The user representation in request.log for log-in with expired account is changed

Question & Answer

Question

When an end user login to WebSEAL using forms authentication with expired account, the user name field in request.log was unauthenticated on ITAM 6.1/6.1.1. However, login user name is displayed in this field on ISAM 7.0 or later.

Answer

This is design change. The new (700) behavior is considered more correct and is also maintained forward in the newer releases

Test scenario:
1. Create new webseal instance
2. Enable forms login
3. Set account expired
# pdadmin -a sec_master -p password user modify test password-valid no
# pdweb restart
4. Access from browser and try to login
5. Password expired page will be shown. Do not change password
6. Check request.log
# tail /var/pdweb/www-default/log/request.log

Result on ISAM 7.0.0.16
192.168.1.163 - test 07/Dec/2015:16:56:25 +0900 "POST /pkmslogin.form?token=Unknown HTTP/1.1" 200 1283

Result on TAM 6.1.1.20
192.168.1.163 - unauthenticated 07/Dec/2015:16:50:51 +0900 "POST /pkmslogin.form HTTP/1.1" 200 1164

Result on TAM 6.1.0.11
192.168.1.163 - Unauth [07/Dec/2015:16:35:13 +0900] "POST /pkmslogin.form HTTP/1.1" 200 1164

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSEAL","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0;8.0;8.0.0.2;8.0.0.4;8.0.0.5;8.0.1;8.0.1.2;8.0.1.3;9.0;9.0.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

The user representation in request.log for log-in with expired account is changed

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?