APAR status
Closed as program error.
Error description
WebSphere is setup with the following: - Global Security using an LDAP user registry - LDAP Certificate map mode set to CERTIFICATE_FILTER - Security Domain which contains XML for a federated repository <userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1562623727494" realm="defaultWIMFileBasedRealm" ignoreCase="false" useRegistryRealm="true" registryClassName="c om.ibm.ws.wim.registry.WIMUserRegistry"/> Note: the federated repository may not be the activeUserRegistry An inbound web request with mutual authentication will fail with a nullpointerexception in method CertificateMapper.getDnSubField. The example stacktrace is: Trace: 2019/07/07 18:33:44.980 02 t=9AD4B8 c=UNK key=P8 tag= (13007004) SourceId: com.ibm.ws.security.core.UserMappingImpl ExtendedMessage: The following exception occurred in UserMappingImpl when calling mapCertificate: ; java.lang.NullPointerException com.ibm.ws.security.registry.ldap.CertificateMapper.getDnSubFiel d(CertificateMapper.java:271) com.ibm.ws.security.registry.ldap.CertificateMapper.getFilterByD escriptor(CertificateMapper.java:208) com.ibm.ws.security.registry.ldap.CertificateMapper.getLdapSearc hFilter(CertificateMapper.java:137) com.ibm.ws.security.registry.ldap.LdapRegistryImpl.mapCertificat e(LdapRegistryImpl.java:573) com.ibm.ws.security.registry.UserRegistryImpl.mapCertificate(Use rRegistryImpl.java:433) com.ibm.ws.security.core.UserMappingImpl.mapCertificateToName(Us erMappingImpl.java:120) com.ibm.ws.security.zOS.SAFIdentityMapper.mapCertificateUsingCon figuredUserMapping(SAFIdentityMapper.java:75) com.ibm.ws.security.zOS.SAFIdentityMapper.mapTransportLayerCerti ficateToName(SAFIdentityMapper.java:123)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V8.5 * **************************************************************** * PROBLEM DESCRIPTION: When using Security Domains it was * * noted that Federated Repositories was * * used as the User Registry despite * * the expectation is to use the Global * * Security settings. * **************************************************************** * RECOMMENDATION: * **************************************************************** When using Security Domains it was noted that Federated Repositories was used as the User Registry even though the expectation is to use the Global Security settings. A possible workaround could be removing the wim user registry configuration from the domain-security.xml.
Problem conclusion
The code was review and updated so that the Global Security settings are honored when using Security Domains The fix for this APAR is targeted for inclusion in fix pack 9.0.5.4 and 8.5.5.18. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH14756
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-07-23
Closed date
2020-03-06
Last modified date
2020-03-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 February 2022