IBM Support

PI91146: LIBERTY RUNS UNNECESSARY AUTHENTICATION LOGIC WHEN TAI IS CONFIGURED.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Liberty is configured with TAI, AdminCenter does not
    look
    ok.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty - Security                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: Liberty AdminCenter login panel does    *
    *                      not show logos, images, etc, when a TAI *
    *                      with invokeForUnprotectedURI=true is    *
    *                      used                                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a custom trust association interceptor (TAI) is configured
    with the invokeForUnprotectedURI=true flag, Liberty is supposed
    to call the custom TAI when an unprotected URI is requested.
    Instead, Liberty incorrectly went on to call system TAIs such as
    Saml, Oauth, and OIDC.  As a result, AdminCenter login panel GUI
    elements were denied access by the system TAI, preventing them
    from rendering on the page.
    

Problem conclusion

Temporary fix

  • If custom TAI allows, AdminCenter would show a simple userid and
    password entry fields so user can perform login.  After
    successful login, the user may need to type in the desired URI
    in the browser to get to the panel.
    

Comments

APAR Information

  • APAR number

    PI91146

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-12-05

  • Closed date

    2019-04-02

  • Last modified date

    2019-04-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 June 2020