IBM Support

PK95695: AUTHENTICATION REDIRECT DOES NOT CORRECTLY HANDLE SELECTION CHAN GES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • User does not end up at the login page when trying to access a
    protected resource directly without being authenticated.
    Background: The authentication redirect framework which is
    supposed to redirect the user to the portal login page (in case
    he /she wants to access a protected resource without being
    authenticated) does not handle page selections properly.
    Internally, the created redirect URL is derived from the
    navigational state that is encoded by the original URL pointing
    to the
    protected resource. So far, the complete navigational state
    (except for portlet action information) has been copied over to
    the redirect URL before changing the page selection to point to
    the login page.
    With WP 6.1 it is possible to also encode a so-called selection
    URI into the state. If a selection URI is present in the state,
    the portal will automatically try to resolve the URI. If the URI
    resolution changes the page selection, the original page
    selection
    (pointing to the login page) does no longer take effect.
    Therefore the user might expectedly end up at a different page
    than the
    login page.
    

Local fix

  • NA
    

Problem summary

  • User does not end up at the login page when trying to access a
    protected resource directly without being authenticated.
    
    Background: The authentication redirect framework which is
    supposed to redirect the user to the portal login page (in case
    the user wants to access a protected resource without being
    authenticated) does not handle page selections properly.
    Internally, the created redirect URL is derived from the
    navigational state that is encoded by the original URL pointing
    to the protected resource. So far, the complete navigational
    state (except for portlet action information) has been copied
    over to the redirect URL before changing the page selection to
    point to the login page.
    With WP 6.1 it is possible to also encode a so-called selection
    URI into the state. If a selection URI is present in the state,
    the portal will automatically try to resolve the URI. If the URI
    resolution changes the page selection, the original page
    selection (pointing to the login page) does no longer take
    effect. Therefore the user might expectedly end up at a
    different page than the login page.
    

Problem conclusion

  • This fix makes sure that all the selection-related information
    which might overrule the real page selection gets removed from
    the navigational state prior to generating the redirect URL.
    
    Manual Steps:
       None
    
    Failing Module(s):
       Engine: State handling
    
    Affected Users:
       All users
    
    Version Information:
        Portal Version(s): 6.1.0.1
         Pre-Requisite(s): PK78729 PK93892
          Co-Requisite(s): ---
    
        Portal Version(s): 6.1.0.2
         Pre-Requisite(s): PK93892
          Co-Requisite(s): ---
    
    Platform Specific:
       This fix applies to all platforms.
    
    A fix is available from Fix Central:
    
    http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
    ?apar=PK95695&productid=WebSphere%20Portal&brandid=5
    
    You may need to type or paste the complete address into your Web
    browser.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK95695

  • Reported component name

    WEBSPHERE PORTA

  • Reported component ID

    5724E7600

  • Reported release

    61A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-09-09

  • Closed date

    2009-10-21

  • Last modified date

    2009-10-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE PORTA

  • Fixed component ID

    5724E7600

Applicable component levels

  • R61A PSY

       UP

  • R61B PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.1","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
21 December 2021