IBM Support

IT25839: Connections fail when CHLAUTH mapping rules and a security exit are defined on a channel and SHARECNV is greater than 1

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • After upgrading queue manager to MQ v8.0.0.10 and installing
    fix for MQ auth 'ctrl' issue (APAR IT25591), client getting
    2035 (NOT_AUTHORIZED) error.
    
    The queue manager error logs only show error AMQ9209.
    The SYSTEM.ADMIN.CHANNEL.EVENT does receive
    events showing 2577 (Channel Blocked), but there is no
    related error in the queue manager error log.
    

Local fix

  • Set SHARECNV(1) on the SVRCONN channel that the client us using,
    example:
      ALTER CHANNEL (CHANNELNAME) CHLTYPE(SVRCONN) SHARECNV(1)
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This problem affects users of MQ V8.0.0.10 on all platforms who
    define SVRCONN channels with a combination of CHLAUTH mapping
    rules, security exits and SHARECNV greater than 1.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    A SVRCONN channel was defined with SHARECNV greater than 1 and a
    security exit, and CHLAUTH rules were created to allow only one
    specific user to connect to the channel.
    
    In this scenario, a logic error failed to apply the user mapping
    CHLAUTH rules correctly, which meant that when an MQ client
    attempted to connect multiple conversations with a valid user id
    to the channel, the first conversation connected successfully,
    but subsequent conversations failed with reason code 2035
    (MQRC_NOT_AUTHORIZED).
    

Problem conclusion

  • The logic error in the application of the CHLAUTH mapping rules
    has been addressed. CHLAUTH rules are now applied consistently
    regardless of whether a security exit is defined or the value of
    SHARECNV.
    
    The changes to the ordering of CHLAUTH processing resulting from
    this APAR are document in further detail under the following
    technote:
    
    https://www.ibm.com/support/docview.wss?uid=ibm10725873
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.11
    v9.0 LTS   9.0.0.5
    v9.1 CD    9.1.1
    v9.1 LTS   9.1.0.1
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT25839

  • Reported component name

    IBM MQ BASE MP

  • Reported component ID

    5724H7251

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-07-27

  • Closed date

    2018-08-17

  • Last modified date

    2018-08-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PH06233

Fix information

  • Fixed component name

    IBM MQ BASE MP

  • Fixed component ID

    5724H7251

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 August 2018