IBM Support

PH02745: CORRECTIONS ARE NEEDED TO THE DOCUMENTATION IN THE KNOWLEDGE CENTER FOR IBM WEBSPHERE APPLICATION SERVER VERSION 8.5.5

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • This APAR describes the issues that customers encountered with
IBM WebSphere Application Server Version 8.5.5. These issues
were resolved as knowledge center updates in September, 2018.

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED:  This APAR provides a cumulative list of     *
*                  the documentation issues for Sept. 2018     *
*                  that affect users of IBM WebSphere          *
*                  Application Server Version 8.5.             *
****************************************************************
* PROBLEM DESCRIPTION: The Knowledge Centers for WebSphere     *
*                      Application Server Version 8.5 need     *
*                      to reflect customer enhancement         *
*                      requests received in problem            *
*                      management records (PMRs). These        *
*                      enhancements can include fixing         *
*                      technical inaccuracies or clarifying    *
*                      vague information                       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
See the Problem conclusion section for a description of the
issues, which are described in customer PMRs, and the
documentation change or changes that will address these issues.

Problem conclusion

  • Note: As we update our knowledge centers, the following
Version 8.5 modifications will be available. To access the
latest on-line documentation, go to the product library page
at http://www.ibm.com/software/webservers/appserv/library and
select the version and product that is appropriate for your
WebSphere Application Server environment.

The following Version 8.5 issues will be addressed:

ID: 258142 (RTC) and PH02745
Problem: The knowledge center does not include
information on managing/updating certificates in the unmanaged
/etc key stores.

Resolution: Specifically, 3 topics will be updated:
1. Quality of protection (QoP) settings
The Client authentication section adds the following:
Keep in mind that client commands, such as stopServer or
wsadmin command, get their SSL configuration from the
ssl.client.props file. If clientAuthentication is required by
server, then users must make sure that a valid client
certificate exists in the keystore specified in the
ssl.client.props file, which is (profile)/etc/key.p12 by
default.
For more information about maintaining valid certificate in
the keystore, refer to
https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.
ibm.websphere.nd.multiplatform.doc/ae/csec_ssl_clientauth.html

2. Secure Sockets Layer client certificate authentication
The section entitled, Clients - the following is added:
Note: It is best practice to manage server keystores and
client keystores separately. However,if you do wish to manage
client keystore in adminconsole with server keystores, you can
create keystore configuration to point to the local client
keystore. Keep in mind that Certificate Expiration Monitor
does not monitor client keystore.

3. Certificate expiration monitoring in SSL
the following note is added to the section entitled,
Certificate expiration monitoring in SSL:
Note: Certificate Expiration Monitor covers keystores under the
Server configuration. Client keystore such as
(profile)/etc/key.p12 is not monitored.

This update also applies to V9.0 of the knowledge center.
------

ID: 258237 (RTC) and 788577
Problem: There are two EJB container system properties that
are not documented in the knowledge center and can be useful
to customers.
Resolution: Topic, EJB container system properties, is updated
with the two missing properties and they read:
com.ibm.websphere.ejbcontainer.blockWorkUntilAppStarted

This property allows the user to specify that incoming EJB
requests should be blocked until an application is fully
started. This behavior is required by the EJB specification
for applications with @Startup singleton beans, but for
backward compatibility, this behavior is not the default for
applications without a @Startup bean.

When this property is set to the value true, all incoming EJB
requests, both local calls within the server process as well
as remote calls from a client, will be blocked and wait until
the application is fully started before proceeding. The
duration of the block may be adjusted with the related
property,
com.ibm.websphere.ejbcontainer.blockWorkUntilAppStartedWaitTime.
  If the application has not started within the duration of
the block wait time, then the request will be rejected with
ApplicationNotStartedException. The default block duration is
120 seconds.

The setting of this property is applied to all EJB
applications without a @Startup singleton bean in the server
process, and the default is false. Applications with an
@Startup singleton bean will always block incoming work before
the application is fully started, regardless of this property
setting.

com.ibm.websphere.ejbcontainer.blockWorkUntilAppStartedWaitTime

This property allows the user to specify how long external
requests should be blocked while an application is starting.
If the application does not start in the specified duration,
then requests will be rejected with
ApplicationNotStartedException.  External requests include
both local calls within the server process as well as remote
calls from a client. Local calls performed as part of
application initialization are allowed; for example, calls
from the @PostConstruct method of an @Startup singleton bean
are allowed.

