Skip to main content

 
IBM Power Systems software  >  IBM i  > Software  > 

WebSphere Application Server for System i

Updated: June 19, 2004

  
Overview Support Resources

Release Notes for WebSphere Application Server Express Version 5.0.1 for iSeries

This document contains Release Notes for WebSphere Application Server - Express Version 5.0.1 for iSeries. The Release Notes contain information about known problems and their work arounds. This document also includes some supplemental information for topics covered in the WebSphere Application Server - Express documentation. This version replaces all earlier versions of the release notes.

These notes will be updated periodically. Please see the WebSphere Application Server - Express for i5/OS Web site for the most up-to-date information.

When troubleshooting, be sure to search the WebSphere Application Server for i5/OS FAQ (Frequently Asked Questions) database.

See the Installation documentation for the most up-to-date, step by step instructions on installing the product and creating the initial configuration.

 

Table of Contents

Documentation
Installation Instructions
Fix Warning
PTF Information
Known Problems and Restrictions 
  Product Installation
QShell Scripts
Integrated Console
Administrative Console and Command Line Tools
Workstation Tools
Application Server
Data Access
XML
Business Applications - IBM Telephone Directory
Web Services
HTTP Server
Security
National Language Version Issues/Limitations
  

Documentation

The most up-to-date documentation can be found on the WebSphere Application Server - Express for i5/OS Web site documentation page.

 
Installation Instructions

Installation Instructions for WebSphere Application Server - Express for i5/OS V5.0.1 Group PTF

WebSphere Application Server - Express for i5/OS V5.0.1 is a fix release that is shipped in the form of a Group PTF (Program Temporary Fix). Please see the Install section in the Known Problems and Restrictions section of this document before beginning the install.

The following instructions describe how to install the V5.0.1 group PTF:

  • Installation of Group PTF on systems with multiple instances may notice an increase in amount of time required to apply PTFs.  You may notice a group PTF install time increase of several minutes per instance.
  • Verify that WebSphere Application Server - Express V5.0 is installed on the server before proceeding with the V5.0.1 installation. V5.0 must be installed on the system before the V5.0.1 group PTF can be installed. The following instructions describe how to determine if WebSphere Application Server - Express V5.0 is installed:
    1. Run the following command from an iSeries command line: 
              DSPSFWRSC
    2. Page down until you find 5722IWE. Make sure option 2 of the 5722IWE product is listed. If option 2 is not installed, the WebSphere Application Server - Express is not installed.
    3. Press PF11 to display the Release column. A release value of V5R1M0 indicates that version 5.0 is installed.
  • Install the Group PTF. The recommended steps for installing the group PTF are:
    1. Insert the group PTF CD (the first CD if more than one) into the CD-ROM drive of your iSeries system.
    2. Place the system in restricted state (ENDSBS SBS(*ALL)).
    3. Go to the Work with PTFs menu (GO PTF).
    4. Select option 8 .
    5. Enter the appropriate information so that all PTFs for all products on the CDs are loaded and applied, and the system is automatically IPL'd.
    Notes:
    • The WebSphere Application Server - Express PTFs that are part of the group PTF are all corequisites of each other. Do not install or remove individual WebSphere Application Server - Express PTFs. Instead, all of the WebSphere Application Server - Express PTFs that are part of the Group PTF must be installed or removed in their entirety.
    • The group PTF also includes PTFs for other products. If you install or re-install one of these products after applying the WebSphere Application Server - Express group PTF, you must re-apply the group PTF to pick up the PTFs for the newly installed product.


    Please see the PTFs section in this document for more information on the WebSphere Application Server - Express for i5/OS V5.0.1 group PTF.  
     

  • Start the HTTP Server Administration Interface using the following command:
  •     STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
  • Start your WebSphere Application Server - Express instances. Use the HTTP Server Administration Interface.
  • Start any HTTP Server instances you are using with WebSphere Application Server - Express.  Use the HTTP Server Administration Interface or the following command: 
             STRTCPSVR SERVER(*HTTP) HTTPSVR(
                              instance_name)
Back to top
 
Fix Warning

The WebSphere Application Server - Support Web site provides individual fixes for critical problems that are not part of a WebSphere Fix Pack. These fixes have not been tested against WebSphere Application Server - Express Version 5.0.1 for iSeries. Unless otherwise noted, these fixes should not be applied to your iSeries server. These fixes will be included in official fix packs for the product.

