APAR status
Closed as program error.
Error description
The ValidateRedirectLoginFilter provided with PM19405 needs to derive from ImplicitLoginFilter as well as ExplicitLoginFilter in order to be applicable in both the TAI and non-TAI case.
Local fix
None available
Problem summary
The ValidateRedirectLoginFilter provided with PM19405 needs to derive from ImplicitLoginFilter as well as ExplicitLoginFilter in order to be applicable in both the TAI and non-TAI case.
Problem conclusion
This APAR makes the validation filter derive from both ExplicitLoginFilter and ImplicitLoginFilter. It supersedes APARs PM19405 and PM25450. The login filter can be enabled and configured to validate the WasReqURL cookie. In the WAS Admin Console, add the following custom property to the resource environment provider "WP Authentication Service": login.implicit.filterchain=com.ibm.wps.auth.impl.ValidateRedirec tLoginFilter You can determine which redirect URLs should be considered as "invalid" and should be replaced by a default redirect URL by setting the following additional property: filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.blacklist.pattern=<regexp> where "regexp" will be interpreted as a regular expression (see java.util.regex.Pattern) and compared to redirect URL (case-insensitive). If, for example, all redirect URLs that end with *.* should be considered as invalid, the following pattern can be used: .*/[^/]*\\.[^/]* If the current redirect URL matches the specified pattern, then this redirect URL will be replaced by URL for default selection of current scope, which also contains the virtual portal URL context, for example "/wps/myportal/finance". A different redirect URL can be configured with property filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.redirect.url However, note that using a "static" redirect URL breaks login to virtual portals if virtual portals are URL context mapped, not host name mapped. Manual Steps: None Failing Module(s): Authorization/Authentication (login/logout) Affected Users: All users Version Information: Portal Version(s): 6.1.0.3 Pre-Requisite(s): PM25450 (or the respective cumulative fix) Co-Requisite(s): --- Platform Specific: This fix applies to all platforms. A fix is available from Fix Central: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde r?apar=PM28703&productid=WebSphere%20Portal&brandid=5 You may need to type or paste the complete address into your Web browser.
Temporary fix
Comments
APAR Information
APAR number
PM28703
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
61C
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-12-13
Closed date
2011-01-10
Last modified date
2012-07-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600
Applicable component levels
R61C PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.3","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
20 December 2021