstall is being run against.

2) Start Update Installer

3) Enter the installation location of the WebSphere product you want to remove the fix.

4) Select  "Uninstall maintenance package" operation.

5) Enter the file name of the maintenance package to uninstall (PK38511.pak).

6) UnInstall maintenance package.

7) Restart WebSphere

Directions to re-apply fix:  
1) Shutdown WebSphere.

2) Follow the Fix instructions to apply the fix.

3) Restart WebSphere.



Additional Information: