PM19604; 7.0.0.11: spnego web authentication always interacts with spnego interc

Download

Abstract

A custom property "com.ibm.websphere.security.performTAIForUnprotectedURI" is not effective to SPNEGO WEB authentication

Download Description

PM19604 resolves the following problem:

ERROR DESCRIPTION:
Lotus application on WebSphere Application Server 7.0 SPNEGO always tries to authenticate for all URI's even though that are not protected. This is a problem when using browser outside the domain.

In v6.1 this is not happening and it is working correctly. Able to access the application without authenticate when using browser outsidethe domain

Difference In v6.1 it will use spnego tai on v7.0 it will use spnego web authentication.

LOCAL FIX:
n/a

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server version 7.0 with SPNEGO WEB authentication enabled

PROBLEM DESCRIPTION:
A custom property "com.ibm.websphere.security.performTAIForUnprotectedURI" is not effective to SPNEGO WEB authentication

RECOMMENDATION:
None

The custom property "com.ibm.websphere.security.performTAIForUnprotectedURI", which was introduced in WebSphere Application Server version 6.1 is for enabling or disabling interactions to Trust Association Interceptors(TAI) when target URIs are not protected. On WebSphere Application Server version 7.0, SPNEGO WEB Authentication is introduced as a successor of SPNEGO TAI.
However, the value of custom property is not honored by SPNEGO WEB Authentication.

PROBLEM CONCLUSION:
With this fix, SPNEGO WEB Authentication honors the value of the custom property.

The fix for this APAR is currently targeted for inclusion in Fix Pack 7.0.0.13. Refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980

Prerequisites

Download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?uid=swg21205991"}]

Installation Instructions

Review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"6857","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM19604/readme.txt"}]

          [{"DNLabel":"7.0.0.11-WS-WAS-IFPM19604","DNDate":"8/17/2010","DNLang":"US English","DNSize":"34625","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=7.0.0.11-WS-WAS-IFPM19604&product=ibm%2FWebSphere%2FWebSphere%20Application%20Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM19604/7.0.0.11-WS-WAS-IFPM19604.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM19604/7.0.0.11-WS-WAS-IFPM19604.pak"}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0.11","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PM19604

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24027626

Tips