APAR status
Closed as program error.
Error description
User does not end up at the login page when trying to access a protected resource directly without being authenticated. Background: The authentication redirect framework which is supposed to redirect the user to the portal login page (in case he /she wants to access a protected resource without being authenticated) does not handle page selections properly. Internally, the created redirect URL is derived from the navigational state that is encoded by the original URL pointing to the protected resource. So far, the complete navigational state (except for portlet action information) has been copied over to the redirect URL before changing the page selection to point to the login page. With WP 6.1 it is possible to also encode a so-called selection URI into the state. If a selection URI is present in the state, the portal will automatically try to resolve the URI. If the URI resolution changes the page selection, the original page selection (pointing to the login page) does no longer take effect. Therefore the user might expectedly end up at a different page than the login page.
Local fix
NA
Problem summary
User does not end up at the login page when trying to access a protected resource directly without being authenticated. Background: The authentication redirect framework which is supposed to redirect the user to the portal login page (in case the user wants to access a protected resource without being authenticated) does not handle page selections properly. Internally, the created redirect URL is derived from the navigational state that is encoded by the original URL pointing to the protected resource. So far, the complete navigational state (except for portlet action information) has been copied over to the redirect URL before changing the page selection to point to the login page. With WP 6.1 it is possible to also encode a so-called selection URI into the state. If a selection URI is present in the state, the portal will automatically try to resolve the URI. If the URI resolution changes the page selection, the original page selection (pointing to the login page) does no longer take effect. Therefore the user might expectedly end up at a different page than the login page.
Problem conclusion
This fix makes sure that all the selection-related information which might overrule the real page selection gets removed from the navigational state prior to generating the redirect URL. Manual Steps: None Failing Module(s): Engine: State handling Affected Users: All users Version Information: Portal Version(s): 6.1.0.1 Pre-Requisite(s): PK78729 PK93892 Co-Requisite(s): --- Portal Version(s): 6.1.0.2 Pre-Requisite(s): PK93892 Co-Requisite(s): --- Platform Specific: This fix applies to all platforms. A fix is available from Fix Central: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde ?apar=PK95695&productid=WebSphere%20Portal&brandid=5 You may need to type or paste the complete address into your Web browser.
Temporary fix
Comments
APAR Information
APAR number
PK95695
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-09-09
Closed date
2009-10-21
Last modified date
2009-10-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600
Applicable component levels
R61A PSY
UP
R61B PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.1","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
21 December 2021