Download
Abstract
-username with an @ symbol fails authentication. -Web authn options are ignored when unprotected URI is accessed.
Download Description
PK71826 resolves the following problem:
ERROR DESCRIPTION:?
Multiple Security issues will be addressed in this APAR:
1. Web authentication options "Authenticate when any URI is accessed" or "Use available authentication data when an unprotected URI is accessed" are ignored. Servlets with no security constraints will not be authenticated, TAI's will not be invoked.
2. When a valid username that includes an @ symbol (e.g. an email address) is used for login to an application, the authentication and authorization steps fail.
LOCAL FIX:?
none
PROBLEM SUMMARY:?
USERS AFFECTED:
All users of IBM® WebSphere® Application Server version 7.0
PROBLEM DESCRIPTION:
-username with an @ symbol fails authentication.
-Web authn options are ignored when unprotected URI is accessed.
RECOMMENDATION:
None
MULTIPLE SECURITY ISSUES: WEB AUTHENTICATION OPTIONS IGNORED, and USER NAMES WITH @ SYMBOL (e.g. use of email address) FAILS AUTHENTICATION.
PROBLEM CONCLUSION:?
The fix for this APAR is currently targeted for inclusion in fixpack 7.0.0.1.
Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Download Package
Download package
What is Fix Central (FC)?
What is DD?
Download | RELEASE DATE | LANGUAGE | SIZE(Bytes) | Download Options | ||
---|---|---|---|---|---|---|
7.0-WS-WAS-IFPK71826 | 09-19-2008 | US English | 47638 | FC | FTP | DD |
Technical Support
Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24020602