IBM Support

IV93425: 401 UNAUTHORIZED LOGIN ERROR WHEN F5 LOAD BALANCING "ALWAYS SEND COOKIE" ENABLED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Maximo Anywhere only works if the "Always Send Cookie" is
disabled and fails if enabled.
From Anywhere login user receives 401 unauthorized error. From
browser same user can login to Maximo, but not from Anywhere.
The user has both Site and Labor access but are still getting
401 error.
PERFORMANCE ISSUE: No
STEPS TO REPRODUCE:
Issue is occurs when a Maximo user attempts to login from
either a device (tested on Android) or
the Mobile browser simulator.
Maximo Anywhere 7.6.1 is configured to point to an LDAP Maximo
7.5.x
system behind and F5 Load Balancer over port 80.

The Worklight.properties is configured with:
si.auth.type=basic
The web.xml is configured with security-constraint section:

<auth-method>BASIC</auth-method>
and Security role section of web.xml has useAppServerSecurity
set to 1:

The configuration has been done as per the article:
Maximo Anywhere and LDAP
https://www.ibm.com/developerworks/community/blogs/a9ba1efe-b731
-4317-9724-a181d6155e3a/entry/
maximo_anywhere_and_ldap?lang=en

CURRENT ERRONEOUS RESULT:
Maximo Anywhere login user receives 401 unauthorized error.
What we have observed was that the using the browser, on Maximo
Anywhere only works if the F5
configuration "Always Send Cookie" is disabled.
EXPECTED RESULT:
Successful login to Maximo Anywhere when using F5 Load Balancer
ADDITIONAL INFO:
F5 is configured for Round-Robin Load Balancing and we are
using sticky session.
ENVIRONMENT:
IBM Maximo Anywhere 7.6.1.0 Build 20160907_132639-0500 DB Build
V7610-10
Tivoli's process automation engine 7.5.0.8-IFIX20160316-1458
Build 20150401-2000 DB Build V7508-33
HFDB Build HF7508-11
TPAE OSLC Object Structure 7.6.1.0 Build 20160907_132614-0500
DB Build V7610-15
IBM TPAE Integration Framework 7.5.1.3 Build 20150403-1800 DB
Build V7513-027510-03
Oracle Adapter 7.5.0.0 Build 20110805-1549 DB Build V7500-04
Maximo Everyplace 7.5.0.0 Build 20110307-0030 DB Build V7100-01
App Server  Weblogic Application Server 10.3.6.0
Server OS  Linux 3.0.101-80-default
Server DB  Oracle 11.2.0.4.0

Local fix

  • Disable the F5  "Always Send Cookie" configuration

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All Users                                                    *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Maximo anywhere wasn't properly handling set-cookie headers  *
* in responses from the Maximo server causing cookies to get   *
* lost for future requests.                                    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

  • Fixed in Maximo Anywhere platform.  To receive
this fix, upgrade to the latest iFix for 7.6.1 or 7.6.2 or the
next release after 7.6.2.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV93425
    • 

  • Reported component name
    ANYWHERE APPS
    • 

  • Reported component ID
    5725M39MA
    • 

  • Reported release
    761
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-02-16
    • 

  • Closed date
    2017-06-30
    • 

  • Last modified date
    2017-06-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ANYWHERE APPS
    • 

  • Fixed component ID
    5725M39MA
    • 



Applicable component levels


    

  • R752  PSY
       UP
    • 

  • R760  PSY
       UP
    • 

  • R761  PSY
       UP
    • 

  • R762  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPJLC","label":"Maximo Anywhere"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"761","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 June 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback