IBM Support

PH15089: A login might be required for unprotected resources when none of TAIs processed a request.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When Trust Association Interceptor(TAI) is enabled and
    invokeForUnprotectedURI="true" is configured, if none of
    TAIs intercepts an incoming request and a target resource is
    not protected, a login process might be carried out. As a
    result, an end user might be requested to login. The
    expected behavior is that the request should be processed
    without login.

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty  who are enabling TAI and    *
    *                  invokeForUnprotectedURI is set as true.     *
    * PROBLEM DESCRIPTION: When a TAI is enabled with the property *
    *                      invokeForUnprotectedURI=true, a login   *
    *                      panel will pop up even when accessing   *
    *                      an unprotected resource.                *
    * RECOMMENDATION:                                              *
    Due to a code defect, there is not a code path to skip the
    application defined authentication and authorization for
    unprotected resources if TAI did not intercept a request.

Problem conclusion

  • The code was modified not to perform login process if target
    resource is not protected and TAI did not process a request.
    The fix for this APAR is currently targeted for inclusion in fix
    pack  Please refer to the Recommended Updates page for
    delivery information:

Temporary fix


APAR Information

  • APAR number


  • Reported component name


  • Reported component ID


  • Reported release


  • Status


  • PE




  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date


  • Closed date


  • Last modified date


  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name


  • Fixed component ID


Applicable component levels

Document information

More support for: WebSphere Application Server

Software version: CD0

Reference #: PH15089

Modified date: 14 August 2019