IBM Support

IT34484: HTTP SESSION IS NOT LOGGED WHEN USER AUTHENTICATION FAILS ON A HTTP SERVER ADAPTER

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • HTTP user authentication failures are not logged. Only the HTTP
    401 response is captured in the Perimeter.log when the logging
    level is set to DEBUG. Nothing is stored in the ACT_SESSION and
    in the ACT_AUTHENTICATE table.
    

Local fix

  • STRRTC - B2BISFG-53991
    JW / JW
    Circumvention: <None /
    workaround>
    

Problem summary

  • Users Affected:
    All
    
    Problem Description:
    HTTP user authentication failures are not logged. Only the HTTP
    401 response is captured in the Perimeter.log when the logging
    level is set to DEBUG. Nothing is stored in the ACT_SESSION and
    in the ACT_AUTHENTICATE table.
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    A code fix is provided.
    The HTTP Server Adapter now posts visibility events (Connection
    and Authentication) for failed HTTP authentication activity in
    addtion to login failures already reported in Authentication.log
    and Securtiy.log files
    
    Please note that login failures have always been reported in the
    Authentication.log (although only username and failure message
    is reported). In addition, the Securtiy.log captures all login
    (successful and unsuccessful) activity (provided the
    Security.log debugging level is set to DEBUG)
    
    The Authentication.log captures only the username and cause, but
    not the protocol (enable under "User Authentication" in Admin
    UI)
    [<timestamp>] ALL SecurityManager user:<username> authorization
    FAILED - <cause>
    
    In addition, the Security.log reports successful and
    unsuccessful Security Events when the logging level is set to
    DEBUG. (enable under
    "Security" in Admin UI)
    
    Delivered in:
    5020603_16
    5020605_4
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT34484

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    526

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-10-08

  • Closed date

    2021-04-13

  • Last modified date

    2021-05-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6"}]

Document Information

Modified date:
18 May 2021