IBM Support

IC78628: TAM CONFIGURATION PROPERTY IGNORED IN DATAPOWER FIRMWARE VERSIONS 3.8.1.0 AND LATER.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A DataPower Tivoli Access Manager (TAM) object supports the use
of SSL connections to the TAM registry server.  The
cryptographic material to complete this connection is provided
to the DataPower TAM object in a keystore database (kdb) file.
If the TAM registry server requires authentication of a client
through certificate authentication, the kdb file  must contain a
valid certificate.

If the required client certificate in the kdb file is not the
default certificate, the label of the required certificate must
also be provided so that the TAM object can use the correct
certificate to authenticate to the TAM registry server.

This configuration property is called "ldap-ssl-key-file-dn"
from the command line, "LDAPSSLKeyFileLabel" for use through the
XML Management Interface, and "Registry Server SSL Key File
Label" in the WebGUI.

This configuration property is ignored in DataPower versions
3.8.1.0 and later no matter where it is set (command line,
WebGUI, SOAP request through XML management interface, or
configuration import).

Local fix

  • 



Problem summary


    

  • Affected is the use of TAM feature.

If the required client certificate in the kdb file is not the
default certificate, the needed specification of the required
certificate label does not take effect.

    



Problem conclusion


    

  • The fix is available in 3.8.1.16, 3.8.2.7, 4.0.1.4,
4.0.2.1 and XE82 1.0.0.2

    



Temporary fix


    

  • Refrain from using TAM user registry SSL client authentication
certificates that are not the default certificate in their
keystore file.

    



Comments


    

  • 



APAR Information




    

  • APAR number
    IC78628
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    401
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2011-09-15
    • 

  • Closed date
    2011-09-21
    • 

  • Last modified date
    2011-10-18
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    

  • R381  PSY
       UP
    • 

  • R382  PSY
       UP
    • 

  • R401  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback