Security Authentication Failed on Redirect
 Technote (FAQ)
 
Problem
This error occurs when using the IBM HTTP Web server rather than the HTTP Transport Handler for HTTP requests.

In the ncf.log, you will see the following messages:
WS390Redirect D processFormLoginResponse: login for userid <userid> with password failed - rc = 9D000498

or

WS390Redirect X buildRemoteConn: login to default userid CBDVL1I failed rc = 9D000498 , URL = <hostname>:<port>/<rooturi>
 
 
Solution
Look for the above messages in the ncf.log. Make sure you have done the following:
  • Applied PTFs UQ61610 and UQ68592
  • In the HTTP Server's httpd.envvars file, code: JAVA_PROPAGATE=NO
  • In the WebSphere for z/OS webcontainer.conf file, code: WebAuth.UnauthenticatedUserSurrogate=<Userid>

The HTTP Server’s userid must have READ access to the SURROGATE profile of <Userid>.

Setting JAVA_PROPAGATE to anything other than NO means the userid on the request thread cannot be switched.


Related information

WebSphere Application Server V4.0.1 for z/OS and OS/390: Assembling Java™2 Platform Enterprise Edition (J2EE™) Applications
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Security
Operating system(s): z/OS
Software version: 4.0.1
Software edition:
Reference #: 1165294
IBM Group: Software Group
Modified date: Apr 5, 2004