IJ16749: ERROR SYSTEM:INVALIDSECURITYCONFIG AFTER LOGIN INTO MAXIMO WITH LDAP using FORM auth WHEN STRING URL="MXLOGIN.JSP"; in login.jsp

APAR status

• Closed as program error.

Error description

• Problem:
  
  After installing the IFIX008 on Maximo 7.6.1 with LDAP
  configured using FORM authentication,
  if users use the
  following URL to get to maximo : https://xxx.yyy.zzz.com/maximo,
  they get security config error on screen:
  Login Error [system:invalidsecurityconfig]
  If they click return on that screen, they get back to the
  correct login page and can proceed.
  If they use https://xxx.yyy.zzz.com/maximo/ui/login as the URL
  instead of just https://xxx.yyy.zzz.com/maximo, they don't get
  the error. But again, they didn't have the error at ifix007 when
  using https://xxx.yyy.zzz.com/maximo.
  
  In the WAS server logs, they see the following error:
  CWSCJ0053E: Authorization failed for /UNAUTHENTICATED while
  invoking (Bean)maximo#?mboejb.jar#?accesstokenprovider
  getAccessToken::3 is not granted any of the required roles:
  maximouser
  
  This happens when String url = "mxlogin.jsp"; in the login.jsp
  
  Performance Issue:
  No
  
  Steps to Reproduce:
  1. Make sure LDAP must be configured using FORM authentication.
  This can be done by uncommenting <login-config> section for
  <auth-method>FORM</auth-method> in web.xml.
  2. Install the IFIX008 on Maximo 7.6.1 successfully.
  3. Check if the String url = "mxlogin.jsp"; in the login.jsp
  located at
  \IBM\SMP\maximo\applications\maximo\maximouiweb\webmodule\webcli
  ent\login
  4. Use the following URL to get to maximo
  (https://xxx.yyy.zzz.com/maximo) and hit on login.
  5. [system:invalidsecurityconfig] error will get display on the
  screen with 'Return' button on it
  6. Click return on that screen and user is able to get back to
  the correct login page and can proceed.
  
  Results:
  After Maximo 7.6.1 IFIX008 installation withwith LDAP configured
  using FORM authentication, Login
  Error[system:invalidsecurityconfig] getting displayed when users
  use the following URL to get to maximo :
  https://xxx.yyy.zzz.com/maxim
  Also when String url = "mxlogin.jsp"; in the login.jsp
  
  Expected Results:
  User should be able to login to Maximo successfully in first
  attempt using https://xxx.yyy.zzz.com/maximo
  
  
  Reported in Version:
  Tivoli's process automation engine 7.6.1 IFIX008
  

Local fix

• 1. Click return on the error screen, user is able to get back to
  the correct login page and can proceed.
  If user uses https://xxx.yyy.zzz.com/maximo/ui/login as the URL
  instead of just https://xxx.yyy.zzz.com/maximo, user still gets
  the login screen.
  2. Update the login.jsp and change String url from
  String url = "mxlogin.jsp";
  to
  String url = "../../ui/mxlogin";
  
  Then stop the Application Server ? Redeploy and Redeploy the
  MAXIMO.EAR. After deploying ? Clear the Internet Cache of the
  Browser for the changes to take effect.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * Deployments on WAS using form based app-level security       *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * ERROR SYSTEM:INVALIDSECURITYCONFIG AFTER LOGIN INTO MAXIMO   *
  * WITH  LDAP using FORM auth WHEN STRING URL="MXLOGIN.JSP"; in *
  * login.jsp                                                    *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  

Problem conclusion

• Fixed in login.jsp
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  MAXIMO SYSTEMS

• Fixed component ID

  5724R46AV

Applicable component levels