PQ65849: NEW FUNCTION

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as unreproducible in next release.

Error description
New Function
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: New support is needed which provides a  *
*                      mechanism for defining roles            *
*                      (permissions) that does not require SAF *
*                      EJBRoles (i.e. RACF). WebSphere         *
*                      Application Server V4.0.1 for z/OS and  *
*                      OS/390 uses SAF Registry for            *
*                      authenticating users, but some          *
*                      customers want to use existing          *
*                      registries to authorize users.          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Custom User Registry support needs to be provided by the
WebSphere Application Server V4.0.1 for z/OS and OS/390 product.
A Custom User Registry is a way to use external registries
to authenticate and authorize the users to the WebSphere V4.0.1
for z/OS runtime. In this configuration, J2EE permissions are
not configured within the SAF system. Instead, they are provided
via an XML file containing a Custom Registry Authorization
Table.
Problem conclusion Temporary fix Comments
The Customer User Registry support provided by APAR PQ65849
provides a configuration option which allows a third party user
registry to be provided for use with WebSphere for z/OS. In
this configuration, J2EE permission are not configured within
the SAF system. Instead they are provided via an XML file
containing a Custom Registry Authorization Table. When using a
custom user registry in a WebSphere for z/OS environment, the
customer should be aware of the following:
  a. Authenticating remote EJB clients using a custom user
     registry is not supported. However, EJBs that are accessed
     from a Web application that is deployed in the same J2EE
     server as these EJBs can be administered within the domain
     of a custom user registry.
  b. It is recommended that EJBs not be exposed to remote
     clients from a J2EE server which is configured to make use
     of a non-SAF registry.
  c. When using single sign-on capability for an application,
     it is the responsibility of the administrator to ensure
     that all WebSphere for z/OS J2EE servers that are part of
     the sign-on domain are using the same registry (i.e., the
     same SAF User Registry or the same custom user registry).
  d. Identities associated as a result of the EJB methods runAs
     server and runAs RoleName will not support custom user
     registry identities. Instead, they will use a SAF identity
     and subsequent authorizations will be done using the
     EJBRole profile.

APAR PQ65849 is associated with SERVICE LEVEL W401403 of
WebSphere Application Server V4.0.1 for z/OS and OS/390.
 **** PE02/11/25 PTF IN ERROR. SEE APAR 
PQ68370  FOR DESCRIPTION
APAR information
APAR number PQ65849
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED UR1
PE NoPE
HIPER NoHIPER
Submitted date 2002-09-03
Closed date 2002-10-24
Last modified date 2002-12-10

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UQ71162

Modules/Macros
BBOAPCEI BBOAPCWI BBOAPIAI BBOAPIOI BBOAPXLI BBOAXCEI
BBOAXIAI BBOBOA BBOCASHS BBOCASYD BBOCASYS BBOCEIOP
BBOCHSES BBOCLSES BBOCLSPC BBOCORBA BBOCPOCB BBOCSESS
BBOCSMRS BBOCWBAL BBODASRP BBODASRS BBODASRU BBODDAUT
BBODENFL BBODRDTA BBOFRCGD BBOIBOIM BBOIDRMI BBOIGTID
BBOIIMA BBOIIMC BBOIKEYS BBOIRDB BBOIROOT BBOITLS
BBOI3PLI BBOJJU BBOLORB BBOLSS BBOMBOOT BBOMDDLO
BBOMENV BBOMGADM BBOMGSCO BBOMIB10 BBOMICPI BBOMID06
BBOMIEVA BBOMPROC BBOMSBO1 BBOMSBO2 BBOMSBO4 BBOMSBO6
BBOMSBO8 BBOMSCO BBOMSCOX BBOMSMS BBOMUTIL BBOOAACI
BBOOABM BBOOACCI BBOOACQE BBOOACQW BBOOACRT BBOOAET
BBOOAGEN BBOOAGEV BBOOAIM BBOOAIMR BBOOAIMS BBOOAMR
BBOOAPBC BBOOAPCI BBOOARCI BBOOARMR BBOOARMW BBOOAS1
BBOOAS2 BBOOAS3 BBOOAS4 BBOOAS5 BBOOBIND BBOOBOAI
BBOOBOAM BBOOBOAT BBOOCOMM BBOOCRHT BBOOCSIT BBOOCSM
BBOOCTL BBOOCVN BBOODCTX BBOODGAI BBOODGCA BBOODQCA
BBOODQEB BBOODRAI BBOODSAB BBOODSM BBOOEJSB BBOOEVAS
BBOOGSCO BBOOHA BBOOOPIP BBOOOPIX BBOOORB BBOOORBP
BBOOORBR BBOOORBX BBOOOUTP BBOOPCCR BBOORCTX BBOORDTA
BBOORDTX BBOOREQ BBOOSBOA BBOOSMFP BBOOSMFR BBOOSMFT
BBOOSMFW BBOOSMOI BBOOSRM BBOOSRQA BBOOSRQF BBOOSRR
BBOOSRWT BBOOSS BBOOSSNQ BBOOSSQA BBOOSSTP BBOOTMOT
BBOOTMTM BBOOTRD BBOOTTIP BBOOTTIX BBOOWORK BBOPBO
BBORBOAM BBORJSRV BBORLEXT BBOROBML BBOROBMS BBOROMDL
BBOROOPI BBOROSMD BBOROTTI BBORRMGR BBORSCOX BBORTOI
BBORTRCD BBOSCURR BBOSEBL BBOSLHM BBOSM BBOSNMO
BBOSQ03 BBOSSDB2 BBOSSDMA BBOSSECM BBOSSESS BBOSSEXT
BBOSSGSK BBOSSIOR BBOSSITU BBOSSJRA BBOSSMET BBOSSOUT
BBOSSRPW BBOSSRVA BBOTOTSJ BBOTRNX BBOTRPCX BBOTSRA
BBOTSURS BBOTTDEL BBOTTMPC BBOUBINF BBOUENUS BBOZ0229
BBOZ0259 BBOZ0812 BBOZ0813 BBOZ0916 BBOZ0917 BBOZ0918
BBOZ0919 BBOZ0920 BBOZ0921 BBOZ0922 BBOZ0923 BBOZ0924
BBOZ0925 BBOZ0926 BBOZ0927 BBOZ0928 BBOZ0929 BBOZ0930
BBOZ0931 BBOZ0932 BBOZ0933 BBOZ0977 BBO3BEGC BBO3CTXP
BBO3CTXX BBO3ENDC BBO3FRES BBO3GETS BBO3SETS BBO3SWCH
EJSJWCSC EJSJWCWC H28W401J      

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ71162    UP02/10/31 P F210

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ65849
IBM Group: Software Group
Modified date: Dec 10, 2002