Fix (APAR): PQ91656 Status: Fix Release: 5.0.2.6,5.0.2.5,5.0.2.4,5.0.2.3,5.0.2.2,5.0.2.1,5.0.2 Operating System: All Supersedes Fixes: CMVC Defect: PQ89840 Byte size of APAR: 6582 Date: 2004-11-16 Abstract: Registry doesn't receive valid password if it contains umlauts Description/symptom of problem: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: WebSphere Application Server security * * users implementing custom login. * **************************************************************** * PROBLEM DESCRIPTION: When using SSOAuthenticator to * * perform custom login, login fails if * * user's password contains characters * * different from the plateform's code * * pages. * **************************************************************** * RECOMMENDATION: * **************************************************************** When using SSOAuthenticator to perform custom login, if the user's password contains characters which are not in the plateform's code pages, the fails to authenticate. The cause is that the platform's code page is used to convert the password into bytes. PROBLEM CONCLUSION: SSOAuthenticator now encodes password strings using UTF8 instead of default encoding. Also contains PQ88519: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: WebSphere Application Server who have * * enabled security and are implementing * * Custom Login via the deprecated class * * SSOAuthenticator. * **************************************************************** * PROBLEM DESCRIPTION: The WASReqURL cookie was not * * automatically removed when using * * SSOAuthenticator. * **************************************************************** * RECOMMENDATION: * **************************************************************** The WASReqURL cookie was not removed while using SSOAuthenticator to perform custom login. The reason for this was no domain was specified on the cookie when it was created but a domain was specified when destroying the cookie. This caused some browsers not to desctroy the cookie. PROBLEM CONCLUSION: When destroying the WASReqURL cookie, the domain is no longer set to match when it is created. Directions to apply fix: NOTE: YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX. The Fix Installer can be downloaded from the following link: http://www-3.ibm.com/software/webservers/appserv/support/index.html 1) Create temporary "fix" directory to store the jar file: UNIX: /tmp/WebSphere/fix Windows: c:\temp\WebSphere\fix 2) Copy jar file to the directory 3) Shutdown WebSphere 4) Follow the Fix installation instructions that are packaged with the Fix Installer on how to install the Fix. 5) Restart WebSphere 6) The temp directory may be removed. Directions to remove fix: NOTE: FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED FIX. Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere 2) Follow the instructions that are packaged with the Fix Installer on how to uninstall the Fix. 3) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere 2) Follow the Fix instructions that are packaged with the Fix Installer on how to uninstall and reinstall the Fix. 3) Restart WebSphere Additional Information: