APAR status
Closed as program error.
Error description
WAS 9.0.5.3 SSLMapMode, introduced with PI77874, does not work with the Intelligent Management enabled Plugin (odrlib). SSLMapMode="offload" is effectively ignored, resulting in the Plugin using a secure connection with WAS: client ---https---> IHS/PLG ---https---> WAS SSLMapMode="onload" results in a 500 error with "Nosecure transports available" reported in the plugin log.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server web * * server plugin users with Intelligent * * Management enabled * **************************************************************** * PROBLEM DESCRIPTION: SSLMapMode, introduced with PI77874, * * does not work with the Intelligent * * Management enabled Plugin (odrlib). * **************************************************************** * RECOMMENDATION: * **************************************************************** Setting the SSLMapMode in the plugin-cfg.xml or ssl-map-mode as an apache directive has no effect when using Intelligent Management with the web server plugin.
Problem conclusion
The web server plugin was setting the map mode after Intelligent Management had made a server selection so it had no effect. Code corrected to set the value before a server selection is performed. The SSLMapMode allows for values: "onload" which will use a https connection to WebSphere when the client uses a http connection to the web server "offload" which will use a http connection to WebSphere when the client uses a https connection to the web server or "default" which will retain the same behavior as if the property was not set. The SSLMapMode property can be set as a WebSphere custom property or as an Apache environment variable. To set using a WebSphere custom property, navigate to the webserver-><servername>->Plug-in properties->Custom Properties window and add the property SSLMapMode with a value of "onload", "offload" or "default". To configure using an Apache or IBM HTTP Server environment variable, add the following directive to the web server configuration file, httpd.conf: 1. Make sure the LoadModule directive for mod_setenvif is uncommented. 2. Append the following directive to httpd.conf, choosing a mode: SetEnvIf Request_URI / ssl-map-mode=[onload|offload |default] Note: The SetEnv directive can also be used to configure this mode if the plugin component is NOT using Intelligent Management. The fix for this APAR is targeted for inclusion in fix pack 9.0.5.5. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH23808
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-03-27
Closed date
2020-04-07
Last modified date
2020-04-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 November 2021