A fix is available
APAR status
Closed as program error.
Error description
Running CICS transaction server 3.1, customer using FEPI interface with their webservice. This program establishes a FEPI session, signs on a user with passticket and starts the target application. the signon fails with: DFHCE3532 Your password is invalid. AUX trace shows we are issuing an: ADD_USER_WITH_PASSWORD USERID_LENGTH(7) This fails with: REASON(PASSWORD_NOTAUTH) SAF_RESPONSE(8) SAF_REASON(0) ESM_RESPONSE(8) ESM_REASON(0)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: DFHCE3532 when using security with * * requeststreams. * **************************************************************** * RECOMMENDATION: * **************************************************************** A soap request is received which starts CPIH which in turn starts the provider task. A webservice handler program causes a context switch which starts an associated transaction. The security context for this new transaction is established by DFHRZXM. DFHRZXM always passes a userid length of 8 bytes. In fact the userid was only 7 bytes long. As part of this tasks execution a program utilizing FEPI will issue an EXEC CICS FEPI REQUEST PASSTICKET command. The passticket returned is based upon the 8 byte userid. Later a signon is issued utilizing the passticket and 7 byte version of the userid. This is rejected by the external security manager and msgDFHCE3532 is issued. Additional keywords: request streams
Problem conclusion
DFHRZXM proc RZRS_XM_INIT has been changed to correctly calculate the length of the userid before initialising the user_token with add_user_without_password.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK56391
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / Pervasive
Submitted date
2007-11-12
Closed date
2008-01-23
Last modified date
2008-02-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK33204 UK33205
Modules/Macros
DESRZRS DESRZXM DFHRZRMC DFHRZRMD DFHRZRSC DFHRZRSD DFHRZRS1 DFHRZXM
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 February 2008