IBM Support

PI52181: LIBERTY 8.5.5 INCORRECTLY DISPLAYS WARNING MESSAGE ABOUT WSGUESTUSER MISSING THE RESTRICTED ATTRIBUTE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The WebSphere Liberty Server incorrectly reports the
    message:
    WARNING CWWKS2908W: SAF unauthenticated user WSGUEST does
    not
    have the RESTRICTED attribute set.
    
    The WSGUEST user is the default "unauthenticated" user for
    the
    Liberty server. It is used to represent accesses made to the
    server without logging in. This user should always be
    RESTRICTED
    in the security product.
    
    Even if the user is marked RESTRICTED in the security
    product,
    the  Liberty server does not properly detect the attribute
    and
    will still display the message.
    
    VERIFICATION STEPS:
    Note message CWWKS2908W.
    Check to ensure the listed user is configured in the
    security
    product with the RESTRICTED attribute correctly set.
    

Local fix

  • The message can be ignored, if the user configuration in the
    security product has been validated.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty Profile - Security           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Liberty 8.5.5 incorrectly displays      *
    *                      warning message about wsguest user      *
    *                      missing the restricted attribute        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Customer is incorrectly seeing message: CWWKS2908W: SAF
    unauthenticated user IZUGUEST does not have the RESTRICTED
    attribute set.
    There is no other symptoms. IZUGUEST is the authenticatedID.
    
    When utilizing the LocalOSRegistry on z/OS Liberty, the
    unauthenticated ID should have its RESTRICTED attribute set.
    During runtime, Liberty checks that this attribute is set. If
    not, we should issue the CWWKS2908W message.
    

Problem conclusion

  • Code has been corrected to issue the CWWKS2908W message only
    when the guest/default id, is not restricted.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 8.5.5.10.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI52181

  • Reported component name

    LIBERTY PROF -

  • Reported component ID

    5655W6514

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-11-09

  • Closed date

    2015-12-18

  • Last modified date

    2015-12-18

  • APAR is sysrouted FROM one or more of the following:

    PI52180

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROF -

  • Fixed component ID

    5655W6514

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
18 December 2015