IBM Support

IT41280: SOAP/HTTP INPUT NODES DEMAND FOR AUTHENTICATION ONLY WHEN THE ASSOCIATED SECURITY PROFILE HAS AUTHENTICATION CONFIGURATION.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • SOAPInput and HTTPInput nodes can be configured for
    non-preemptive authentication by configuring a security profile
    policy on the node. However, it works only when the associated
    security profile has an authentication configuration like an
    LDAP authentication. But a user may want the input nodes to
    demand authentication credentials irrespective of any LDAP
    authentication configuration in scenarios where they need
    credentials further in their messageflow logic, like calling an
    external endpoint using HTTPRequest or SOAPRequest node which
    needs authentication.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All Users of IBM App Connect Enterprise V12.0 and V11.0 who use
    security profile policy.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    SOAPInput and HTTPInput nodes can be configured for
    non-preemptive authentication by configuring a security profile
    policy on the node. However, it works only when the associated
    security profile has an authentication configuration like an
    LDAP authentication. But, a user may want the input nodes to
    demand authentication credentials irrespective of any LDAP
    authentication configuration in scenarios where they need
    credentials further in their messageflow logic, like calling an
    external endpoint using HTTPRequest node which needs
    authentication.
    

Problem conclusion

  • The security profile policy property 'rejectBlankPassword' if
    set, the flow will challenge for authentication by sending a 401
    response. Thus a user only needs to configure
    rejectBlankPassword=true for non-preemptive authentication.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v11.0      11.0.0.21
    v12.0      12.0.8.0
    
    The latest available maintenance can be obtained from:
    http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041
    
    If the maintenance level is not yet available,information on
    its planned availability can be found on:
    http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT41280

  • Reported component name

    APP CONNECT ENT

  • Reported component ID

    5724J0550

  • Reported release

    B00

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2022-06-20

  • Closed date

    2023-04-13

  • Last modified date

    2023-04-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    APP CONNECT ENT

  • Fixed component ID

    5724J0550

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B00","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
14 April 2023