Fixes are available
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
When "SAFRunAs %%CERTIF_REQ%%" is configured, no error_log entry is issued when a user is rejected due to missing SSL, missing client certificate, or failure to map a certificate to a userid.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server (powered by * * Apache) on z/OS with 'SAFRunAs * * %%CERTIF_REQ%%' configured * **************************************************************** * PROBLEM DESCRIPTION: There are no entries in the error log * * for 'SAFRunAs %%CERTIF_REQ%%' * * failures. * **************************************************************** * RECOMMENDATION: Apply this fix if using 'SAFRunAs * * %%CERTIF_REQ%%' * **************************************************************** There should have been an error log entry for failures with 'SAFRunAs %%CERTIF_REQ%%', but there was not.
Problem conclusion
An error log entry was added for when a user is rejected with a 403 under 'SAFRunAs %%CERTIF_REQ%%'. The severity of existing messages was also increased for this same configuration when certificate mapping failures trigger a 403 response. This fix is targeted for IBM HTTP Server updates: - 7.0.0.41 - 8.0.0.13 - 8.5.5.9 - 9.0.0.0-PI54808
Temporary fix
Comments
APAR Information
APAR number
PI50397
Reported component name
WAS IHS ZOS
Reported component ID
5655I3510
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-13
Closed date
2016-02-08
Last modified date
2016-02-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS IHS ZOS
Fixed component ID
5655I3510
Applicable component levels
R700 PSY
UP
Document Information
Modified date:
28 April 2022