PI99285: User login fails when configuring zOS mapDistributedIdentities

APAR status

Closed as program error.

Error description

&#216;
With mapDistributedIdentities="true" using z/OS connect and
Liberty on z/OS Basic Authorization with RACF is not
working.
Was working on 17.0.0.2 but not 17.0.0.4

Local fix

```
&#216;
none
```

Problem summary

****************************************************************
* USERS AFFECTED:  WebSphere Application Server Liberty for    *
*                  z/OS - users of the zosSecurity-1.0         *
*                  feature                                     *
****************************************************************
* PROBLEM DESCRIPTION: CWWKS2905E during login when the        *
*                      "mapDistributedIdentities" attribute of *
*                      the "safCredentials" element is         *
*                      configured in server.xml                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Failed logins can occur when using SAF authorization in
WebSphere Application Server Liberty for z/OS, and when the
"mapDistributedIdentities" attribute of the "safCredentials"
element is specified in server.xml.

The user logins in successfully and the LtpaToken2 SSOTOken
cookie is returned to the client. On subsequent propagation
logins utilizing the LtpaToken2 cookie, during login you may see
this error. Notice the user=null.

CWWKS2905E: SAF service IRRSIA00_CREATE did not succeed because
user
null was not found in the SAF registry. SAF return code
0x00000008.
RACF return code 0x00000008. RACF reason code 0x00000010.

Problem conclusion

Code has been changed to properly set the user prior to the SAF
registry lookup.

The fix for this APAR is currently targeted for inclusion in fix
pack 18.0.0.2.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PI99285
Reported component name
LIBERTY PROF -
Reported component ID
5655W6514
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-06-18
Closed date
2018-07-30
Last modified date
2018-07-30

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
LIBERTY PROF -
Fixed component ID
5655W6514

Applicable component levels

RCD0 PSY
UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"CD0","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
14 December 2020

Tips

PI99285: User login fails when configuring zOS mapDistributedIdentities

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

RCD0 PSY

Document Information

Share your feedback

Need support?