IBM Support

PH55392: CONTINUEAFTERTAIERROR DOES NOT BEHAVE AS EXPECTED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When the com.ibm.websphere.security.continueAfterTAIError global
security custom property is set to true, if one of the
configured TAIs want redirect to an identity provider or
target application global security considers it an error and
continues to the next authentication method.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
****************************************************************
* PROBLEM DESCRIPTION: If                                      *
*                      com.ibm.websphere.security.continueAfte *
*                      rT                                      *
*                      AIError=true, configured TAIs are not   *
*                      redirected to an identity provider for  *
*                      login.                                  *
****************************************************************
* RECOMMENDATION:  Install a fix pack that contains this       *
*                  APAR.                                       *
****************************************************************
When the com.ibm.websphere.security.continueAfterTAIError global
security custom property is set to true, configured TAIs are not
redirected to an identity provider for login.

    



Problem conclusion


    

  • WebSphere Application Server global security considers only
SC_OK as a successful return value from a TAI.  When a TAI
returns any other value, it is considered an error.  Therefore,
when com.ibm.websphere.security.continueAfterTAIError=true,
global security proceeds to the next authentication method.

Global security is updated to properly separate successful from
unsuccessful AuthenticationResults so that TAI flows can
continue as designed.

The fix for this APAR is targeted for inclusion in fix pack
8.5.5.25 and 9.0.5.17. For more information, see 'Recommended
Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH55392
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-06-26
    • 

  • Closed date
    2023-08-30
    • 

  • Last modified date
    2023-08-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBS APP SERV N
    • 

  • Fixed component ID
    5724H8800
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            31 August 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback