IBM Support

PI08511: OLD LTPA TOKEN IS BEING USED WHEN USER LOGIN AGAIN WITHIN A MINUTE OF LOGOUT

Fixes are available

Download for IBM Worklight V6.1.0 Fix Pack 1
Download the cumulative interim fix for IBM Worklight V6.0.0 Fix Pack 2 and IBM Mobile Foundation v6.0.0 Fix Pack 2
Download the cumulative interim fix for IBM Worklight V5.0.6 Fix Pack 2 and IBM Mobile Foundation V5.0.6 Fix Pack 2
IBM Worklight Interim Fix README for 6.0.0.2

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the user logs out and then log back in within a minute on
the Worklight
Console, the same LTPA token is being used.  A new LTPA token is
expected on each login.

Local fix

  • Disable AuthCache

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* Administrators of a Worklight server which uses LTPA based   *
* authentication                                               *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* When using LTPA based authentication, the LTPA Token is      *
* generated, validated, and maintained by Websphere            *
* Application Server (WAS). In certain situations, the LTPA    *
* token may be reused when the user logs out and logs back in  *
* quickly. This is due to the authentication cache mechanism   *
* provided by WAS.                                             *
****************************************************************
* RECOMMENDATION:                                              *
* -                                                            *
****************************************************************

Problem conclusion

  • When the fix is enabled (it is disabled by default), the
Worklight server will delete the user's token from the Websphere
Application Server's authentication cache. This will ensure that
the same LTPA token is not issued again. To enable this feature,
add the following parameter to the
WebSphereFormBasedAuthenticator and WebSphereLoginModule
configuration in authenticationConfig.xml:

<parameter name="ltpa-force-global-logout" value="true" />

The fix for this APAR is currently available in fixpack 6.1.0.1.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI08511
    • 

  • Reported component name
    WORKLIGHT CONSU
    • 

  • Reported component ID
    5725I4301
    • 

  • Reported release
    506
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-12-19
    • 

  • Closed date
    2014-03-19
    • 

  • Last modified date
    2014-03-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WORKLIGHT CONSU
    • 

  • Fixed component ID
    5725I4301
    • 



Applicable component levels


    

  • R506  PSY
       UP
    • 

  • R600  PSY
       UP
    • 

  • R610  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"506","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback