IBM Support

PI13790: Client certificate authentication failed to use registry configured in a security domain.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • WebSphere application server is set up with a regsitry of
    LocalOS, and a security domain scoped to a server setup with a
    registry of LDAP.  When attempting to perform client certificate
    authentication from a browser, WebSphere attempted to map the
    certificate to an ID in the local SAF registry instead of using
    the certificate filter configured for the LDAP user registry
    in the security domain.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V8.0 and V8.5.                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: Client certificate authentication       *
    *                      failed to use registry configured in    *
    *                      a security domain.                      *
    ****************************************************************
    * RECOMMENDATION:  Apply a fix pack that contains this APAR    *
    *                  fix.                                        *
    ****************************************************************
    WebSphere application server is set up with a regsitry of
    LocalOS, and a security domain scoped to a server setup with a
    registry of LDAP.  When attempting to perform client
    certificate
    authentication from a browser, WebSphere attempted to map the
    certificate to an ID in the local SAF registry instead of using
    the certificate filter configured for the LDAP user registry
    in the security domain.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI13790

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-03-14

  • Closed date

    2014-05-13

  • Last modified date

    2015-02-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 April 2022