IC81690: SET-COOKIE HEADER ADDED FOR LTPA TOKEN AFTER UPGRADE

APAR status

• Closed as program error.

Error description

• In 3.8.0 or later firmware, a change in behavior for AAA
  policies was introduced affecting any AAA policy configured to
  generate LTPA tokens in the PostProcessing step and configured
  to pass the token via HTTP headers. Prior to this change, the
  policy would not add a Set-Cookie header. With the new behavior
  a Set-Cookie header is added to the response containing the LTPA
  token generated by the policy. This may cause problems for
  services imported from v3.8.0 or earlier when Set-Cookie was not
  returned as the header may be now added twice.
  

Local fix

• The Set-Cookie header can be explicitly reset as needed.
  

Problem summary

• Affected customers are those using a AAA policy with
  Generate LTPA Token in the PostProcessing step and
  Use WSSecurirty set to 'off'. Beginning with 3.8.0, a
  Set-Cookie response header is added which can cause problems for
  some configurations.
  

Problem conclusion

• This APAR fix adds a new WebGUI property, Insert LTPA
  Set-Cookie, visible when "Generate LTPA Token" is set to "on".
  
  
  Enabled by default, this new property inserts a Set-Cookie
  header in the response that contains the LTPA token that is
  generated during the AAA post-processing phase preserving the
  post-v3.8.0 behavior.
  
  For older services requiring the pre-v3.8.0 behavior for
  compatibility purposes, the Insert LTPA Set-Cookie property may
  be disabled.
  
  The fix is available in 4.0.1.9 and 4.0.2.5.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  DATAPOWER

• Fixed component ID

  DP1234567

Applicable component levels

• R401 PSY

     UP

• R402 PSY

     UP

• R500 PSY

     UP