Fixes are available
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
After the introduction of oauth20 support into WebSphere 8.0 customer is receiving consistent RACF failures during servant initialisation as the servant userid attempts to create and delete the oauth20 directory: ICH408I USER(KTSYSI3B) GROUP(@YSI3B0 ) NAME(WAS AS T1A02 I3B0) /var/KTS/T1A02/AppServer/profiles/default/config/cells/zosCET1A0 2/oauth20. CL(DIRACC ) FID(C3C8C6F0F0F439530000000006891A85) INSUFFICIENT AUTHORITY TO MKDIR ACCESS INTENT(-W-) ACCESS ALLOWED(GROUP ACL R-X) EFFECTIVE UID(0000004706) EFFECTIVE GID(0000005206) . Customer does not allow the userid to write to the root of the WebSphere cell directory, so need a mechanism to re-direct the location of this directory.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All IBM WebSphere Application Server * * administrators * **************************************************************** * PROBLEM DESCRIPTION: Error appears in log when OAuth TAI * * startup process attempts to create * * oauth20 directory * **************************************************************** * RECOMMENDATION: Install a fix pack that contains this * * APAR. * **************************************************************** The OAuth Trust Association Interceptor (TAI) startup processing requires write access to the (user.install.root)/config/cells/(cellName) directory. In that directory, it creates a directory called oauth20. Errors will appear in the log if the startup process is unable to access this directory. If an application server is not configured to use the OAuth TAI, this should not be an error.
Problem conclusion
The OAuth TAI startup process is run whether the OAuth TAI is configured or not. The OAuth TAI startup process does not need to run if either the OAuth TAI is not configured or TAI processing is not enabled. The OAuth TAI is updated so that its startup process will only run if TAI processing is enabled and the OAuth TAI is configured. APAR PI46156 is currently targeted for inclusion in WebSphere Application Server Fix Packs 8.0.0.13, and 8.5.5.10. In addition, sysroute APAR PI60762 will deliver the fix in WebSphere Application Server V7.0 Fix Pack 7.0.0.43. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 In addition, please refer to URL: http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack PTF information. Keywords: IBMWL3WSS, OAUTH
Temporary fix
Comments
APAR Information
APAR number
PI46156
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-08-03
Closed date
2016-04-13
Last modified date
2016-04-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R800 PSY
UP
Document Information
Modified date:
28 April 2022