APAR status
Closed as program error.
Error description
When using the loginidentity REST service, there is an option to generate an LTPA token using generateLTPAToken=true. The userId in the resulting LTPA token contains only the short name of the user and not the DN. The DN is expected to be added to the LTPAToken.
Local fix
Problem summary
USERS AFFECTED: WebSphere Commerce Version 8. PROBLEM ABSTRACT: DN is not added to generated LTPAToken with loginidentity BUSINESS IMPACT: LTPAToken contains logonId instead of DN, which leads to getting the wrong LTPAToken. RECOMMENDATION:
Problem conclusion
In LTPATokenGenerationHelper.java generateLtpaToken2() 1.get UserSyncBean by logonId UserSyncBean isbUser = UserSyncBean.findByLogonId(logonId); 2. get DN property String DN = isbUser.getProperty(ECMemberConstants.EC_USER_DISTINGUISHEDNAME) ; 3. replace logonId with DN Token token = createToken(keyPasswordStr, DN, keyExpiration, realm, privateKey, publicKey, secretKey);
Temporary fix
Comments
APAR Information
APAR number
JR58770
Reported component name
WC BUS EDITION
Reported component ID
5724I3800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-11-24
Closed date
2018-01-02
Last modified date
2018-01-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WC BUS EDITION
Fixed component ID
5724I3800
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
11 December 2021