IBM Support

PI95256: ENABLING SECURITY AUDIT BREAKS WEBSEAL TRUST ASSOCIATION

Fixes are available

9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer has WAS 8.5.5 ND running on Solaris.
    When they enable security audit, their WebSeal Trust
    Association stops
    working. Users get 403 error code. When we disable security
    audit,
    Trust Asociation works again.
    SystemOut.log file contains this error message:
    [3/6/18 14:21:02:143 EST] 00000156 WebAuthentica E   SECJ0126E:
    Trust
    Association failed during validation. The exception is com.ibm.
    websphere.security.WebTrustAssociationFailedException: Basic
    Authentication failed.
     at com.ibm.ws.security.web.WebSealTrustAssociationInterceptor.
    validateEstablishedTrust(WebSealTrustAssociationInterceptor.java
    :407)
    

Local fix

  • No current workaround provided
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server with WebSeal Trust Association       *
    *                  Interceptor enabled.                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: When the security audit is enabled,     *
    *                      WebSeal Trust Association Interceptor   *
    *                      stops working with SECJ0126E message.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to the code defect, when the security audit is enabled,
    there is a situation that the code is accesing null object when
    WebSeal Trust Association Interceptor is authenticating a user.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI95256

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-15

  • Closed date

    2018-04-05

  • Last modified date

    2018-04-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 May 2022