Fixes are available
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Solaris
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for HP-UX
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Linux
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Linux
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Windows
6.1.0.7 WebSphere Application Server V6.1 Fix Pack 7 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for i5/OS
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for i5/OS
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for HP-UX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
APAR status
Closed as program error.
Error description
WebSphere Portal supports a concept called Parallel Portlet Rendering. This concept allows to flag individual portlets on a portal page to be rendered in parallel. If this is activated for an individual portlet, the portal page aggregation process will start an asynchronous work item for the corresponding RequestDispatcher call that includes the markup provided by that portlet. This asynchronous work item is implemented as an asynch bean. in WAS 6.0.? In WAS 6.0.2.x releases, the actual LTPA token data is no longer available from WSCredential.getCredentialToken() call when called from within an asynch bean. Thus, those portlets that need to do LTPA token forwarding, e.g. the Lotus Notes Portlet that does LTPA token based SSO with the Domino mail server, are now broken with this change since they have no means of accessing the LTPA token data anymore. Possible errors seen for this problem: SECJ5010E: Could not create default AuthenticationToken during propagation login. The following exception occurred: com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type. - NMSV0610I: A NamingException is being thrown from a javax.naming.Context implementation. Details follow: Context implementation: com.ibm.ws.naming.jndicos.CNContextImpl Context method: lookupExt Context name: Cellname/nodes/nodename/servers/ServerB Target name: ejb/com/xxxx/B/framework/communication/sequence/ SequenceNumberHome Other data: "" Exception stack trace: javax.naming.NoPermissionException: NO_PERMISSION exception caught ■Root exception is org.omg.CORBA.NO_PERMISSION: >> SERVER (id=aaaaaaaa, host=hostname) TRACE START: >> org.omg.CORBA.NO_PERMISSION: Subject is null. Authentication Failed. vmcid: 0x49424000 minor code: 300 completed: No - This solution is only for situations where ServerA makes EJB calls from AsyncBeans to ServerB. It is not for JAAS login problems.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: WebSphere Application Server version 6 * * users who are using AsyncBeans. * * * * * **************************************************************** * PROBLEM DESCRIPTION: WSCredential.getCredentialToken() * * method doesn't return actual the * * LTPAToken. * * * * * **************************************************************** * RECOMMENDATION: * * * * * * * * * **************************************************************** In WebSphere Application Server version 6 releases, the actual LTPA token data is no longer available from a WSCredential.getCredentialToken() call when called from within an AsyncBean. This function used to work on WebSphere Application Server Version 5.1.x. Since some of Portlets in WebSphere Portal Server use this function, these portlets no longer work. The same issue might occur with any application that has an asynchronous bean and invokes the WSCredential.getCredentialTokenmethod to get a forwardable credential for an EJB invocation.
Problem conclusion
With this fix, the LTPAToken is forwarded to AsyncBeans. To enable this function, the following custom property need to specify in security.xml: com.ibm.ws.security.createTokenSubjectForAsynchLogin=true Please follow the steps below to specify the property: 1) In Admin Console, click Security, then click Global Security. 2) Under Additional Properties, click Custom properties. 3) Click New. 4) In the Name field, type com.ibm.ws.security.createTokenSubjectForAsynchLogin 5) In the Value field, type true 6) Click Apply and Save. 7) Restart WebSphere Application Server The fix for this APAR is currently targeted for inclusion in fixpack 6.0.2.19 and 6.1.0.9. Please refer to the Recommended Updates page for delivery information:
Temporary fix
Comments
APAR Information
APAR number
PK32564
Reported component name
WEBSPH APP SERV
Reported component ID
5724J0800
Reported release
60A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2006-10-06
Closed date
2006-11-02
Last modified date
2010-11-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
SECURITY
Fix information
Fixed component name
WEBSPH APP SERV
Fixed component ID
5724J0800
Applicable component levels
R60A PSY
UP
R60H PSY
UP
R60I PSY
UP
R60P PSY
UP
R60S PSY
UP
R60W PSY
UP
R60Z PSY
UP
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
29 December 2021