If you have a critical requirement for a fix, then please contact IBM Service.

Back to top
 
PTF Information
  • Group PTFs SF99270 (V5R1) and SF99271 (V5R2) are available. The preferred time to apply them is after installing WebSphere Application Server Version - Express 5.0 for iSeries and preferably before the WebSphere Application Server - Express environment is first started or any additional WebSphere instances are created.
  • The group PTFs SF99270 and SF99271 contain fixes for the IBM HTTP Server product, 5722-DG1 in support of the WebSphere Application Server - Express product, 5722-IWE.
  • PTF requirements for WebSphere Application Server - Express Version 5.0.1 for iSeries are posted to the product Web site:

    Check this site often to verify that you are running the product with the latest required PTFs.

    Note: There is no matching workstation FixPak for Group PTFs SF99270 (V5R1) and SF99271 (V5R2).

Back to top
 
Known Problems and Restrictions
 
Product Installation
WebSphere Application Server - Express for i5/OS Installation
  1. Note that WebSphere Application Server - Express is preinstalled with OS/400 V5R2 for some iSeries models. Before attempting to install the product, use the iSeries command GO LICPGM with option 10 to determine if the product 5722-IWE option 2 is already installed.
Back to top
 
QShell Scripts
  1. Using the -help or -? parameter on the restoreConfig script prints the help text in addition to "java.lang.NullPointerException". The problem does not affect the proper functioning of the script if you do not use the -help or the -? parameter.
  2. The -timeout and -statusport options are not currently supported for the stopServer QShell script. Specifying these options results in the usage statement for the script being displayed.
  3. The usage information returned by the '-help' parameter is not complete for all qshell scripts.
  4. The '-instance' parameter is always required on the following scripts: crtwasinst, dltwasinst, dspwasinst, startserver, stopserver, serverstatus, chgwassvr, backupconfig, restoreconfig, GenPluginCfg, collector, showlog, JspBatchCompiler. Please see the WebSphere Application Server - Express Documentation Center for complete script usage information
  5. A known problem exists when using national characters in instance names. Instances that are created with names that contain a character that is greater than 0x7f ASCII may create successfully, but they will not start. It is recommended that you limit your instance names to the following characters when you create a server using the crtwasinst script:
    • A through Z
    • a through z
    • 0 through 9
    • "_" and "-"
Back to top
 
Integrated GUI
  1. The integrated GUI can only be used with WebSphere Application Server - Express application servers that have the same (case sensitive) name as the instance name that the application server is running in. Therefore, it is recommended that the both instance name and the application server name be the same. Note that a difference in the application server name and the instance name can occur when creating a server using the crtwasinst Qshell command.
  2. The integrated GUI can not be used to administer an application server that is also being managed concurrently with the wsadmin utility or the administrative console.
  3. A known problem exists when using national characters in application server names. Application servers that are created with names that contain a character that is greater than 0x7f ASCII may create successfully, but they will not start. It is recommended that you limit your application server names to the following characters:
    • A through Z
    • a through z
    • 0 through 9
    • "_" and "-"
  4. A known problem exists when attempting to update an application using the 'Update' button on the Manage Installed Applications form of the Integrated GUI. If the Application Name was changed when the application was initially installed using the Install New Application Wizard, the application will not update successfully unless the Application Name defined in the updated EAR/WAR file is the same as the name specified upon initial install. To avoid this problem, do one of the following:
    • Change the Application Name in the updated application archive by specifying it in the deployment descriptor of the application (using 'display name' in the application.xml for an EAR file, or web.xml for a WAR file). This display name should match the name originally specified in the application install wizard.
    • Uninstall and install the updated application accepting the default value that is provided in the Application Name field during the initial install of the application. All further updates will use this same default value (assuming the display name is not changed in the EAR/WAR at a later date)
  5. If the Administrative Console application has been removed from a WebSphere - Express instance and reinstalled from /QIBM/ProdData/WebASE/ASE5/installableApps/adminconsole.ear, the application cannot be accessed from the Integrated GUI using the 'Launch Express Console' link. To maintain this link, when reinstalling the Administrative Console using the Install New Application Wizard, change the Application Name to 'adminconsole' (lower-case, no spaces) instead of the default 'Admin Console'.
Back to top
 
Administrative Console (GUI) and Command Line Tools
  1. The administrative console help text provides information about features and functions that are not supported by WebSphere Application Server - Express. For example, EJB help documentation is provided, but not supported by WebSphere Application Server - Express.
  2. The administrative console's application install menu displays information about Enterprise Java Beans (EJBs) even though EJBs are not supported by WebSphere Application Server - Express.
  3. The administrative console does not support using the browser Back and Forward buttons. Use of these buttons can cause intermittent problems. Use the Back or Cancel buttons on the administrative console panels instead.

