PQ66136: SSO (SINGLE SIGNON) FROM WEBSPHERE APPLICATION SERVER (WAS) TO DOMINO SERVER FAILS WHEN THE USER NAME CONTAINS DBCS | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description With user info( such as first name or last name) in DBCS chinese characters, after login to the WPS or WAS successfuly, then when access the domino web server, domino will challege the user with a login page with error msg "Your session with the server has expired or is invalid". But when SSO from one WPS server to the other WPS server or SSO from one WAS server to the other WAS was fine. when the user info totally in english charcters (SBCS), the SSO from WAS or WPS to domino is fine, and so do from domino to WAS/WPS is fine. The problem only happens when user info has chinese field ( uid is in english, but first name or last name is in chinese DBCS chars ). . WAS Change Team (L3) supplied an efix and it fixed the problem. . The root cause for this defect is that WebSphere and Domino calculate digital signature differently if user name contains dbcs. While converting user name to byte array to calculate digital signature,websphere treated every character as single byte character. With this fix, Websphere is now using UTF8 to calculate digital signature.Local fix request a copy of the efix from WAS C/T.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server security * * customers who use double byte characters * * in user's security name. * **************************************************************** * PROBLEM DESCRIPTION: SSO between WebSphere and non * * WebSphere products(such as Domino) * * fails if user security name contains * * double byte characters. * **************************************************************** * RECOMMENDATION: * **************************************************************** SSO between websphere and non WebSphere products fails if security name contains double byte character. The root cause is was a difference in algorithms used to create digital signatures.Problem conclusion Change WebSphere security to follow UTF8 conversion rule to calculate digital signature. First using UTF8 rule to convert user name to a byte array, then caclulate digital signature from the byte array.Temporary fix provide test eFixComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ61389 Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ66136
IBM Group: Software Group
Modified date: Sep 12, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.