APAR status
Closed as new function.
Error description
Customer is getting the following error com.ibm.websphere.security.auth.WSLoginFailedException: Credential or Subject has expired, must login again. but he wants the LTPA token getting refreshed using the Custom CacheKey instead having to re-login That functionality is implemented in this APAR. Following custom property must be set to false (server restart needed): com.ibm.websphere.security.useCachedSubjectForCustomToken=false To set the security custom properties, administrative console. Click Security > Global security > Custom properties. Then click New to add a new custom property and its associated value.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: The users of IBM WebSphere Application * * Server * * who handles LtpaToken in their * * applications * **************************************************************** * PROBLEM DESCRIPTION: This APAR introduce an option to skip * * some LtpaToken condition check. * **************************************************************** * RECOMMENDATION: * **************************************************************** When WebSphere sends a request to another server, it perform following two checks on the LtpaToken that is sent with the request. (1) The LtpaToken has the sufficient time (Longer than the Ltpa cushion time) until it expire. It is to ensure the request will be processed successfully. If token does not have enough lifetime, the server throws WSLoginFailedException. (2) The LtpaToken does not contain the custom cache key. If the LtpaToken contains the cache key, the server throws WSLoginFailedException as the target server does not have a way to reconstruct the custom Subject. This APAR introduced an option to skip the above two checks. It is for advanced application developers who would like more control over the LtpaToken handling.
Problem conclusion
The fix for this APAR is targeted for inclusion in fix pack 8.5.5.21 and 9.0.5.10. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/7155
Temporary fix
Comments
APAR Information
APAR number
PH37872
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-06-04
Closed date
2021-09-22
Last modified date
2021-09-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021