PQ71397: Admin server is trying to use expired tokens from cache - invalid tokens. | |||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description After going to a secured resource and authenticating, the ltpa token is allowed to expire. Trying to access the secured resource causes user to reauthenticate, as expected. After attempting to reauthenticate the browser shows an "invalid credential" message.Local fix Increase token timeoutProblem summary **************************************************************** * USERS AFFECTED: WebSphere Application server security * * users with multiple secured application * * servers. * **************************************************************** * PROBLEM DESCRIPTION: After LTPA Token has expired, * * re-authenticated users may not be able * * to access EJBs on a different server. * **************************************************************** * RECOMMENDATION: * **************************************************************** Immediately after LTPA Token expired, re-authenticated users may not be authenticated to access secured EJBs on a remote application server even they can access servlets successfully.Problem conclusion Authorization to access secured EJB is based on SAS sessions, and sessions are mapped to credentials. The session id did not include crdential expiration time, so an old session was used even after a new credential was created if session is not expired. With the fix, new session will be created with new credential token.Temporary fix provided test fixComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ72041 PQ74826 Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ71397
IBM Group: Software Group
Modified date: Apr 30, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.