IBM Support

PH04282: ERROR AUTHENTICATING WHEN LIBERTY SERVER TRIES TO CONNECT TO A BACK-LEVEL ANGEL PROCESS.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When a current level liberty server (18.0.0.2) tries to
    connect
    to a back level Angel server (18.0.0.1), authentication
    fails:
    FFDC1015I: An FFDC Incident has been created:
    "javax.net.ssl.SSLException: Received fatal alert:
    unknown_ca
    com.ibm.ws.channel.ssl.internal.SSLReadServiceContext
    CWWKS4001I: The security token cannot be validated.
    CWWKS2932I: The unauthorized version of the SAF user
    registry is
    activated. Authentication will proceed using unauthorized
    native
    services.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty for z/OS                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: Authentication error when a WebSphere   *
    *                      Liberty server connects to a back-level *
    *                      Angel process                           *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a WebSphere Liberty server at version 18.0.0.2 and higher
    connects to an Angel process from an older Liberty version, some
    z/OS services such as SAFCRED, RRS, etc, are not available. This
    may result in different errors depending on which service the
    server relies on. For example, having the SAFCRED service
    unavailable may result in the following error message:
    
    FFDC1015I: An FFDC Incident has been created:
    "javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    com.ibm.ws.channel.ssl.internal.SSLReadServiceContext
    CWWKS4001I: The security token cannot be validated.
    CWWKS2932I: The unauthorized version of the SAF user registry
    is
    activated. Authentication will proceed using unauthorized
    native
    services.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PH04282

  • Reported component name

    LIBERTY PROF -

  • Reported component ID

    5655W6514

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-10-19

  • Closed date

    2018-12-20

  • Last modified date

    2018-12-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROF -

  • Fixed component ID

    5655W6514

Applicable component levels

  • RCD0 PSY

       UP



Document information

More support for: WebSphere Application Server for z/OS

Software version: CD0

Reference #: PH04282

Modified date: 20 December 2018