Fixes are available
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
After sign in using SAML SSO, user is redirected to wrong page in the application under certain conditions. Details below: 1. User invokes an application http://www.acme.com/buy/servlet/ProductDisplay?storeId=18251 2. click "Sign in" in the masthead 3. click back (do not sign in or register) 4. User is back in the initial page from step 1 5. Make all selections for the product, and Click "Add to cart" 6. Proceed with check out 7. Sign in Expected result: After sign in, user is redirected to the application page that initiated the sign in. Actual result: After sign in, user is redirected to the initial page (step 1)
Local fix
Login after initial redirect
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server users of * * SAML Web Single Sign-on (SSO) * **************************************************************** * PROBLEM DESCRIPTION: SAML Web SSO may redirect client to * * the wrong URL after failed login * **************************************************************** * RECOMMENDATION: Install a fix pack that includes this * * APAR. * **************************************************************** After sign in using SAML Web Single Sign-on (SSO), the user may be redirected to the wrong page in the application.
Problem conclusion
When the SAML Web SSO TAI, ACSTrustAssociationInterceptor, is invoked for an unauthenticated request, it sets a cookie called WasSamlSpReqUrl to store the original request URL from the client before it redirects them to the error page (usually the IdP login page). If the client neglects to login, and instead requests another resource protected by the TAI, the cookie value does not change. The SAML Web SSO runtime is updated to always set the WasSamlSpReqUrl cookie value to the URL of the latest request. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.37, 8.0.0.10, 8.5.5.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Keywords: IBMWL3WSS, SAMLWSSO
Temporary fix
Comments
APAR Information
APAR number
PI19698
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-06-10
Closed date
2014-08-12
Last modified date
2015-09-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R700 PSY
UP
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
27 April 2022