IT01874: WEB-BASED GUI LOGIN TIMES OUT, OFFLINE STATUS APPEARS, USER IS NEVER REDIRECTED TO LOGIN PAGE.

Refresh Pack 5.2.2 (June 2014) for Tivoli Storage Productivity Center
Refresh Pack 5.2.3 (August 2014) for Tivoli Storage Productivity Center
Fix Pack 5.2.4 (November 2014) for Tivoli Storage Productivity Center
Fix Pack 5.2.4.1 (December 2014) for Tivoli Storage Productivity Center
Refresh Pack 5.2.5 (March 2015) for Tivoli Storage Productivity Center (withdrawn)
Fix Pack 5.2.5.1 (April 2015) for Tivoli Storage Productivity Center (withdrawn)
Refresh Pack 5.2.6 (June 2015) for Tivoli Storage Productivity Center
Refresh Pack 5.2.7 (August 2015) for Tivoli Storage Productivity Center
IBM Spectrum Control V5.2.8 (December 2015)
IBM Spectrum Control V5.2.9 (February 2016)
IBM Spectrum Control V5.2.10 (May 2016)
IBM Spectrum Control V5.2.10.1 (July 2016)
IBM Spectrum Control V5.2.11 (August 2016)
IBM Spectrum Control V5.2.12 (November 2016)
IBM Spectrum Control V5.2.13 (March 2017)
IBM Spectrum Control V5.2.14 (May 2017)
IBM Spectrum Control V5.2.15 (August 2017)
IBM Spectrum Control V5.2.15.2 (November 2017)
IBM Spectrum Control V5.2.16 (March 2018)
IBM Spectrum Control V5.2.17 (May 2018)
Fix Pack 5.2.7.1 (February 2016) for Tivoli Storage Productivity Center

APAR status

• Closed as program error.

Error description

• Due to new 5.2.1 web-based GUI functionality, an underlying
  embedded WebSphere (eWAS) problem has been exposed,
  where  eWAS is not removing an invalidated session, and when the
  user should be redirected to the login.jsp
  page, the now un-authenticated session is associated with an
  anonymous user.
  The following exception (raised in the
  <tpc_install_dir>\ewas\profiles\WebServerProfile\logs\webServer
  \SystemOut.log) when this problem is encountered:
  [4/28/14 13:26:45:575 MST] 00000031 webapp        E
  com.ibm.ws.webcontainer.webapp.WebApp logServletError
  SRVE0293E: [Servlet Error]-[/Login.jsp]:
  com.ibm.websphere.servlet.session.UnauthorizedSessionRequestExce
  ption:
  SESN0008E: A user authenticated as anonymous has attempted to
  access a session owned by
  user:defaultWIMFileBasedRealm/uid=<domain>\administrator,o=lo
  calOS.
  at
  com.ibm.ws.session.SessionContext.checkSecurity(SessionContext.j
  ava:1388)
  at
  com.ibm.ws.session.SessionContext.isValid(SessionContext.java:89
  1)
  at
  com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequ
  estContext.java:96)
  at
  com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServ
  letRequest.java:2141)
  at
  com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServ
  letRequest.java:2125)
  at com.ibm._jsp._Login._jspService(_Login.java:165)
  RECREATE STEPS:
  Attempt to log on to web-based GUI after closing browser without
  first logging out of TPC.
  
  DB2 Version used for Server:    N/A
  The defect is against component:   5608TPC00
  Server/Manager build/release (TPC):   5.2.1
  
  
  Problem as described by customer:   Web-GUI logouts
  Initial customer impact (low/med/high): med
  

Local fix

• 1) Open the eWAS admin console via a URL similar to
  https://servername.company.com:9569/ibm/console/logon.jsp
  2) Open the list of application servers from the RH navigation
  by navigating to Servers -> Server Types ->
  Websphere application servers
  3) Open the properties panel for the webServer application from
  the list of application servers.
  4) Open  the session management panel from the link on the RH
  side of the panel.
  5) Open the custom properties panel from the link on the RH side
  of the panel.
  6) Create a new custom property, named
  InvalidateOnUnauthorizedSessionRequestException with a value of
  true.
  7) Save the new property by clicking the apply button and then
  clicking the save link to update the master
  configuration.
  8) Restart the TPC Web Server for settings to take effect.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * TPC 5.2.0 and 5.2.1 users                                    *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * See ERROR DESCRIPTION.                                       *
  ****************************************************************
  * RECOMMENDATION:                                              *
  * Apply fix maintenance when available.                        *
  ****************************************************************
  

Problem conclusion

• The fix for this APAR is targeted for the following maintenance
  package:
  
  | refresh pack | 5.2-TIV-TPC-RP0002 - target June 2014
  
  http://www-01.ibm.com/support/docview.wss?&uid=swg21320822
  
  The target dates for future refresh packs or fix packs do not
  represent a formal commitment by IBM. The dates are subject
  to change without notice.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• GUI
  

Fix information

• Fixed component name

  TPC ADVANCED

• Fixed component ID

  5608TPCA0

Applicable component levels

• R520 PSY

     UP

• R521 PSY

     UP