PQ74819: WITH VALID USERID AND PASSWORD AND WEBAUTH.SINGLESIGNON.ENABLED=FALSE, FORM-BASED AUTHENTICATION FAILS.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
If form-based authentication and WebAuth.SingleSignOn.Enabled=
False, the browser does not return the cookie containing the
required tokens as expected. This happens because the setting
for WebAuth.FormBasedLogin.SingleSignOnDomain is still being
honored.
Local fix
Disable WebAuth.FormBasedLogin.SingleSignOnDomain
parameter in the Webcontainer.conf.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390            *
****************************************************************
* PROBLEM DESCRIPTION: Form-based authentication fails with    *
*                      valid userid and password when Web      *
*                      container property                      *
*                      WebAuth.SingleSignOn.Enabled            *
*                      is set to false.                        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Customer is receiving login error for form-based Web
applications even if the correct userid and password were
supplied.  The WebAuth.SingleSignOn.Enabled and
WebAuth.SingleSignOn.Domain properties work together. Therefore,
when single sign-on is disabled (the
WebAuth.SingleSignOn.Enabled property is set to false), a Domain
name should not be used in the cookie.

When single sign-on is disabled and WebAuth.SingleSignOn.Domain
is specified in the webcontainer.conf file, the Domain name is
used in the LoginToken Cookie.  This causes the browser not to
send the LoginToken Cookie to the WebSphere Application Server,
and results in a login error.
Problem conclusion
The code was changed so that the Domain name is not set in the
LoginToken cookie if single sign-on is disabled.

APAR PQ74819 is associated with SERVICE LEVEL W401508 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ74819
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-06-03
Closed date 2003-06-25
Last modified date 2003-07-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
EJSJWBJR          

Fix information
Fixed component name WEBSPHERE OS/39
Fixed component ID 5655A9800

Applicable component levels
R401 PSY UQ77997    UP03/06/28 P F306

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ74819
IBM Group: Software Group
Modified date: Jul 3, 2003