APAR status
Closed as program error.
Error description
In 3.8.0 or later firmware, a change in behavior for AAA policies was introduced affecting any AAA policy configured to generate LTPA tokens in the PostProcessing step and configured to pass the token via HTTP headers. Prior to this change, the policy would not add a Set-Cookie header. With the new behavior a Set-Cookie header is added to the response containing the LTPA token generated by the policy. This may cause problems for services imported from v3.8.0 or earlier when Set-Cookie was not returned as the header may be now added twice.
Local fix
The Set-Cookie header can be explicitly reset as needed.
Problem summary
Affected customers are those using a AAA policy with Generate LTPA Token in the PostProcessing step and Use WSSecurirty set to 'off'. Beginning with 3.8.0, a Set-Cookie response header is added which can cause problems for some configurations.
Problem conclusion
This APAR fix adds a new WebGUI property, Insert LTPA Set-Cookie, visible when "Generate LTPA Token" is set to "on". Enabled by default, this new property inserts a Set-Cookie header in the response that contains the LTPA token that is generated during the AAA post-processing phase preserving the post-v3.8.0 behavior. For older services requiring the pre-v3.8.0 behavior for compatibility purposes, the Insert LTPA Set-Cookie property may be disabled. The fix is available in 4.0.1.9 and 4.0.2.5.
Temporary fix
Comments
APAR Information
APAR number
IC81690
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
381
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-02-28
Closed date
2012-03-19
Last modified date
2012-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R401 PSY
UP
R402 PSY
UP
R500 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 February 2022