IBM Support

PH15089: A login might be required for unprotected resources when none of TAIs processed a request.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Trust Association Interceptor(TAI) is enabled and
    invokeForUnprotectedURI="true" is configured, if none of
    TAIs intercepts an incoming request and a target resource is
    not protected, a login process might be carried out. As a
    result, an end user might be requested to login. The
    expected behavior is that the request should be processed
    without login.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty  who are enabling TAI and    *
    *                  invokeForUnprotectedURI is set as true.     *
    ****************************************************************
    * PROBLEM DESCRIPTION: When a TAI is enabled with the property *
    *                      invokeForUnprotectedURI=true, a login   *
    *                      panel will pop up even when accessing   *
    *                      an unprotected resource.                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to a code defect, there is not a code path to skip the
    application defined authentication and authorization for
    unprotected resources if TAI did not intercept a request.
    

Problem conclusion

  • The code was modified not to perform login process if target
    resource is not protected and TAI did not process a request.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 19.0.0.8  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH15089

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-30

  • Closed date

    2019-08-14

  • Last modified date

    2019-08-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 October 2021