PQ69352: SETTING WEB_SECURITY_VERSION=2 USING BASIC FORM LOGIN, METHOD GETREMOTEUSER KEEPS THE CASE ENTERED USING HTTP TRANSPORT ONLY

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Customer reports that running BASIC FORM LOGIN with WEB_
SECURITY_VERSION=2 in jvm properties when user enters userid/
passsword at the browser in lower case the getremoteuser method
parses it that way. Running with the HTTP PLUGIN the
userid and password get folded to uppercase regardless
of what is entered at the browser.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: Setting WEB_SECURITY_VERSION=2 using    *
*                      basic form login, method getremoteuser  *
*                      keeps the case entered when using HTTP  *
*                      transport. This is inconsistent with    *
*                      other login behavior.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Customer reports that running BASIC FORM LOGIN with
WEB_SECURITY_VERSION=2 in jvm properties when user enters
userid/password at the browser in lower case the getremoteuser
method parses it that way. Running with the HTTP PLUGIN the
userid and password get folded to uppercase regardless
of what is entered at the browser.
Problem conclusion
The login process was updated to uppercase the input value
before login, and save the uppercased ID in the principal.
This is consistent with the other login behaviour and enables
the SAF login.

APAR PQ69352 is associated with SERVICE LEVEL W401501 of
WebSphere Application Server V4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ69352
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-12-20
Closed date 2003-03-05
Last modified date 2003-04-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ74747    UP03/03/12 P F303

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ69352
IBM Group: Software Group
Modified date: Apr 3, 2003