APAR status
Closed as program error.
Error description
When making an outbound HTTP request using a HTTPRequest or SOAPRequest node on Windows platforms the Integrated Windows Authentication (IWA) protocols, NTLM, Kerberos, SPNEGO, and SPNEGO-2 auth types are not enabled by default. This leads to a HTTP 401 Unauthorized being received when making a request to a server which requires IWA authentication. On Windows platforms all IWA protocols (NTLM, Kerberos, SPNEGO, and SPNEGO-2) should be enabled by default from IBM Integration Bus Version 10.
Local fix
To enable all Integrated Windows Authentication (IWA) protocols (NTLM, Kerberos, SPNEGO, and SPNEGO-2), use the following command: mqsichangeproperties <broker> -e <eg> -o ComIbmSocketConnectionManager -n allowedAuthTypes -v "All" Then restart the Integration Node (broker) to apply the changes. See Knowledge Center topic "Providing credentials for outbound requests by using IWA" http://www.ibm.com/support/knowledgecenter/SSMKHH_10.0.0/com.ibm .etools.mft.doc/bp62015_.htm for more details.
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM Integration Bus Version 10 issuing an outbound HTTP request using a HTTPRequest or SOAPRequest node on a Windows platform to a server which requires Integrated Windows Authentication (IWA) using one of the following protocols: NTLM, Kerberos, SPNEGO, or SPNEGO-2. Platforms affected: Windows on x86-64 platform **************************************************************** PROBLEM DESCRIPTION: When making an outbound HTTP request using a HTTPRequest or SOAPRequest node on Windows platforms the Integrated Windows Authentication (IWA) protocols, NTLM, Kerberos, SPNEGO, and SPNEGO-2 auth types are not enabled by default. This can be confirmed by issuing the following command on the affected Integration Server (execution group): mqsireportproperties <broker> -e <eg> -o ComIbmSocketConnectionManager -r The property allowedAuthTypes will be set to 'Basic' only. This leads to a HTTP 401 Unauthorized being received when making a request to a server which requires IWA authentication. On Windows platforms all IWA protocols (NTLM, Kerberos, SPNEGO, and SPNEGO-2) should be enabled by default from IBM Integration Bus Version 10.
Problem conclusion
All Integrated Windows Authentication (IWA) protocols, (NTLM, Kerberos, SPNEGO, and SPNEGO-2) are now enabled by default on Windows platforms. IWA protocols remain disabled by default on non-Windows platforms. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.5 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT10175
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-07-22
Closed date
2016-05-24
Last modified date
2016-05-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0540
Applicable component levels
RA00 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
23 March 2020