APAR status
Closed as program error.
Error description
Immediately after logging in, rather than seeing the default authenticated page, you see a single image (for example, a.jpg or b.gif) or are prompted to download a file (for example, x.js or y.css). Often the image or file is served by Web Content Management (WCM). Depending on the test case, this behavior can be intermittent. If you trace the HTTP headers you observe that, immediately before the problem, WASReqURL was set to the image or file. This problem can be reproduced with the following test case: When a user opens two browser windows and has two authenticated Portal sessions, rendering a page in one window while logging out in the second window can lead to the WasReqURL cookie being wrong. That is, the WasReqURL cookie will point to the first resource that is requested without a valid security context (as the logout in the second window has already been processed). When the same user tried to login again with second window, the login process believes the WasReqURL cookie to point a Portal page that the user wants to visit, when in fact it is just a resource (e.g. an image) that was requested from the first window. Rather than landing on a proper Portal page, the user is redirected to that resource. This APAR supersedes PM19405. This fix for this APAR takes into account more use cases, including when a base portal and one or more virtual portals are in use.
Local fix
Any workaround for this problem is highly dependent on the test case. If you cannot install this fix, engage IBM support to investigate potential workarounds.
Problem summary
When a user opens two browser windows and has two authenticated Portal sessions, rendering a page in one window while logging out in the second window can lead to the WasReqURL cookie being wrong. That is, the WasReqURL cookie will point to the first resource that is requested without a valid security context (as the logout in the second window has already been processed). When the same user tried to login again with second window, the login process believes the WasReqURL cookie to point a Portal page that the user wants to visit, when in fact it is just a resource (e.g. an image) that was requested from the first window. Rather than landing on a proper Portal page, the user is redirected to that resource.
Problem conclusion
This APAR introduces a login filter that can be enabled and configured to validate the WasReqURL cookie. In the WAS Admin Console, add the following custom property to the resource environment provider "WP Authentication Service": login.explicit.filterchain=com.ibm.wps.auth.impl.ValidateRedirec tLoginFilter You can determine which redirect URLs should be considered as "invalid" and should be replaced by a default redirect URL by setting the following additional property: filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.blacklist.pattern= where "regexp" will be interpreted as a regular expression (see java.util.regex.Pattern) and compared to redirect URL (case-insensitive). If, for example, all redirect URLs that end with *.* should be considered as invalid, the following pattern can be used: .*/[^/]*[.]+[^/]* If the current redirect URL matches the specified pattern, then this redirect URL will be replaced by URL for default selection of current scope, which also contains the virtual portal URL context, for example "/wps/myportal/finance". A different redirect URL can be configured with property filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.redirect.url However, note that using a "static" redirect URL breaks login to virtual portals if virtual portals are URL context mapped, not host name mapped. Note: This APAR supersedes PM19405. Manual Steps: None Failing Module(s): Authorization/Authentication (login/logout) Affected Users: All Users Version Information: Portal Version(s): 6.0.1.1 Pre-Requisite(s): Co-Requisite(s): --- Portal Version(s): 6.1.0.4 Pre-Requisite(s): Co-Requisite(s): --- Platform Specific: This fix applies to all platforms. A fix is available from Fix Central: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde r?apar=PM25450&productid=WebSphere%20Portal&brandid=5 You may need to type or paste the complete address into your Web browser.
Temporary fix
Comments
APAR Information
APAR number
PM25450
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
61C
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-10-29
Closed date
2010-11-17
Last modified date
2010-12-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600
Applicable component levels
R60E PSY
UP
R610 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.3","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
21 December 2021