PQ81797: NOT TO SEND PRIVATE WEBSPHERE HEADER TO THE APPLICATION SERVER IF NO SSL CERTIFICATE INFO IN THE REQUEST"

 Fixes are available

5.1.0.5: WebSphere Application Server Express 5.1 Cumulative Fix 5
PQ86603: IBM HTTP Server V2.0.x mod_alias/mod_rewrite conflict with V5.0 plug-in
4.0.2-4.0.7: Plug-in component cumulative fix
5.0.2.7: WebSphere Application Server Express 5.0.2 Cumulative Fix 7
5.1.1: WebSphere Application Server Version 5.1 Fix Pack 1 (Version 5.1.1)
5.0.2.12: WebSphere Application Server 5.0.2 Cumulative Fix 12
5.0.2.13: WebSphere Application Server 5.0.2 Cumulative Fix 13
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for AIX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Solaris
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for HP-UX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Windows
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Windows
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for AIX
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for AIX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Solaris
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Windows
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.8: WebSphere Application Server V5.0.2 Cumulative Fix 8
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX



APAR status
Closed as program error.

Error description
WebSphere sets its own private header $WSCC in case, that
SSL certificate information is available from IIS web server.
Plugin retrieves SSL certificate information thru IIS API.
Currently, if SSL information can not be retrieved for some
reason, IIS WebSphere plug-in sets $WSCC header null & passes
it to back-end WebSphere Allication Server.  Under some
circumstances this can cause some problems in Enterprise
Applications in WebSphere, when code logic may not handle
null SSL certificate information in the request. The plugin
code needs to be updated, so that if ther is not any SSL
certificate information available from IIS web server, our
WebSphere plug-in does not set $WSCC header at all.
.
The problem that customer experiences is with IIS WebSphere 4.0
plugin that connects to remote WebSphere 4.0.3 AppServer.
All servers are Windows based.
.
We need to fix this problem for WebSphere 4.0, 5.0 & 5.1 plugin
and I am not sure, if this defect is only IIS specific or it
pertains to all supported web servers, such as IHS, Apache,
iPlanet, Domino.
Local fix
Not available.
Problem summary
****************************************************************
* USERS AFFECTED: Users of Websphere webserver plug-in for     *
*                 IIS.                                         *
****************************************************************
* PROBLEM DESCRIPTION: IIS plug-in added and sent a few        *
*                      websphere special headers to            *
*                      appserver.  When the header             *
*                      information is not available, plug-in   *
*                      still sent a special header without     *
*                      any value.  This, in some cases,        *
*                      would cause applications to throw       *
*                      exceptions.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Plug-in sent empty Websphere special header to appserver.
Problem conclusion
Plug-in code is fixed so that a special header won't be sent
to appservers when there is no value information available.
Temporary fix Comments
APAR information
APAR number PQ81797
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-12-05
Closed date 2003-12-12
Last modified date 2003-12-12

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
plugin          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ81797
IBM Group: Software Group
Modified date: Dec 12, 2003