APAR status
Closed as program error.
Error description
This APAR Work Item is for the following issue: https://github.com/OpenLiberty/open-liberty/issues/21837
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty - Security * **************************************************************** * PROBLEM DESCRIPTION: LTPAToken validation failure for users * * with space characters in the user name * * caused by PH47867 * **************************************************************** * RECOMMENDATION: * **************************************************************** LTPAToken validation might fail for users with empty space characters in the username after an interim fix or fix pack containing APAR PH47867 is installed. * Users that perform a login to authenticate to one Liberty server might fail to authenticate to other Liberty servers by using their LTPAToken2. Users would need to login again on other Liberty servers. * If authentication cache is not enabled, a user can log in, but might fail to use their LTPAToken2 in subsequent requests to other servers or to the same server. In this case, the user might have to perform a new login on every request. * Users with at least one of the following empty space characters in their username are affected: Space character, tab character, newline character, carriage- return character, and form-feed character. * The username can be the short principal name or the full name of the user as in the DN for LDAP users. Error message that can be found in messages.log: CWWKS4001I: The security token cannot be validated. This can be for the following reasons 1. The security token was generated on another server using different keys. 2. The token configuration or the security keys of the token service which created the token has been changed. 3. The token service which created the token is no longer available.
Problem conclusion
The Liberty runtime is updated to handle usernames containing empty space characters correctly. The fix for this APAR is currently targeted for inclusion in fix pack 22.0.0.9. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH48187
Reported component name
WAS LIBERTY COR
Reported component ID
5725L2900
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-07-21
Closed date
2022-07-26
Last modified date
2022-08-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS LIBERTY COR
Fixed component ID
5725L2900
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
04 August 2022