IBM Support

IY92373: SPECIFIC COMBINATION OF ECSSO , WEB-SERVER-AUTHN AND IIS ON THE NON DEFAULT PORTS CAUSES THE PLUG-IN TO FUNCTION TO FAIL

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Specific combination of ecsso web-server-authn and iis on the
none default port causes problems.
On the test system during the web-server-authn phase the
vouchfor operation the browser would be redirected to the wrong
port.

Local fix

  • The workaround was to change the webpi to use ntlm instead of
webserver-authn , i.e. change the
authentication = web-server-authn .
to
authentication = ntlm
The url that was used was as follows
particularly interested in the messages in the iis error log.
>2006-10-16 09:57:41 xx.xx.xx.2 4456 xx.xx.xx.2 8080 HTTP/1.1
GET / 503 1
AppOffline DefaultAppPool
This is usually an indication that the iis plugin process has
crashed a
number of times, so IIS has disabled the plugin.
When this happens there will be events logged in the windows
event viewer
The program name is w3wp.exe
>2006-10-16 11:29:23 xxx.xxx.xxx.7 4188 xxx.xxx.xxx.2 8080
HTTP/1.1 GET
/pkmsvouchfor?ANL&http://TEST-SSOACCESS1/itimj/enrole -
>Connection_Dropped
DefaultAppPool
The "-" is in the field that is the http status. Basically
couldnt return a
status because the connection was broken
(suspect the client but not sure) The broken connection would
also explain
the errors like
>2006-10-16-12:45:14.416+01:00I----- 0x35F02089
pdwebpi.plugin.iis ERROR
pic
>IIS
f:\amwebpi600\src\pdwebpi\plugin\iis\WPIIIS6FilterContext.cpp
343
>0x00000254 AMZIC0137E   The response headers could not be sent
to the
>client: system error: The parameter is incorrect.
> (system error code: 87).

Problem summary

  •   During the request for a vouchfor token in a
ECSSO request, the port is not distinguished by the Web Server
Plugin, causing an error to be returned.

Problem conclusion

  •   This problem has been resolved and will be
delivered in 6.0.0-TIV-WPI-FP0006

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IY92373
    • 

  • Reported component name
    ACCESS MGR WEBS
    • 

  • Reported component ID
    5724C0813
    • 

  • Reported release
    600
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2006-12-01
    • 

  • Closed date
    2007-01-30
    • 

  • Last modified date
    2007-01-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ACCESS MGR WEBS
    • 

  • Fixed component ID
    5724C0813
    • 



Applicable component levels


    

  • R600  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 January 2007
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback