IBM Support

PH15089: A login might be required for unprotected resources when none of TAIs processed a request.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When Trust Association Interceptor(TAI) is enabled and
    invokeForUnprotectedURI="true" is configured, if none of
    TAIs intercepts an incoming request and a target resource is
    not protected, a login process might be carried out. As a
    result, an end user might be requested to login. The
    expected behavior is that the request should be processed
    without login.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty  who are enabling TAI and    *
    *                  invokeForUnprotectedURI is set as true.     *
    ****************************************************************
    * PROBLEM DESCRIPTION: When a TAI is enabled with the property *
    *                      invokeForUnprotectedURI=true, a login   *
    *                      panel will pop up even when accessing   *
    *                      an unprotected resource.                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to a code defect, there is not a code path to skip the
    application defined authentication and authorization for
    unprotected resources if TAI did not intercept a request.
    

Problem conclusion

  • The code was modified not to perform login process if target
    resource is not protected and TAI did not process a request.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 19.0.0.8  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH15089

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-30

  • Closed date

    2019-08-14

  • Last modified date

    2019-08-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels



Document information

More support for: WebSphere Application Server

Software version: CD0

Reference #: PH15089

Modified date: 14 August 2019