PQ61723: LTPATOKEN COOKIE NOT CREATED FOR THE CERTIFICATION AUTHENTICATION CASE

APAR status
Closed as program error.

Error description
The customer has a setup with WebSphere Application Server
where they use
Trust Association and users come via TA as well as without going
through it.  The customer has noticed significant performance
degradation in the case when TA is not used.  That seems to be
because they use certificate authentication and we do
not cache certificates.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security        *
*                 users of client certificate authentication.  *
****************************************************************
* PROBLEM DESCRIPTION: Ltpa Token cookie not returned for      *
*                      client certificate authentication.      *
****************************************************************
* RECOMMENDATION: This is a performance APAR. If you are       *
*                 using client certificate, and you also       *
*                 enable SSO, apply this eFix for better       *
*                 performance.                                 *
****************************************************************
While using client certificate authentication, if SSO is
enabled, Ltpa cookie is expected (could be verified from
browser). However, ltpa cookie was never returned. Whenever a
new request is made, the user is reauthenticated via the
user's certificate instead of being validated by an Ltpa
Token.  The former operation requires user registry calls
which can be very time consuming where the latter does not.
Problem conclusion
The expected Ltpa cookie is now returned for client
certificate authentication.
Temporary fix

PQ61779_eFix.jar
Comments
APAR information
APAR number PQ61723
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-29
Closed date 2002-05-29
Last modified date 2003-04-30

APAR is sysrouted FROM one or more of the following:
PQ59959

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ61723
IBM Group: Software Group
Modified date: Apr 30, 2003