Fixes are available
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
A server with SPNEGO TAI in domain XYZ is reconfigured to use SPNEGO Web Authentication and use a subdomain of ABC/XYZ. During server startup, several SECJ6236E messages appear in the servant region job log: SECJ6236E: Authorization failed; the exception is The SAF user SERVER1 does not have CONTROL access to the SAF profile CB.BIND.null,class CBIND.. Also, the following message appear multiple times in the servant region SYSPRINT: Trace:2016/06/11 11:01:33.633 02 t=7B8E00 c=0.14 key=P8 tag=(0401B03A) Description: ORB Trace Entry Method Name: ClassNameFromTypeId(char *) input type id: IDL:omg.org/CORBA/NO_PERMISSION:1.0 Trace: 2016/06/11 11:01:33.633 02 t=7B8E00 c=0.14 key=P8 tag=(0401B03F) Description: ORB Trace Exit Method Name: ClassNameFromTypeId(char *) output class name: CORBA::NO_PERMISSION Trace: 2016/06/11 11:01:33.633 02 t=7B8E00 c=0.14 key=P8 tag=(0407900A) Description: demarshalJavaSystemException Method Name: ZIOPChannelBridge::demarshalJavaSystemException(EncapIIOP *) Repository Id: IDL:omg.org/CORBA/NO_PERMISSION:1.0 Class Name: CORBA::NO_PERMISSION Minor Code: 4942430d Completion Status: 1 It appears as though the servant never completely starts.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V8.0, V8.5, abd V9.0 * **************************************************************** * PROBLEM DESCRIPTION: Spnego authentication with SAF user * * registry fails with the security * * domain * **************************************************************** * RECOMMENDATION: * **************************************************************** When the application server is running under the security domain environment, Spnego authentication might fail due to a failure of invoking SAF user registry. The cause of the issue is that the security code does not set the server short name which is required for invoking SAF user registry.
Problem conclusion
With this fix, the server short name is set in the configuration object, and thus the code set the proper server short name for invoking SAF user registry. APAR PI78326 is currently targeted for inclusion in Fix Packs 8.0.0.14, 8.5.5.13 and 9.0.0.5 of WebSphere Application Server. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 In addition, please refer to URL: http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack PTF information.
Temporary fix
Comments
APAR Information
APAR number
PI78326
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-03-16
Closed date
2017-05-18
Last modified date
2017-05-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R800 PSY
UP
Document Information
Modified date:
04 May 2022