APAR status
Closed as program error.
Error description
Setting the Java System Property: -Dcom.ibm.mq.cfg.jmqi.useMQCSPauthentication=Y for MQ classes for Java or MQ classes for JMS applications that connect to queue managers using the CLIENT transport does not result in MQCSP authentication mode being enabled, as described in the IBM Knowledge Center here: https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm .mq.sec.doc/q118680_.htm This can result in the queue manager rejecting the connection attempt from the application with the reason code 2035 ('MQRC_NOT_AUTHORIZED').
Local fix
For IBM MQ classes for Java applications, set the property MQConstants.USE_MQCSP_AUTHENTICATION_PROPERTY to true in the properties hashtable passed to the com.ibm.mq.MQQueueManager constructor. For IBM MQ classes for JMS applications, set the property JmsConstants.USER_AUTHENTICATION_MQCSP to true, on the appropriate connection factory prior to creating the connection.
Problem summary
**************************************************************** USERS AFFECTED: This issue affects users of the MQ classes for JMS and MQ classes for Java who: - configure the client for MQCSP authentication, and - use a version of the MQ classes for Java and classes for JMS that includes the fix for APAR IT15833, and - have applications that connect to a queue manager using the CLIENT transport. MQCSP authentication can be configured in the MQ classes for JMS and MQ classes for Java by setting either: - the Java system property "-Dcom.ibm.mq.cfg.jmqi.useMQCSPauthentication=Y" when the application is started, or - the useMQCSPauthentication=YES entry in the JMQI stanza of the client configuration file. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: After APAR IT15833, an MQCSP structure to contain user credential information was only created if MQCSP authentication mode had been enabled by either: - Setting the JmsConstants.USER_AUTHENTICATION_MQCSP property to true on a JMS Connection Factory used by MQ classes for JMS applications, before creating Connection and Context objects, or - Setting the MQConstants.USE_MQCSP_AUTHENTICATION_PROPERTY to true in the properties hashtable passed to the com.ibm.mq.MQQueueManager constructor for MQ classes for Java applications. The Java system property, "com.ibm.mq.cfg.jmqi.useMQCSPauthentication", that should have enabled MQCSP authentication mode globally when set to the value "Y" was not checked by either the MQ classes for JMS or the MQ classes for Java when determining if an MQCSP structure should be created and flowed to the queue manager when establishing a connection.
Problem conclusion
The MQ classes for JMS have been updated such that if the JmsConstants.USER_AUTHENTICATION_MQCSP property has not been set to true on the JMS Connection Factory used by the application, the value of the global "com.ibm.mq.cfg.jmqi.useMQCSPauthentication" property is checked to determine if MQCSP authentication mode should be enabled while establishing connections to a queue manager. The MQ classes for Java have been updated such that if the MQConstants.USE_MQCSP_AUTHENTICATION_PROPERTY property has not been set to true in the properties hashtable passed to the com.ibm.mq.MQQueueManager constructor, the value of the global "com.ibm.mq.cfg.jmqi.useMQCSPauthentication" property is checked to determine if MQCSP authentication mode should be enabled while establishing connections to a queue manager. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v8.0 8.0.0.8 v9.0 CD 9.0.4 v9.0 LTS 9.0.0.3 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT21384
Reported component name
WMQ BASE MULTIP
Reported component ID
5724H7251
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-07-11
Closed date
2017-07-21
Last modified date
2017-09-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ BASE MULTIP
Fixed component ID
5724H7251
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
18 September 2017