Fixes are available
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
Even though the interoperability mode is disabled in the configuration of single sign-on, LTPAToken cookie (LTPA V1 cookie) is always deleted when LTPAToken cookies are deleted. If LTPAToken cookie is used on other system such as Domino server, single sign-on fails after the removal of LTPAToken cookie on WebSphere Application Server. Following is the scenario how this problem happens; 1. Login to Domino server and LTPAToken cookie is created for the request 2. The same user login to WebSphere Application Server with LTPAToken. LTPAToken 2 is created for the request becuse interoperability mode is disabled. 3. When SPNEGO token expires, all LTPAToken cookies are deleted and both LTPAToken and LTPAToken2 is deleted 4. Single sign-on fails when the same user access to Domino server again because LTPAToken is removed from cookie
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: The unrelated LTPAToken cookie might * * be removed upon logout. * **************************************************************** * RECOMMENDATION: * **************************************************************** The security code always removes LTPAToken cookie upon logout even it is not used by WebSphere Application Server. As a result, it might interfere with the transaction by another server which relies on this LTPAToken cookie.
Problem conclusion
With this fix, the unrelated LTPAToken cookie is no longer removed upon logout. In order to enable this new behavior, the following security custom property needs to be set: Name: com.ibm.websphere.security.disableRemovingUnusedLTPACookie Value: true The security custom properties screen on the admin console can be reached by navigating to Security -> Global security -> Custom properties Click New... button. The fix for this APAR is currently targeted for inclusion in fix pack 8.0.0.11, and 8.5.5.6. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI29397
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-11-11
Closed date
2015-01-05
Last modified date
2015-07-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
28 April 2022