IBM Support

PH37362: AT ADMIN CONSOLE, JAAS - SYSTEM LOGINS > WEB INBOUND, "SET ORDER" BUTTON CAN CAUSE SECURITY.XML CORRUPTION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • In the adminconsole, Global security > JAAS - System logins >
    Web Inbound
    
    When using "Set Order" button to change the order of
    the loginModules. In some cases the login module class name
    is incorrect corrupting the security.xml file.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    *                  who reorder the loginModule                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: After reordering the order of JAAS      *
    *                      login                                   *
    *                      module, invalid classe(s) were included *
    *                      as a JAASLoginModule causing startup    *
    *                      failure.                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In the loginModule panel
    Global security -> JAAS - System logins > {alias name}
    Global security -> JAAS - Application logins > {alias name}
    "Set Order" function could add invalid class name that looks
    like "cells/{cellname}|security.xml#JAASLoginModule_xxxxx"
    As a result, the server may not start if the issue happens for
    System loginModule, and the user fails to login if Application
    loginModule.
    ===== Example when the issue happens ================
    Global security -> JAAS - System logins > testAlias
    General Properties
    JAAS login mdoules
    [New] [Delete] [Set Order]
    ----------------------------------------
    cells/DESKTOP-
    BBBKTCUNode01Cell|security.xml#JAASLoginModule_1621993840091
    cells/DESKTOP-
    BBBKTCUNode01Cell|security.xml#JAASLoginModule_1621993863442
    cells/DESKTOP-
    BBBKTCUNode01Cell|security.xml#JAASLoginModule_1621993853430
    com.ibm.example.loginModule1
    com.ibm.example.loginModule2
    com.ibm.example.loginModule3
    ------------------------------
    

Problem conclusion

  • The bug has been fixed.
    
    The fix for this APAR is targeted for inclusion in fix pack
    8.5.5.22 and 9.0.5.11 For more information, see 'Recommended
    Updates for WebSphere Application Server':
    https://www.ibm.com/support/pages/node/715553
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH37362

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-05-19

  • Closed date

    2021-12-21

  • Last modified date

    2021-12-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]

Document Information

Modified date:
22 December 2021