PQ69188: UNEXPECTED LOGIN PROMPT WHEN CLICKING ON ADMIN CONSOLE.

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
We set the Security timeout to 300 and the LTPA token timeout
to 10mn.
When the LTPA Token timeout expired, a popup window is
displayed asking us to login again and a message is sent in the
tracefile in order to warn us that the credential have expired.
We expected this behaviour and we were happy.
Then we entered the userid/password, we hit "enter". It seems
that we are logged in.
.
Then we click on the console and we saw a new popup window
asking us
to login again, but this time without any messages in the
tracefile.
We entered the userid/password and we were able to go through
the
websphere topology inside the console.
We don't think that prompting the second time when clicking
on the console is correct.
Steps taken:
- wait 10mn
- popup window
- Login/password (msg in tracefile) and hit enter
 - hit somewhere in the console and you got a second popup
window
- Login/password (no msg in tracefile) and hit enter
- wait 10mn
- popup window
- Login/password (msg in tracefile) and hit enter
- wait 10mn
- popup window
- Login/password (msg in tracefile) and hit enter
.
By "message in tracefile", we mean JSAS0435E and CNTR0019E
messages are generated.
Local fix
No workaround is known at this time.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security and use the            *
*                 Administration Console with the              *
*                 Authentication Mechanism set to LTPA.        *
****************************************************************
* PROBLEM DESCRIPTION: Admin Console displays unexpected       *
*                      login prompt after login.               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the LTPA Token timeout expired, a login window is
displayed to login again and a message is sent in the
tracefile in order to warn that the credential have expired.
After username and password is entered, the console appears
to be logged in.  However, when the console is clicked again
to access resources, another login windows is displayed.
Problem conclusion
This is caused by the expired credential not being cleaned
properly.  The expired credential is now being removed after
expiration.
Temporary fix
avaliable
Comments
APAR information
APAR number PQ69188
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-12-16
Closed date 2003-01-06
Last modified date 2003-01-06

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE SO
Fixed component ID 5630A2202

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ69188
IBM Group: Software Group
Modified date: Jan 6, 2003