A fix is available
APAR status
Closed as program error.
Error description
CICS TS Ver.3.2 is not sending to Internet browser the error message "HTTP/1.1 403 Client Authentication Error" when a client is trying to establish a connection with CICS server, but the certificate is not defined in RACF. Then, CICS is issuing the correct code "CLIENT_AUTHENTICATE_ERROR", and writes the message DFHWB0363. But CICS is not sending the code "403" that would be send to browser to inform it about the the Client Authentication Error. Internet browser only receives "Cannot find server or DNS Error" message. In CICS TS ver.3.1 it works properly.
Local fix
No local fix.
Problem summary
**************************************************************** * USERS AFFECTED: All. * **************************************************************** * PROBLEM DESCRIPTION: HTTP 403 (Forbidden) is not sent to the * * web browser when CICS issues the * * message DFHWB0363 as a result of the * * client certificate not being valid. * **************************************************************** * RECOMMENDATION: * **************************************************************** A request arrives on a TCPIPSERVICE defined with AUTHENTICATE(CERTIFICATE). The client has not provided a certificate that maps to a valid userid. CICS should respond with a HTTP 403 but fails to do so and closes the connection. CICS also fails to deliver a 403 forbidden if a request over a http connection matches against a URIMAP defined with SCHEME(HTTPS). CICS also fails to call the Web Error Program under these circumstances.
Problem conclusion
DFHWBXN has been changed to call the Web Error Program and return HTTP 403 for the failures.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK66718
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-05-28
Closed date
2008-06-23
Last modified date
2008-07-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK37553
Modules/Macros
DESWBXN DFHWBXN
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK37553
UP08/06/25 P F806
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 July 2008