IBM Support

PI32452: USERID ON REQUIRE SAF-USER STATEMENT DOESN'T WORK WHEN SPECIFIED AS LOWER CASE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When using authenticating with SAF on IBM HTTP Server (z/OS
    systems) and the userid specified on the require saf-user
    statement is specified as lower case, the the user won't be
    authorized.  The user may see an error similar to this in the
    browser:
    
    Authorization Required
    This server could not verify that you are authorized to access
    the  document requested. Either you supplied the wrong
    credentials (e.g., bad password), or your browser doesn't
    understand how to supply the credentials required.
    
    The http access log shows a 401 status code is returned.
    

Local fix

  • Use userid in upper case, ie
    require saf-user USERID
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of IBM HTTP Server 8.5 on z/OS using  *
    *                  the mod_authnz_saf module                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: Authorization fails for a client when   *
    *                      the userid specified on the require     *
    *                      saf-user statement is specified in      *
    *                      lower case.                             *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The client userid was being uppercased and compared to the
    configured saf-user value. Therefore, it would only match if
    the require saf-user value was all capitalized.
    

Problem conclusion

  • The comparison of the client userid and the require saf-user
    value has been made case insensitive.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI32452

  • Reported component name

    WAS IHS ZOS

  • Reported component ID

    5655I3510

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-01-09

  • Closed date

    2015-01-29

  • Last modified date

    2015-03-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS IHS ZOS

  • Fixed component ID

    5655I3510

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022