Fixes are available
APAR status
Closed as program error.
Error description
Inbound HTTP requests originating from the web server plug-in, where a page redirect is generated (such as during user authentication), incorrectly redirects the browser client.
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty Profile * **************************************************************** * PROBLEM DESCRIPTION: Inbound HTTP requests originating * * from the web server plug-in, might be * * incorrectly redirected. * **************************************************************** * RECOMMENDATION: * **************************************************************** Inbound HTTP requests originating from the web server plug-in, where a page redirect is generated (such as during user authentication), incorrectly redirects the browser client. This redirection is incorrect because you cannot usually access the backend server directly. The redirection should retain the host, port and scheme of the original request.
Problem conclusion
The Liberty profile server runtime code was updated to honor the private headers that the web server plug-in attaches to the incoming request. These headers include host, port and scheme information that are used to formulate the redirection URL. In the Liberty profile server, the <webContainer/> element includes specific attributes that affect behavior related to front-end Webservers. These attributes were all updated to be properly honored: 1. trusted (These headers are now properly honored: $WSSP, $WSSC, $WSIS and $WSSN) 2. extractHostHeaderPort 3. trustHostHeaderPort 4. httpsIndicatorHeader The fix for this APAR is currently targeted for inclusion in fix pack 8.5.0.1. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM70260
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-08-03
Closed date
2012-10-02
Last modified date
2012-10-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814
Applicable component levels
R850 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
29 October 2021