PH42592: HTTP BASIC AUTHENTICATION REQUESTS MAY NOT UPDATE ESM LAST USE DATE

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• CICS should be performing a once per day signon for all users
  that are subject to separate password verification steps.
  This was previously controlled by the SECVFYFREQ SIT parameter.
  
  Inbound HTTP requests to a TCPIPSERVICE that specifies
  AUTHENTICATE(BASIC) are not performing the once per day signon.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users                               *
  ****************************************************************
  * PROBLEM DESCRIPTION: HTTP basic authentication requests may  *
  *                      not update the ESM last use date and    *
  *                      time.                                   *
  ****************************************************************
  CICS has a TCPIPSERVICE defined with AUTHENTICATE(BASIC).  The
  USRDELAY SIT parameter is set to a non-zero value.
  
  If a web based userid is used frequently enough it may never get
  timed out of CICS by the USRDELAY time expiring.  This means
  that CICS does not perform a full signon again for that userid.
  This causes the ESM last use date and time for this userid to
  remain set at the time of first use.
  
  If CICS remains up for an extended period then this userid can
  appear to be unused by the ESM, even though it is used a
  significant number of times each day.
  
  CICS should be performing a full signon at least once per day
  for users that only authenticate to CICS using HTTP basic
  authentication.  This once per day processing is not happening.
  
  Additional keywords:
  SECVFYFREQ
  

Problem conclusion

• CICS has been updated to ensure that HTTP basic authentication
  requests cause the user's last use date and time to be updated
  in the ESM at least once per day.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI79194 UI79195 UI79196

Modules/Macros

• DFHUSAD  DFHWBA   DFHWBA1  DFHWBAP  DFHWBAPF DFHWBBLI DFHWBDM
  DFHWBDUF DFHWBENV DFHWBPA  DFHWBPW  DFHWBSO  DFHWBSR  DFHWBTRI
  DFHWBTTA DFHWBXM  DFHWBXN
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R100 PSY UI79196

     UP22/02/08 P F202

• R200 PSY UI79195

     UP22/02/08 P F202

• R300 PSY UI79194

     UP22/02/08 P F202

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.