IBM Support

PI95256: ENABLING SECURITY AUDIT BREAKS WEBSEAL TRUST ASSOCIATION

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer has WAS 8.5.5 ND running on Solaris.
    When they enable security audit, their WebSeal Trust
    Association stops
    working. Users get 403 error code. When we disable security
    audit,
    Trust Asociation works again.
    SystemOut.log file contains this error message:
    [3/6/18 14:21:02:143 EST] 00000156 WebAuthentica E   SECJ0126E:
    Trust
    Association failed during validation. The exception is com.ibm.
    websphere.security.WebTrustAssociationFailedException: Basic
    Authentication failed.
     at com.ibm.ws.security.web.WebSealTrustAssociationInterceptor.
    validateEstablishedTrust(WebSealTrustAssociationInterceptor.java
    :407)
    

Local fix

  • No current workaround provided
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server with WebSeal Trust Association       *
    *                  Interceptor enabled.                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: When the security audit is enabled,     *
    *                      WebSeal Trust Association Interceptor   *
    *                      stops working with SECJ0126E message.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Due to the code defect, when the security audit is enabled,
    there is a situation that the code is accesing null object when
    WebSeal Trust Association Interceptor is authenticating a user.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI95256

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-15

  • Closed date

    2018-04-05

  • Last modified date

    2018-04-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
19 October 2021