  4. Attaching wsadmin to a remote server process running the following AdminApp commands results in an error:

    edit
    editInteractive
    export
    exportDDL
    install
    installInteractive uninstall

    To work around this problem, do one of the following:

    • Invoke the AdminApp command with the server process connected locally.
    • Specify the cell option when running these commands against a remote server.
      For example: 
      $AdminApp uninstall samples {-cell myCellName}
      Note: This work around does not work for edit, editInteractive, install, and installInteractive commands if wsadmin is running from a system with only the standalone scripting client installed.
  5. When any LDAP user or group filter is modified in the Advanced LDAP settings panel it is recommended that you click Apply instead of OK. Clicking OK takes you to the LDAP user registry panel, which contains the previous type (LDAP directory type) and not the Custom type as it is supposed to. Therefore, if you click OK or Apply in this panel (LDAP user registry), the old LDAP directory type (and hence the default filters of that directory) is saved resulting in your changes to the filters being overwritten. To avoid this you can do either of the following:
    • Click Apply in the Advanced LDAP settings panel. Then, to proceed to another panel, use the navigation on the left. If the navigation is used to access the LDAP user registry panel you should see that the directory type is changed to Custom.
    • Choose Custom type in the LDAP user registry panel. Click Apply and then change the filters by clicking the Advanced LDAP settings panel. In this scenario once the changes are completed you can click Apply or OK.

  6. The administrative console Lightweight Third Party Authentication help panel is not correct. See the security section for the correct information.

    When using the administrative console, do not change the name of the JDBC provider if you create it by selecting an existing JDBC provider from the menu. If you use a custom JDBC provider, for which you supply the provider information, this restriction does not apply.

    When you click Test Connection for a 4.0 data source that is created by WASPostUpgrade during a migration from WAS V4.0.x, the following exception displays:

    DSRA8040I: Failed to connect to the Data Source.  

    

Encountered: java.lang.NullPointerException

    This exception occurs with 4.0 data sources created by the WASPostUpgrade tool during migration which do not have any custom properties.

    To avoid receiving the exception, create a valid DB2 custom property on the data source. For example, create a description in the Custom Property panel.

    If you resize your Netscape browser, you could get a "Data Missing" error.

    The error message disappears in 60 seconds.

    When connecting to the IBM WebSphere Application Server - Express administrative console from a Netscape browser, resizing the browser can cause an error 404 message to occur. This situation occurs because the browser reloads the frame when resizing the window.

    To avoid getting the error message, you can refrain from resizing the Netscape browser window, or you can connect to the IBM WebSphere Application Server - Express administrative console using an Internet Explorer browser.

    You receive the following error messages when resizing Netscape Version 4.7:

    Error 0
  An error occurred while processing request:

    

http://localhost:9090/admin/upload.do

  message:

  Details
  com.ibm.webshpere.servlet.error.ServletErrorReport:
         at java.lang.Class.newInstance0(Native Method)
         ...
    After resizing Netscape 4.7, Netscape has to reload the page just as it initially loads the page on the first request. For pages that do not expect POST data, it is not a problem. But for pages that do, Netscape 4.7 cannot retain the data.
  7. An error can occur when setting a trace specification from the administrative console if selections are made from both the Groups and Components lists. In certain cases, the selection made from one list is not lost when adding a selection from the other list. To work around this problem, enter the desired trace specification directly into the Trace Specification entry field.

  8. While working with the right-hand panel of the administrative console to do administrative tasks, the browser screen blanks out intermittently.

