APAR status
Closed as program error.
Error description
When a user opens two browser windows and has two authenticated Portal sessions, rendering a page in one window while logging out in the second window can lead to the WasReqURL cookie being wrong. That is, the WasReqURL cookie will point to the first resource that is requested without a valid security context (as the logout in the second window has already been processed). When the same user tried to login again with second window, the login process believes the WasReqURL cookie to point a Portal page that the user wants to visit, when in fact it is just a resource (e.g. an image) that was requested from the first window. Rather than landing on a proper Portal page, the user is redirected to that resource. In more common use case scenarios, the effect observed will be the end user will be redirected and see a Web Content Management (WCM) image after login, rather than the expected / default Portal landing page.
Local fix
None available.
Problem summary
When a user opens two browser windows and has two authenticated Portal sessions, rendering a page in one window while logging out in the second window can lead to the WasReqURL cookie being wrong. That is, the WasReqURL cookie will point to the first resource that is requested without a valid security context (as the logout in the second window has already been processed). When the same user tried to login again with second window, the login process believes the WasReqURL cookie to point a Portal page that the user wants to visit, when in fact it is just a resource (e.g. an image) that was requested from the first window. Rather than landing on a proper Portal page, the user is redirected to that resource.
Problem conclusion
This APAR introduces a login filter that can be enabled and configured to validate the WasReqURL cookie. In the WAS Admin Console, add the following custom property to the resource environment provider "WP Authentication Service": login.explicit.filterchain=com.ibm.wps.auth.impl.ValidateRedirec tLoginFilter You can determine which redirect URLs should be considered as "invalid" and should be replaced by a default redirect URL by setting the following additional property: filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.blacklist.pattern=<regexp> where "regexp" will be interpreted as a regular expression (see java.util.regex.Pattern) and compared to redirect URL (case-insensitive). If, for example, all redirect URLs that end with *.* should be considered as invalid, the following pattern can be used: .*/[^/]*[.]+[^/]* If the current redirect URL matches the specified pattern, then this redirect URL will be replaced by "/wps/myportal". A different redirect URL can be configured with property: filterchain.properties.com.ibm.wps.auth.impl.ValidateRedirectLog inFilter.redirect.url Failing Module(s): Authorization/Authentication (login/logout) Affected Users: All users Version Information: Portal Version(s): 6.1.0.3, 6.1.0.4 Pre-Requisite(s): --- Co-Requisite(s): --- Manuel Steps: None Platform Specific: This fix applies to all platforms. PM19405 is part of Cumulative Fix 07 for Portal 6.1.0.3 / 6.1.5.0: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde r?apar=PM18585&productid=WebSphere%20Portal&brandid=5 and also part of Cumulative Fix 07 for Portal 6.1.0.4 / 6.1.5.1: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde r?apar=PM18610&productid=WebSphere%20Portal&brandid=5 You may need to type or paste the complete address into your Web browser.
Temporary fix
Comments
APAR Information
APAR number
PM19405
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
615
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-07-29
Closed date
2010-08-31
Last modified date
2010-09-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600
Applicable component levels
R615 PSY
UP
R61C PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.5","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
21 December 2021