This property is applicable to all EJB applications containing
@Startup singleton beans, and all other applications if the
related property,
com.ibm.websphere.ejbcontainer.blockWorkUntilAppStarted, is
enabled.

The value is specified in seconds. If the value is 0, then
external requests will be immediately rejected until the
application is fully started.

Property values: any non-negative integer value (default 120)

This update also applies to V90 of the knowledge center
------

ID: 788659
Problem: We are trying to configure SSO for the ODM
application running on Websphere Application server.  Customer
gets erros and cannot proceed. The topic, Enabling SAML
SP-Initiated web single sign-on (SSO), is missing critical
information that would help the customer complete their
configuring successfully.
Resolution: Topic, Enabling SAML SP-Initiated web single
sign-on (SSO), is update with the following:
(1) The following information is added Step 1 of the procedure:

--  The com.ibm.wsspi.security.web.saml.AuthnRequestProvider
class is found in the was_public.jar file in the
(was_home)/dev directory.
--  The com.ibm.ws.wssecurity.saml.common.util.UTC class used
in this sample can be found in the (was_home)/plugins
directory.

(2) import statements are missing from the presented example.
For this example the following is added to the beginning of
the example:
                import java.util.ArrayList;
                import java.util.HashMap;
                import javax.servlet.http.HttpServletRequest;
                import
com.ibm.websphere.security.NotImplementedException;
                import
com.ibm.ws.wssecurity.saml.common.util.UTC;
                import
com.ibm.wsspi.security.web.saml.AuthnRequestProvider;
                .........

(3) In the provided example the String authnMessage = has an
erroneous issueInstant parameter.   The correct parameter now
reads:
+ "IssueInstant=\"" +UTC.format(new java.util.Date())+ "\"
ForceAuthn=\"false\" IsPassive=\"false\""

(4) Just before the end of the provided example, the following
is added:
private String generateRandom() {
               //implement code that generates a random alpha
numeric String that is unique
               //each time it is invoked and cannot be easily
predicted (like a counter)
               }

-------

ID: 788812
Problem: The customer was unable to complete the WCT command
line parameters to create the web server definition because
the parameters documented in the Knowledge center were
incorrect.
Resolution: Topic, Configuring a web server plug-in using the
pct tool, is updated as follows:
1. ihsAdminUserGroup is removed from the "Parameters of the pct
tool" table
2. The folowing is added to the Advanced parameters (available
in silent installations only) table:
Parameter:
ihsAdminCreateUserAndGroup

Specifies whether to use an existing Unix user id and group or
whether to create a new one. This value is required only if
´ihsAdminPort´ parameter is set and is used in combination
with the ´ihsAdminUnixUserID´ and ´ihsAdminUnixUserGroup´
parameters.

Values:
true
Will create a new Unix user and group that was defined with
the ´ihsAdminUnixUserID´ and the ´ihsAdminUnixUserGroup´
parameters

false
Will use the existing Unix user and group that was defined
with the ´ihsAdminUnixUserID´ and the ´ihsAdminUnixUserGroup´
parameters. Please ensure that the user and group values are
valid.
3. The following is added to the Advanced parameters
(available in silent installations only) table:

Parameter:
ihsAdminUnixUserID

The user ID to be used with the IHS Administrative Server on
Unix. This value is required only if ´ihsAdminPort´ parameter
is set and is used in combination with the
´ihsAdminUnixUserGroup´ and ´ihsAdminCreateUserAndGroup´
parameters.

Values:
The Unix user ID that will be used with the IHS Administrative
Server
4. The following is added to the Advanced parameters (available
in silent installations only) table:

Parameter:
ihsAdminUnixUserGroup

The name of the Unix user group that is to be used when
configuring the IHS Administrative Server. This value is
required only if ´ihsAdminPort´ parameter is set and is used
in combination with the ´ihsAdminUnixUserID´ and
´ihsAdminCreateUserAndGroup´ parameters.

Values:
The Unix group of the Unix user ID that will be used with the
IHS Administrative Server

This update also applies to V9.0 of the knowledge center.
-----

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH02745
    • 

  • Reported component name
    WEBSPHERE APP S
    • 

  • Reported component ID
    5724J0800
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-09-13
    • 

  • Closed date
    2018-09-27
    • 

  • Last modified date
    2022-06-06
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 June 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback