PQ61737: WAS TRUST ASSOCIATION DOESN'T ALLOW OTHER TYPES OF AUTHENTICATION TO WORK

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server
.
Description:
   Customer was using WAS, and when trust association is
enabled, they are still able to authentication via other methods
(basic, certificate, etc.). After upgrading to a higher fixpack,
enabling trust association caused any authentication to be
treated as if it is coming from WebSeal. As a result,
authentication done via basic, certificate, etc. fail because
they don't contain the header information that the trust
association interceptor expects.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who       *
*                 enable Trust Association with WebSeal.       *
****************************************************************
* PROBLEM DESCRIPTION: After Trust Association is enabled with *
*                      WebSeal, authentication fails if the    *
*                      request is not via WebSeal.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
After Trust Association is enabled with WebSeal,
authentication fails if the request is not from WebSeal.
If the request header contains a 'via' tag (even if
this tag has no value), authentication functioned as expected.
However, if the 'via' tag was missing, then authentication
fails.
Problem conclusion
The WebSeal Trust Association interceptor now checks if the
'via' tag value is not present and treats this condition the
same as if the 'via' tag was not present in the request
header.
Temporary fix
send a testing eFix to customer
Comments
APAR information
APAR number PQ61737
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-29
Closed date 2002-05-29
Last modified date 2002-05-31

APAR is sysrouted FROM one or more of the following:
PQ61020

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ61737
IBM Group: Software Group
Modified date: May 31, 2002