PQ60718: SPECIFYING LOGINTOKEN.ENCRYPT=TRUE, CLIENT MUST HAVE ACCESS TO ICSF SERVICES USING WEB SECURITY FOR WAS V4.01 ZOS OS/390 | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When using Web Security for WebSphere Application Server v4.01 for zOS and os/390, and setting LoginToken.Encrypt=true in webcontainer.conf, the client id must be allowed access to the ICSF services used to encrypt/decrypt the key.Local fix set LoginToken.Encrypt=falseProblem summary **************************************************************** * USERS AFFECTED: All Users of the WebSphere Application * * Server Version 4.0.1 for z/OS and OS/390 * * who are running with the Web container * * security collaborator set to level one * * and are using form authentication security * * and ICSF to encrypt the Login token. * **************************************************************** * PROBLEM DESCRIPTION: If the ICSF encryption for the Login * * token was performed after a user * * successfully logged in, the thread ID * * might get switched to the user ID, * * which does not have sufficient read * * access authority. * **************************************************************** * RECOMMENDATION: * **************************************************************** The ICSF encryption for the Login token is performed after user successfully logs in and the thread id is switched to the user ID. Therefore, the user ID must have read authority to access the CSF* class.Problem conclusion WebSphere Application server will switch to the Web server ID before the ICSF encryption occurs and then switch back to the user ID after the encryption. 401Y EJSJWBJR * Cross Reference between External and Internal NamesTemporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ60718
IBM Group: Software Group
Modified date: Aug 4, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.