Fixes are available
Download for IBM Worklight V6.1.0 Fix Pack 1
Download the cumulative interim fix for IBM Worklight V6.0.0 Fix Pack 2 and IBM Mobile Foundation v6.0.0 Fix Pack 2
Download the cumulative interim fix for IBM Worklight V5.0.6 Fix Pack 2 and IBM Mobile Foundation V5.0.6 Fix Pack 2
IBM Worklight Interim Fix README for 6.0.0.2
APAR status
Closed as program error.
Error description
When the user logs out and then log back in within a minute on the Worklight Console, the same LTPA token is being used. A new LTPA token is expected on each login.
Local fix
Disable AuthCache
Problem summary
**************************************************************** * USERS AFFECTED: * * Administrators of a Worklight server which uses LTPA based * * authentication * **************************************************************** * PROBLEM DESCRIPTION: * * When using LTPA based authentication, the LTPA Token is * * generated, validated, and maintained by Websphere * * Application Server (WAS). In certain situations, the LTPA * * token may be reused when the user logs out and logs back in * * quickly. This is due to the authentication cache mechanism * * provided by WAS. * **************************************************************** * RECOMMENDATION: * * - * ****************************************************************
Problem conclusion
When the fix is enabled (it is disabled by default), the Worklight server will delete the user's token from the Websphere Application Server's authentication cache. This will ensure that the same LTPA token is not issued again. To enable this feature, add the following parameter to the WebSphereFormBasedAuthenticator and WebSphereLoginModule configuration in authenticationConfig.xml: <parameter name="ltpa-force-global-logout" value="true" /> The fix for this APAR is currently available in fixpack 6.1.0.1.
Temporary fix
Comments
APAR Information
APAR number
PI08511
Reported component name
WORKLIGHT CONSU
Reported component ID
5725I4301
Reported release
506
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-12-19
Closed date
2014-03-19
Last modified date
2014-03-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WORKLIGHT CONSU
Fixed component ID
5725I4301
Applicable component levels
R506 PSY
UP
R600 PSY
UP
R610 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"506","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 October 2021