A fix is available
APAR status
Closed as program error.
Error description
UK15261 PK22736 failed to ship module DFHESE. This means identity assertion will not work as expected.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users with UK15261 applied. * **************************************************************** * PROBLEM DESCRIPTION: Using WS-Security identity assertion * * fails because the security checks are * * done using the current userid and not * * the userid in the SOAP message. * * * * ABEND0C4 in DFHSIP which can lead to * * CICS terminating when issuing START * * requests to remote regions connected * * via MRO and the sessions have a preset * * userid. * **************************************************************** * RECOMMENDATION: * **************************************************************** When DFHWSSE1 inquires on the security context for a specified userid extracted from the incoming SOAP message, the current userid for the running task is used instead. UK15261 failed to ship module DFHESE and this prevented the specified userid from being passed to DFHXSRC. DFHXSRC then used the current userid to perform the security checking. UK15261 also failed to update DFHSNAS. During SIGNON_ATI_SESSION processing for a CRSR task DFHUSAD is called for INQUIRE_USER processing. UK15261 increased the DFHUSAD parameter list by 8 bytes to incorporate a new SECURITY_TOKEN which can be returned. The parameters passed to DFHUSAD by DFHSNAS are at the very end of DFHSNAS stack storage. DFHUSAD returns all of the parameters it is possible to inquire on, including the new SECURITY_TOKEN. This overwrites the 8 bytes following the end of the stack entry for DFHSNAS. This is the first 8 bytes of the stack for DFHUSAD and causes register 14 be overlaid. When DFHUSAD returns to DFHSNAS it restores the now corrupted R14 and will branch to a random location. This causes an 0C4 abend in DFHSIP and may lead to CICS terminating.
Problem conclusion
UK15261 Module DFHESE has been shipped containing the required changes to pass the specified userid to DFHXSRC. Module DFHSNAS has been regenerated so that the correct version of the DFHUSAD parameter list is now used. This prevents the overlay of the first 8 bytes of DFHUSAD stack storage. The CICS Transaction Server for z/OS V3.1 Web Services Guide (SC34-6458-04) will be updated. A new section "Prerequisites for implementing WS-Security" will be added after the introduction in chapter 14 "Support for Web Services Security" as follows: Prerequisites To implement Web Services Security, you must apply the following updates to your CICS region. 1. Install the free IBM XML Toolkit for z/OS v1.7. You can download it from the following site: http://www.ibm.com/servers/eserver/zseries/software/xml/. You must install version 1.7. Later versions do not work with Web Services Security support in CICS. 2. Apply the PTF for APAR PK22736. 3. Add the following libraries to the DFHRPL concatenation: o hlq.SIXMLOD1 o hlq.SCLBDLL o hlq.SCEERUN where hlq is the high level qualifier that was specified by the system programmer when the Web Services Security APAR was installed. These libraries contain DLLs that are required at run time by DFHWSSE1. IXM4C54 is provided by the XML toolkit and is found in hlq.SIXMLOD1; IOSTREAM is provided by the C++ runtime and is found in hlq.SCLBDLL; C128N is provided by the Language Environment runtime and is found in hlq.SCEERUN. 4. You might need to increase the value of the EDSALIM system initialization parameter. The three DLLs that need to be loaded require approximately 15MB of EDSA storage. If you do not have the libraries specified, you get the following message: CEE3501S The module module_name was not found. The module_name varies depending on which library is missing.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
**** PE06/07/28 PTF IN ERROR. SEE APAR PK28761 FOR DESCRIPTION
APAR Information
APAR number
PK27523
Reported component name
CICSTS 3.1 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
YesPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2006-07-03
Closed date
2006-07-20
Last modified date
2006-08-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
DESABAB DESDSBRI DESD2D2 DESD2EX1 DESEIPI DESIIRR DESLEPT DESLI1 DESLI2 DESLI3 DESPICC DESPICV DESPIDC DESPIDM DESPIII DESPIIS DESPIIT DESPIIW DESPILSQ DESPIPL DESPIPM DESPISC DESPISN DESPIST DESPITL DESPITRI DESPIWR DESSNAS DESSNPU DESSNSG DESSNSU DESSNTU DESSNUS DESSNXR DESSOSE DESUSAD DESWBAP DESWBDM DESWBRQ DESWBSR DESWBUR DESWBXM DESXMXN DESXSRC DESZSGN DFHABAB DFHAMPI DFHAPLI1 DFHAPLI2 DFHAPLI3 DFHAPLJ1 DFHAPLJ3 DFHAPLX1 DFHAPLX3 DFHBSTS DFHBSTZO DFHCPI DFHCURDI DFHCURDM DFHDSAT DFHDSBRI DFHD2D2 DFHD2EX1 DFHEIP DFHEIPI DFHEIQPI DFHEIQSA DFHEIQSO DFHEIQST DFHERM DFHESE DFHICP DFHICXM DFHIIRR DFHKEDS DFHKEIN DFHKEMD DFHKERN DFHKESGM DFHKEXM DFHLEPT DFHLEPTA DFHLEPTD DFHLEPTI DFHLEPTM DFHLEPTO DFHLEPTT DFHLFM DFHLIFO DFHLONGN DFHMEPIE DFHMSGIF DFHPIAP DFHPICC DFHPICCA DFHPICCM DFHPICCT DFHPIDCC DFHPIDCD DFHPIDM DFHPIII DFHPIIIA DFHPIIIM DFHPIIIT DFHPIISC DFHPIISI DFHPIIT DFHPIIW DFHPIIWA DFHPIIWM DFHPIIWT DFHPILSQ DFHPIPL DFHPIPM DFHPISB DFHPISC DFHPISN DFHPISNA DFHPISNC DFHPISND DFHPISNM DFHPISNT DFHPISN1 DFHPISN2 DFHPIST DFHPITL DFHPITLA DFHPITLM DFHPITLT DFHPITP DFHPITRI DFHPIUCC DFHPIUCD DFHPIWR DFHPIWRA DFHPIWRJ DFHPIWRM DFHPIWRT DFHPIWRV DFHSNAS DFHSNPU DFHSNSG DFHSNSGI DFHSNSU DFHSNTPC DFHSNTU DFHSNUS DFHSNXR DFHSOSE DFHSOSEA DFHSOSEM DFHSOSET DFHSOSKO DFHTCRP DFHTRCIF DFHUSAD DFHUSADA DFHUSADM DFHUSADT DFHWBAP DFHWBAPF DFHWBDM DFHWBRQS DFHWBSR DFHWBUR DFHWBURA DFHWBURC DFHWBURM DFHWBURT DFHWBXM DFHXMACA DFHXMACM DFHXMACT DFHXMATA DFHXMATM DFHXMATT DFHXMIQ DFHXMIQA DFHXMIQD DFHXMIQM DFHXMIQS DFHXMIQT DFHXMIQX DFHXMIQY DFHXMPPA DFHXMPPM DFHXMPPT DFHXMXBC DFHXMXBD DFHXMXEA DFHXMXEM DFHXMXET DFHXMXNC DFHXMXND DFHXSRC DFHXSRCA DFHXSRCM DFHXSRCT DFHXTP DFHZATA2 DFHZSGN DFHZTSP DFH22736 DFJ@H176 MFHMEPIE
SC34645804 |
Fix information
Fixed component name
CICSTS 3.1 Z/OS
Fixed component ID
5655M1500
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 August 2006