Form login does not work when the hostname contains an underscore
 Technote (FAQ)
 
Problem
After logging in with a valid user id and password, the login page keeps coming back
 
Cause
Usually, this problem occurs when SSO has not been configured in the WebSphere Application Server security with a valid TCP/IP domain and/or the browser URL request does not use the fully qualified hostname.

Also, it is not acceptable to use underscores in the hostname with Microsoft® Windows® Internet Explorer

 
Solution
Customer was trying to test form login using the WebSphere® Application Server /webapp/examples/ping servlet. When the servlet is accessed in the browser, the login page is displayed as expected. However, even after entering a valid user/password combination, the login page just keeps getting redisplayed.

In this case, a fully qualified hostname had been used, but there still were problems.

It turns out the root of the problem is that they had underscores in their hostname. When cookie prompting was turned on in the browser, the Windows Internet Explorer was not getting back the "LtpaToken" cookie which is required for the security to work correctly. For cookies that Internet Explorer did get back, it showed the cookie domain as only part of the hostname, with everything after the underscore truncated. The Netscape browser on the same system did not seem to have this problem, it received the "LtpaToken" cookie ok.

Workaround

Can use Netscape browser. However, Internet standards do specify that hostnames should not contain underscores (RFC 1123 & RFC 932), so better to just change the hostname.

 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 4.0.1
Software edition:
Reference #: 1049697
IBM Group: Software Group
Modified date: Nov 30, 2004