PM78873: AFTER ENABLING IDENTITY ASSERTION OVER CSIV2 THROUGH THE CONSOLE, BOTH CELLS ARE UNABLE TO DETERMINE IT IS ENABLED.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • After configuring Identity Assertion over CSIV2 so
    that a remtoe EJB can be invoked, both cells are unable to
    determine that Identity Assertion is enabled. In the CSIv2
    panels, specify Message layer authentication as "Never".
    
    The following messages are logged:
       SourceId:
    com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerfo
    rmPolicy
       ExtendedMessage:
    0JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH:  The
    client security configuration (sas.client.props or outbound
    settings in GUI)
      does not support the server security configuration for the
    following reasons:
          ERROR 1: JSAS0620E: No supported naming mechanisms are
    defined in attribute layer for Identity Assertion.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V8.0 and V8.5 administrative         *
    *                  console  configuring identity assertion     *
    *                  over CSIv2                                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: Configuring Identity Assertion          *
    *                      over CSIV2 using Message layer          *
    *                      authentication "Never" does not work    *
    *                      correctly                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    After configuring Identity Assertion over CSIV2 so
    that a remtoe EJB can be invoked, both cells are unable to
    determine that Identity Assertion is enabled. In the CSIv2
    panels, specify Message layer authentication as "Never". The
    default values are removed because the disabled checkbox
    values do not get returned on the request.
    

Problem conclusion

  • When "Never" is selected, we no longer change the default
    message layer authentication.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.5.0.2 and 8.0.0.7.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM78873

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-10

  • Closed date

    2012-12-18

  • Last modified date

    2013-04-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R850 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Application Server
General

Software version:

850

Reference #:

PM78873

Modified date:

2013-04-11

Translate my page

Machine Translation

Content navigation