Fix (APAR): PK41516 Status: Fix Release: 6.1.0.3 Operating System: AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux Red Hat - pSeries,Linux zSeries,OS/390,OS/400,Solaris,Windows,z/OS Supersedes Fixes: CMVC Defect: PK41516 Byte size of APAR: 89617 Date: 2007-05-18 Abstract: Authentication fails if a user's userid contains a single quote. Description/symptom of problem: PK41516 resolves the following problem: ERROR DESCRIPTION: With WebSphere 6.1.0.3 configured for Federated Repositories using the file repository and the user exists there, if a user like Joe O'brien or email joe_o'brien@company.com tries to log in to WebSphere it will fail to authenticate. LOCAL FIX: do not use users in the file repository with single quotes PROBLEM SUMMARY USERS AFFECTED: IBM Websphere Application Server version 6.1 users who use federated repositories (virtual member manager). PROBLEM DESCRIPTION: Authentication fails if a user's userid contains a single quote. RECOMMENDATION: None When a user's userid contains a single quote ('), authentication fails because the XPath expression uses single quotes as a delimiter. PROBLEM CONCLUSION: If the userid contains a single quote, virtual member manager will use escaped double quotes in the XPath expression. For example the following query uses escaped quotes around bi'll, instead of using single quotes: expression="@xsi:type='PersonAccount' and principalName=\"bi'll\"" This fix is targeted for fixpack 6.1.0.9. Here is a link to the recommended updates site: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release 6.1.0.3 x_ Application Server (Express or BASE) x_ Network Deployment (ND) Install Fix to: Method: __ Application Server Nodes __ Deployment Manager Nodes x_ Both NOTE: The user must: * Have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V6.1.0.1 or newer of the Update Installer. This can be checked by reviewing the level of the Update Installer in file /updateinstaller/version.txt. The Update Installer can be downloaded from the following link: http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991 For detailed instructions to Extract the Update Installer see the following Technote: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21205400 1) Copy PK41516.pak file directly to the maintenance directory 2) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that maintenance is being applied to. 3) Launch Update Installer 4) Enter the installation location of the WebSphere product you want to update. 5) Select the "Install maintenance package" operation. 6) Enter the file name of the maintenance package to install (PK41516.pak file which was copied in the maintenance directory). 7) Install the maintenance package. 8) Restart WebSphere Directions to remove fix: NOTE: * The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED * DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED * YOU MAY REAPPLY ANY REMOVED FIX Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that uninstall is being run against. 2) Start Update Installer 3) Enter the installation location of the WebSphere product you want to remove the fix. 4) Select "Uninstall maintenance package" operation. 5) Enter the file name of the maintenance package to uninstall (PK41516.pak). 6) UnInstall maintenance package. 7) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere. Additional Information: This fix prereqs PK38815. Install this fix first.