APAR status
Closed as program error.
Error description
Form based login or other LTPA authentication fails on Java 11 on z/OS when using the IBMJCEHYBRID provider Affected Users: Liberty running Java 11 on z/OS using the IBMJCEHYBRID provider The problem occurs in the following scenarios: - Liberty for z/OS is running on a system with no hardware crypto card - Liberty for z/OS is running on a system with hardware crypto, but the ICSF address space is down - Liberty server is started with no ltpa.keys file in directory WLP_USER_DIR/servername/resources/security/ltpa.keys and is created on startup with size 1070 bytes. - Liberty service level 22.0.0.11 or later An FFDC log contains the following: Stack Dump = com.ibm.websphere.security.auth.InvalidTokenException: BigInteger not invertible. com.ibm.ws.security.token.ltpa.internal.LTPAToken2.getBytes(LTP AToken2.java:381) com.ibm.ws.security.token.internal.AbstractTokenImpl.getBytes( com.ibm.ws.security.authentication.internal.cache.keyproviders. SSOTokenBytesCacheKeyProvider.getSingleSignonTokenBytes( com.ibm.ws.security.authentication.internal.cache.keyproviders. SSOTokenBytesCacheKeyProvider.provideKey( com.ibm.ws.security.authentication.internal.cache.AuthCacheServ iceImpl.commonInsert( com.ibm.ws.security.authentication.internal.cache.AuthCacheServ iceImpl.insert( com.ibm.ws.security.authentication.internal.AuthenticationServi ceImpl.insertSubjectInAuthCache( com.ibm.ws.security.authentication.internal.AuthenticationServi ceImpl.authenticate( com.ibm.ws.security.authentication.internal.AuthenticationServi ceImpl.authenticate( com.ibm.ws.security.authentication.helper.AuthenticateUserHelpe r.authenticateUser( com.ibm.ws.security.authentication.helper.AuthenticateUserHelpe r.authenticateUser( com.ibm.wsspi.security.common.auth.module.IdentityAssertionLogi nModule.setUpTemporarySubject( com.ibm.wsspi.security.common.auth.module.IdentityAssertionLogi nModule.login( com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginMod uleProxy.java:53) java.base/javax.security.auth.login.LoginContext.invoke(LoginCo ntext.java:747) java.base/javax.security.auth.login.LoginContext$4.run(LoginCon text.java:672) java.base/javax.security.auth.login.LoginContext$4.run(LoginCon text.java:670) java.base/java.security.AccessController.doPrivileged(AccessCon troller.java:783) java.base/javax.security.auth.login.LoginContext.invokePriv(Log inContext.java:670) java.base/javax.security.auth.login.LoginContext.login(LoginCon text.java:581)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere Liberty on zOS using * * JAVA 11 with IBMJCEHYBRID Provider * **************************************************************** * PROBLEM DESCRIPTION: While using WebSphere Liberty on zOS * * with * * JAVA 11 and IBMJCEHYBRID Provider, it * * is * * noticed that form based login or other * * LTPA authentication fails. * **************************************************************** * RECOMMENDATION: * **************************************************************** While using WebSphere Liberty on zOS with JAVA 11 and IBMJCEHYBRID Provider, it is noticed that form based login or other LTPA authentication fails.
Problem conclusion
The code has been revised and updated to fix to address this issue. The fix for this APAR is targeted for inclusion in fix pack 23.0.0.10. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH55995
Reported component name
LIBERTY PROF -
Reported component ID
5655W6514
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-07-25
Closed date
2023-09-14
Last modified date
2023-09-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROF -
Fixed component ID
5655W6514
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
15 September 2023