PQ60718: SPECIFYING LOGINTOKEN.ENCRYPT=TRUE, CLIENT MUST HAVE ACCESS TO ICSF SERVICES USING WEB SECURITY FOR WAS V4.01 ZOS OS/390

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
When using Web Security for WebSphere Application Server v4.01
for zOS and os/390, and setting LoginToken.Encrypt=true in
webcontainer.conf, the client id must be allowed access to the
ICSF services used to encrypt/decrypt the key.
Local fix
set LoginToken.Encrypt=false
Problem summary
****************************************************************
* USERS AFFECTED: All Users of the WebSphere Application       *
*                 Server Version 4.0.1 for z/OS and OS/390     *
*                 who are running with the Web container       *
*                 security collaborator set to level one       *
*                 and are using form authentication security   *
*                 and ICSF to encrypt the Login token.         *
****************************************************************
* PROBLEM DESCRIPTION: If the ICSF encryption for the Login    *
*                      token was performed after a user        *
*                      successfully logged in, the thread ID   *
*                      might get switched to the user ID,      *
*                      which does not have sufficient read     *
*                      access authority.                       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The ICSF encryption for the Login token is performed
after user successfully logs in and the thread id is
switched to the user ID. Therefore, the user ID must
have read authority to access the CSF* class.
Problem conclusion
WebSphere Application server will switch to the Web server ID
before the ICSF encryption occurs and then switch back to the
user ID after the encryption.
401Y
EJSJWBJR

* Cross Reference between External and Internal Names
Temporary fix Comments
APAR information
APAR number PQ60718
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-01
Closed date 2002-07-12
Last modified date 2002-08-04

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
EJSJWBJR          

Fix information
Fixed component name WEBSPHERE OS/39
Fixed component ID 5655A9800

Applicable component levels
R401 PSY UQ68063    UP02/07/22 P F207

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ60718
IBM Group: Software Group
Modified date: Aug 4, 2002