APAR status
Closed as Permanent restriction.
Error description
Permission Denied Login when using non-ASCII characters (such as the character '?') within Active Directory Windows Passwords CLM 4.x Windows CLM Servers Active Directory LDAP Problem Description: - Users whose password has a '?' character fail to log on. - Reproducible on a WAS / LDAP environment. - Not reproducible on a Tomcat / Tomcat users environment - All applications are affected (jts/ccm/rm/qm) - Certain URLs such as https://?server?:9443/ccm fails. However, https://?server?:9443/ccm/web succeeds. - The issue is with https://?server?:9443/ccm, as the URL redirects to https://?server?:9443/ccm/auth/authrequired [j_security_check] URL Tests: https://?server?:9443/ccm -? (redirected to) -? https://?server?:9443/ccm/auth/authrequired -? Fail with 'Rat1onal?' password https://?server?:9443/qm -? (redirected to) -? https://?server?:9443/qm/auth/authrequired -? Fail with 'Rat1onal?' password https://?server?:9443/rm -? (redirected to) -? https://?server?:9443/jts/auth/authrequired -? Fail with 'Rat1onal?' password https://?server?:9443/rm/web -? (redirected to) -? https://?server?:9443/jts/auth/authrequired -? Fail with 'Rat1onal?' password https://?server?:9443/rm/rmadmin -? (redirected to) -? https://?server?:9443/jts/auth/authrequired -? Fail with 'Rat1onal?' password NOTE: The login failure with RRC is constant because no matter which URL is used, the result is redirected to a jts/auth/authrequired page. Workaround: Do not use non-ASCII characters within passwords https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.Wo rkItem/283369
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** Permission Denied Login when using non-ASCII characters (such as the character "?") within Active Directory Windows Passwords
Problem conclusion
After some trials ? tribulations getting WAS+LDAP set up (I needed the experience anyway), without any CLM, just the default app (/snoop), I was able to verify that this is a WAS issue. I was able to set auth required for /snoop, and every user I tried worked, except the one with the ? in the password. On further investigation, I found this in the WAS info center...non-ascii chars aren't generally supported for user ids and passwords in WAS: http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm .websphere.base.doc/info/aes/ae/csec_chars.html
Temporary fix
Comments
APAR Information
APAR number
PM98339
Reported component name
RATL REQ COMP S
Reported component ID
5724W8701
Reported release
401
Status
CLOSED PRS
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-10-02
Closed date
2014-01-07
Last modified date
2014-01-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWMEQ","label":"Rational Requirements Composer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]
Document Information
Modified date:
07 January 2014