IBM Support

PI13472: WARNING USING THE AUTO-LOGIN URL IN AN AUTHENTICATED CONTEXT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If a user was authenticated using the auto-login URL and then
uses the auto-login URL again, the following warning is written
to SystemOut.log:

[1/10/14 9:20:32:129 EET] 0000004c AbstractActio W
com.ibm.wps.state.preprocessors.action
.AbstractActionPreProcessor handleProtectionModeViolation()
Action execution refused due to a security violation. Action ID
0 violates protection mode REPLAY

Local fix

  • Avoid use of auto-login URL in an authenticated context.

Problem summary

  • If a user was authenticated using the auto-login URL and then
uses the auto-login URL again, the following warning is written
to SystemOut.log:
¬1/10/14 9:20:32:129 EET? 0000004c AbstractActio W
com.ibm.wps.state.preprocessors.action
.AbstractActionPreProcessor handleProtectionModeViolation()
Action execution refused due to a security violation. Action ID
0 violates protection mode REPLAY
This APAR also introduces a new configuration option to
completely disallow use of the auto-login URL.  The default
setting is to allow the auto-login URL.  To disable:
i.  Login to the WebSphere Administration Console
ii.  Navigate to Resources > Resource Environment Providers >
WP AuthenticationService > Custom Properties
iii.  Create a new custom property
name:  authentication.isLoginUrlActive
value:  false
type:  java.lang.Boolean
iv.  Save changes.  If clustered, sync nodes.
v.  Restart the Portal server.

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI13472
    • 

  • Reported component name
    WEBSPHERE PORTA
    • 

  • Reported component ID
    5724E7600
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2014-03-11
    • 

  • Closed date
    2014-05-15
    • 

  • Last modified date
    2015-02-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBSPHERE PORTA
    • 

  • Fixed component ID
    5724E7600
    • 



Applicable component levels


    

  • R800  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            20 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback