IBM Support

PK71826; 7.0: Multiple security issues: web authentication options ignored, user

Download


Abstract

-username with an @ symbol fails authentication. -Web authn options are ignored when unprotected URI is accessed.

Download Description

PK71826 resolves the following problem:

ERROR DESCRIPTION:?
Multiple Security issues will be addressed in this APAR:

1. Web authentication options "Authenticate when any URI is accessed" or "Use available authentication data when an unprotected URI is accessed" are ignored. Servlets with no security constraints will not be authenticated, TAI's will not be invoked.

2. When a valid username that includes an @ symbol (e.g. an email address) is used for login to an application, the authentication and authorization steps fail.

LOCAL FIX:?
none

PROBLEM SUMMARY:?

USERS AFFECTED:
All users of IBM® WebSphere® Application Server version 7.0

PROBLEM DESCRIPTION:
-username with an @ symbol fails authentication.
-Web authn options are ignored when unprotected URI is accessed.

RECOMMENDATION:
None

MULTIPLE SECURITY ISSUES: WEB AUTHENTICATION OPTIONS IGNORED, and USER NAMES WITH @ SYMBOL (e.g. use of email address) FAILS AUTHENTICATION.

PROBLEM CONCLUSION:?
The fix for this APAR is currently targeted for inclusion in fixpack 7.0.0.1.

Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5593","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK71826/readme.txt"}]

Download Package

Download package
What is Fix Central (FC)?
What is DD?

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
7.0-WS-WAS-IFPK7182609-19-2008US English47638FCFTPDD

On
[{"DNLabel":"7.0-WS-WAS-IFPK71826","DNDate":"09-19-2008","DNLang":"US English","DNSize":"47638","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":null,"DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0","Edition":"Base;Developer;Express;Network Deployment","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
15 June 2018

UID

swg24020602