IBM Support

LO80030: DOMINO READS ONE TYPE OF WAS LTPA TOKEN, "U:USER . . ."

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as fixed if next.

Error description

  • You have configured a Connections server on WebSphere
Application Server and configured it for Multi Server Sign-on.
You configure your Domino server for MSSO, as well, and import
the WAS LTPAToken so that users can authenticate with
Connections and then switch to Domino, etc., as part of a
Social and Embedded Experience environment.
You find that users must login again when they connect to the
Domino server. Upon using debugging, debug_sso_trace_level=3
you can see that the Domino server decrypts the token that
Connections sends, but the server throws an error exactly as in
http://www-01.ibm.com/support/docview.wss?uid=swg21210929
16D4:0011-0960] 04/10/2014 09:10:50.09 AM SSO API> Decrypt
Websphere
style Single Sign-On token (LTPA). [0] != u.
[16D4:0011-0960] 04/10/2014 09:10:50.09 AM SSO API> ERROR: when
decoding LtpaToken [Single Sign-On token is invalid].
Token which is not understable by domino looks like:
expire:1395778289278$u:user\:nawebspldap.intranet.company.com \
:
389/CN=some guys,OU=This,OU=That,O=Organization%1395778320000%
D/hLqZeuY5wLbTI
YGTmx0gz/iI2FYEgetJZ62ZQDdjW5vwh/RBLJMmtNnC3ttsEP/Ppy0UFHi5ouX2v
d7mqu8kp
5F/1SOyciF9Dsnl0ISlwynk9ey5FQnXH3/rrP/x9b9s+4nAMqR5aAvI0E9i/trJ4
BYarEqgG
Jh0pdlEhx4+U=
On the other hand, an accepted token looks like:
u:user\:ldapserver.host.com\:389/CN=some guys,OU=This,
OU=That,O=Organization%1395777360000%TLguLktOHKpRQ5b1l43d8R1zcaZ
8 6 7YS71ri
cQE93awIhArVa5oDWmhv0Tk3i1vrDOtEk+s/WADVz7naqsjYnF9T8qleEfi2OsTM
AwXQElv+
b6Nh88U9QipE4rhKBNcxAcmU8neGitrstg4GD9Dm7G5chL/dAkE3tPFa+IcFcwE=
Discussions with the WAS team concludes that these both are
acceptable token formats for any server built on WAS.
It remains to be seen why these errors display with Domino.

Local fix

  • 



Problem summary


    

  • This APAR is closed as FIN. We have deferred the fix to a
 future release.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • This APAR is associated with SPR# PPET9J8UFH.
This APAR is closed as FIN. We have deferred the fix to a
 future release.

    



APAR Information




    

  • APAR number
    LO80030
    • 

  • Reported component name
    DOMINO SERVER
    • 

  • Reported component ID
    5724E6200
    • 

  • Reported release
    901
    • 

  • Status
    CLOSED  FIN
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2014-04-16
    • 

  • Closed date
    2016-07-26
    • 

  • Last modified date
    2016-07-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    

  • R901  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            26 July 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback