APAR status
Closed as unreproducible in next release.
Error description
Problem Description: Customer has two WebSeals which they are attempting to enable failover. They are on TAM 6.0.0.7. They have configured both webseals for failover and have set the allow-backend-domain-cookies to 'yes'. They are still prompted for login after authenticating to one WebSEAL and then accessing a resource on another WebSEAL. I have gathered debug and snoop traces and have had other L2 engineers look at this. Here are the requests: Set-Cookie: PD-ID=OrVX8UNZYT7ZQfmrZjvUkdYEeGHJ2O3H60/2xtRtwE4WALjWqWViLOfI+D j9Oj13Ap N8e1SZ5hnqfVHCOqDjv8lPlvNtJze3bkWG7CSfgizf6eX5eadf0gCpSifU4QuFwW u8TzlzXu EdFV81ylHCG6HN6zR+ct8zkMWLZqTj2SD2aDi/whNWAV/qKchqJEkO3eLaWhuHnG UlABR6DD /+LgGvx4iBt3RdD2WrULo3NUtkg0Ff8p5Ku9NKnuOORpSVyCqQXpVacnsrF1HOMy jye8pSK/ cS0YU/PRPIne9kXi0CD9WvloTYnw==; Path=/; Secure Traces show the ima2 WebSEAL instance is setting a failover cookie with a Domain attribute: Set-Cookie: PD-ID=6jFmxxvlBlbHRr+SAGAzXQv6JU7NHj0NCVZUlHJd0dDdPG3/RpC4d9HXI/ SDacSPIF bXFsOYs1hT/KCTkHFMrd+HPlg7w70McTvwLyqlJXHPTisffX7XMCMdppluBuOeTm mZ4VtLLw sYTpiUSEIfiIx9e7Y9pSbYSB8ZeXYBSCv/zPpQSeFDzml6Q276f4F8vPVUOk8ZaS jQxeLaxh qDqQx2q46iymCJSrmMTUoFJUCQG1tmZPFY1d0yjBMGg5AnD3bbEygPrFPp9kWMca 8tm8lsul waGNpg5uf0Ij39quA=; Path=/; Domain=.kih.kmart.com; Secure The customer has multiple entries in their /etc/hosts file for each ip address: Updated local hostname lookup to resolve local host name /etc/hosts first. The problem is still the same. At esstpdw1: nslookup `hostname` Using /etc/hosts on: esstpdw1 looking up FILES Name: esstpdw1.mykmart.com Address: 148.162.54.35 Aliases: esstpdw1.kih.kmart.com, esstpdw1 at esstpdw2: esstpdw2:/opt/pdweb/etc # nslookup `hostname` Using /etc/hosts on: esstpdw2 looking up FILES Name: esstpdw2.mykmart.com Address: 148.162.54.37 Aliases: esstpdw2.kih.kmart.com, esstpdw2 We had the customer verify that both servers were resolving to hostnames with the .mykmart.com tail. However, the traces haven't changed. The domain tails still don't match. Traces and config files are on ecurep. This may be just a configuration issue, but l2 has attempted various solutions but haven't been able to get this resolved. I am opening this APAR for assistance from L3. CORRECTION: Customer is at 5.1.0.21
Local fix
Problem summary
This issue has been unrecreatable in the custom er's environment and in the L2/L3 lab environment.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
IZ01793
Reported component name
ACCESS MGR WEBS
Reported component ID
5724C0811
Reported release
510
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-07-23
Closed date
2007-08-29
Last modified date
2007-08-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
ACCESS MGR WEBS
Fixed component ID
5724C0811
Applicable component levels
R510 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"510","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
29 August 2007