IBM Support

IC78584: AAA CACHE TTL CAN BE OVERRIDDEN BY BROAD XML MANAGER DOCUMENT CACHE POLICIES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • The Cache Lifetime (TTL) of AAA authentication and authorization
    cache entries is configurable in the AAA Policy object.
    Broad document cache policies in the XML Manager where the AAA
    Policy is used can accidentally override the TTL values
    configured in the AAA Policy.
    
    Broad matching patterns such as "*" in a document cache policy
    can cause this problem.  Any pattern that matches URLs starting
    with "aaa://" can cause this problem.
    

Local fix

  • Do not use matching patterns (such as "*") in the document cache
    settings of the XML Manager that match strings
    starting with "aaa://".  Use more specific patterns instead such
    as "http://*".
    
    Alternatively add a specific policy with a matching pattern of
    "aaa://*", a priority of 255, and a policy type of
    "Protocol-Based" in the document cache settings of the XML
    Manager.
    
    Doing either of these things will ensure that the AAA cache TTL
    values configured in the AAA Policy are respected.
    

Problem summary

  • The fix will be provided in a future major release.  No formal
    fix is planned for the current release.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC78584

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    373

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-09-12

  • Closed date

    2011-09-30

  • Last modified date

    2011-10-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R100 PSN

       UP

  • R350 PSN

       UP

  • R351 PSN

       UP

  • R360 PSN

       UP

  • R361 PSN

       UP

  • R370 PSN

       UP

  • R371 PSN

       UP

  • R372 PSN

       UP

  • R373 PSN

       UP

  • R380 PSN

       UP

  • R381 PSN

       UP

  • R382 PSN

       UP

  • R401 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.7.3","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
11 February 2022