Fixes are available
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for IBM i
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Windows
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for AIX
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for HP-UX
7.0.0.9: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Solaris
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Linux
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
In WAS 7 (not WAS 6.0/6.1) the customer gets a CWSIT0110E Bus Link exception when a security check between buses is performed. This prevents messaging between buses. This only happens when Security Attribute Propagation is disabled. The workaround is to enable SAP. The error is as follows: CWSIT0110E: The security token provided by messaging engine ClusterName.000-BusName in bus BusName failed authentication.
Local fix
Introduce the ability to return to the WebSphere Application Server Version 6.1 behaviour - using inter-engine authentication aliases. At a code level: On the server side, it seems like SIB code invokes createTokenHolderList from OpaqueToken to deserialize incoming token, but this token doesn't contain an LTPAToken, but just a hash table. SIB code then invokes validateLTPAToken method with this hashtable object, but the validation failed.
Problem summary
**************************************************************** * USERS AFFECTED: Users of the default messaging provider for * * IBM WebSphere Application Server Version 7.0* **************************************************************** * PROBLEM DESCRIPTION: CWSIT0110E errors logged in a bus * * with multiple messaging engines, in a * * cell with Security Attribute * * Propagation disabled * **************************************************************** * RECOMMENDATION: * **************************************************************** Security Attribute Propagation (SAP) is a security feature, enabled as part of single sign-on (SSO). It is enabled by default, but can be manually disabled. If SAP is disabled in WebSphere Application Server Version 7.0, the connections created automatically between messaging engines in a secure bus cannot be established, and fail with CWSIT0110E errors. The failures occur due to enhancements in the authentication mechanism used between messaging engines in a bus in WebSphere Application Server Version 7.0, which depend on features of the application server that are only available when Security Attribute Propagation is enabled.
Problem conclusion
The fix for this APAR introduces a new Service Integration Bus custom property, that causes the bus to revert to the Version 6.1 and earlier mechanism for authentication between messaging engines in a bus. Users should consider enabling Security Attribute Propagation in preference to enabling the custom property provided in this APAR fix. In WebSphere Application Server Version 7.0 it is very rare for Security Attribute Propagation to introduce any performance overhead that would outweigh the Version 7.0 improvements in the messaging engine authentication mechanism. The custom property is created for each bus, through the following panel in the administrative console: Service Integration -> Buses -> <BUSNAME> -> Custom properties Create a new custom property as follows: Name=authentication.intrabus.mode Value=authalias To successfully enable the Version 6.1 and earlier mechanism of messaging engine authentication within a bus, it is necessary to also specify a valid inter-engine authentication alias via the following panel: Service Integration -> Buses -> <BUSNAME> -> Security -> Inter-engine authentication alias If the custom property, and an inter-engine authentication alias, are successfully enabled each messaging engine logs the following entry when starting a connection to another messaging engine in the bus: CWSIU0001I: The runtime property authentication.intrabus.mode (Bus=BUSNAME) has been changed to value authalias. However, if the custom property is specified without an authentication alias, the CWSIT0110E error will continue to occur and the following error will also be displayed: CWSIT0073W: No intra-bus messaging engine authentication alias is configured. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.9. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK97997
Reported component name
PLAT MSG COM
Reported component ID
620800101
Reported release
300
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-10-06
Closed date
2009-11-26
Last modified date
2010-02-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
PLAT MSG COM
Fixed component ID
620800101
Applicable component levels
R300 PSY
UP
Document Information
Modified date:
24 October 2021