IBM Support

PI81050: CLIENT CERTIFICATE AUTHENTICATION FAILURE DOES NOT FALL BACK TO BASIC AUTHENTICATION.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If the option "Default to basic authentication when certificate
    authentication for the HTTPS client fails" is enabled, it still
    does not fall back to basic auth.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: "Default to basic authentication when   *
    *                      certificate                             *
    *                      authentication for the HTTPS client     *
    *                      fails" not working.                     *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a Web Application is configured to authenticate users via
    SSL certificates, WebSphere Application Server can be
    configured to fall back to basic authentication, BasicAuth, if
    certificate authentication fails. This is done by setting
    custom security property
    "com.ibm.wsspi.security.web.failOverToBasicAuth=true" or
    checking the box "Default to basic authentication when
    certificate authentication for the HTTPS client fails" from
    Adminconsole panel "Global security > Web security - General
    settings".
    The failover to BasicAuth function was not working. Users
    failing certficate authentication were not being prompted
    BasicAuth credentials.
    

Problem conclusion

  • Code has been changed to allow failover to BasicAuth
    credentials when configured as such.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.13 and 9.0.0.5.
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI81050

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-05-04

  • Closed date

    2017-06-05

  • Last modified date

    2017-06-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
18 October 2021