APAR status
Closed as program error.
Error description
Ø With mapDistributedIdentities="true" using z/OS connect and Liberty on z/OS Basic Authorization with RACF is not working. Was working on 17.0.0.2 but not 17.0.0.4
Local fix
Ø none
Problem summary
**************************************************************** * USERS AFFECTED: WebSphere Application Server Liberty for * * z/OS - users of the zosSecurity-1.0 * * feature * **************************************************************** * PROBLEM DESCRIPTION: CWWKS2905E during login when the * * "mapDistributedIdentities" attribute of * * the "safCredentials" element is * * configured in server.xml * **************************************************************** * RECOMMENDATION: * **************************************************************** Failed logins can occur when using SAF authorization in WebSphere Application Server Liberty for z/OS, and when the "mapDistributedIdentities" attribute of the "safCredentials" element is specified in server.xml. The user logins in successfully and the LtpaToken2 SSOTOken cookie is returned to the client. On subsequent propagation logins utilizing the LtpaToken2 cookie, during login you may see this error. Notice the user=null. CWWKS2905E: SAF service IRRSIA00_CREATE did not succeed because user null was not found in the SAF registry. SAF return code 0x00000008. RACF return code 0x00000008. RACF reason code 0x00000010.
Problem conclusion
Code has been changed to properly set the user prior to the SAF registry lookup. The fix for this APAR is currently targeted for inclusion in fix pack 18.0.0.2. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI99285
Reported component name
LIBERTY PROF -
Reported component ID
5655W6514
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-06-18
Closed date
2018-07-30
Last modified date
2018-07-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROF -
Fixed component ID
5655W6514
Applicable component levels
RCD0 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"CD0","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
14 December 2020