Fixes are available
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
9.0.0.1: WebSphere Application Server traditional V9.0 Fix Pack 1
9.0.0.2: WebSphere Application Server traditional V9.0 Fix Pack 2
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
9.0.0.3: WebSphere Application Server traditional V9.0 Fix Pack 3
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
9.0.0.4: WebSphere Application Server traditional V9.0 Fix Pack 4
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
The IHS server allows a user to change the password they are using. When using DGW, the server puts out messages in the 401 response body that lets the user know if the password change is successful or not, ie: IMW0237I Password changed. Enter newpw to continue. IMW0236E Access denied - password expired. Enter oldpw/newpw/newpw to change your password. IMW0216E Not authorized. Authentication failed. IMW0239E New password has invalid format, try again. Enter oldpw/newpw/newpw to change your password. IMW0579E Access denied - The oldpass is not authorized. IMW0580E Access denied - The username access has been revoked. IHS powered by APACHE does not do this. It will be enhanced to put these types of messages in a private header, so that an application can parse the private header to check that the password change is successful.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server (powered by * * Apache) on z/OS. * **************************************************************** * PROBLEM DESCRIPTION: SAF authentication status is not * * provided in the response. * **************************************************************** * RECOMMENDATION: * **************************************************************** The Domino HTTP server provided the status of authentication in the response body, but the Apache HTTP server does not. The status messages are: - IMW0216E: Not authorized. Authentication failed. - IMW0236E: Access denied - password expired. - IMW0237I: Password changed. - IMW0239E: New password is invalid. - IMW0578E: The user name is unknown or not defined to the kernel. - IMW0579E: The oldpass is not authorized. - IMW0580E: The username access has been revoked.
Problem conclusion
The IBM HTTP Server (powered by Apache) on z/OS will add a header containing the status of SAF authentication. The header name is specified by the directive AuthSAFStatusHeader. Additionally, the status of authentication will be written to the response body. This fix is targeted for IBM HTTP Server fix packs: - 7.0.0.43 - 8.0.0.13 - 8.5.5.10 - 9.0.0.1
Temporary fix
Comments
APAR Information
APAR number
PI63482
Reported component name
WAS IHS ZOS
Reported component ID
5655I3510
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-06-02
Closed date
2016-06-23
Last modified date
2016-06-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS IHS ZOS
Fixed component ID
5655I3510
Applicable component levels
R800 PSY
UP
Document Information
Modified date:
04 May 2022