ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

R12.8 Application Server Agent for WebSphere reporting all requests as UnProtected with 'ChallengeForCredentials=No'

book

Article ID: 224644

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

After moving to the R12.8 Application Server Agent for WebSphere with 'ChallengeForCredentials=No' and the 'AssertionAuthResource=/tai' with a Realm defined with the TAI Agent Identity protecting the Realm. The TAI is still reporting all requests as "NotProtected", resulting in the TAI not propagating the User ID to WebSphere and the requests to fail.

Cause

The Base R12.8 Application Server Agent for WebSphere with ChallengeForCredentials set to "No" is using the Application Context requested by the User as the resource for the request instead of the value from the AssertionAurhResource ACO parameter, and since there are no matching Realms, the request is reported as "NotProtected.

Environment

Release : 12.8

Component : SITEMINDER FOR IBM WEBSPHERE

Resolution

Provided the customer with the DevFix from DE506122 to address an issue where the TAI with 'ChallengeForCredentials=No' was not using the value of the ' AssertionAuthResource' ACO parameter as the requested resource to process the request.