    To work around this problem, do one of the following:

    • After the problem occurs, close the Netscape browser, log in again, and continue working.
    • Use the Internet Explorer browser from a Windows machine.
    • Use Netscape 7.x, Mozilla 1.x, Opera 5, or Konquerer browsers on the platform, depending on which is available. Although there is not formal support for these browsers, they have all been used successfully with the product and in many cases work better than the previous 4.7.x series of Netscape browsers.
  9. If you create or update a data source that points to a newly created J2C authentication data alias, Test Connection fails to connect until you have restarted the deployment manager so that the J2C authentication data is reflected in the run-time configuration. Any changes to the J2C authentication data fields require a application server restart for the changes to take effect.
Back to top
 
Workstation Tools
  1. The WebSphere Development Studio Client (WDSc) for iSeries contains function and documentation that may not apply to WebSphere Application Server - Express for i5/OS. See WebSphere - Express documentation to determine what functionality is supported.
Back to top
 
Application Server
  1. The WebSphere Application Server - Express only supports one application server per server instance. Note that you can create multiple server instances, each running one application server.
    When starting a server, ignore NMSV0715W messages that occur in the SystemOut.log file of the server. These messages result from cell or node level configured EJB naming binding entries for enterprise beans in other servers. The WebSphere Application Server - Express run time should ignore these entries, but instead, flags them with NMSV0715W messages. Note that WebSphere Application Server - Express does not support EJBs.
Back to top
 
Data Access
  1. When a new Websphere Application Server - Express instance is created, a copy of the file /QIBM/ProdData/WebASE/ASE5/config/templates/system/
    jdbc-resource-provider-templates.xml     is copied into the directory /QIBM/UserData/WebASE/ASE5//config/templates/system/ . This is a modifiable xml file that sets up the default custom properties values for JDBC connections obtained from a datasource. The ProdData version of this file will be copied to the UserData directory so new datasources will use the correct default values. The existing jdbc-resource-provider-templates.xml in the directory /QIBM/UserData/WebASE/ASE5//config/templates/system/ will be renamed with the following format: 
    jdbc-resource-provider-templates_.BAK

    where will be of the format '20030128'.
    Any previous user modifications made to this file will need to be merged into the new version of the jdbc-resource-provider-templates.xml file.

    The DB2 Universal JDBC type 4 driver is supported in WebSphere Application Server - Express, Version 5.0.1. The minimum fix pack level is DB2 V8.1 FP1. The DB2 Universal JDBC type 4 driver does not support XA transaction and is supported only in WebSphere Application Server - Express, Version 5.0.1 data sources.  Although the DB2 Universal JDBC type 4 driver can be used to access both iSeries and  non-iSeries DB2 databases,  it is recommended that  users continue using the IBM Developer Kit for Java JDBC driver (Native JDBC driver) for accessing the local iSeries database, and the IBM Toolbox for Java JDBC driver for accessing remote iSeries databases.

    There is a known problem on mapping StaleConnectionException. When you see the following exception stack, it is mapped to StaleConnectionException:
    Error Code = 0
    SQL State = null
    com.ibm.db2.jcc.b.DisconnectException: A communication error has been detected. Communication protocol being used: {0}. Communication API being used: {1}. Location where the error was detected: {2}. Communication function detecting the error: {3}. Protocol specific error codes(s) {4}, {5}, {6}. TCP/IP SOCKETS Agent.sendRequest() OutputStream.flush() Connection reset by peer: socket write error * 0
    at com.ibm.db2.jcc.c.a.a(a.java:329)
    at com.ibm.db2.jcc.c.a.u(a.java:302)

    The following issue refers to the use of the DB2 Universal JDBC type 4 driver involved in non-iSeries DB2 database access.
    Deadlock results from accessing two different rows in a DB2 table when the next key is not locked for all INSERT and DELETE statements.

    To eliminate the deadlock, set the DB2_RR_TO_RS environment variable from the DB2 command line window. Setting this environment variable causes the following:

    If RepeatableRead (RR) is your chosen isolation level, it is essentially downgraded to Read Stability (RS).

    If you chose a different isolation level and the DB2_RR_TO_RS environment variable is turned on, scans of the database skip rows that are deleted but not committed. This activity occurs even if the row qualified for the scan. The skipping behavior affects the RR, RS, and Cursor Stability (CS) isolation levels.


    This exception only occurs when you use the DB2 universal JDBC type 4 driver and with the deferPrepares property being set to true. When the deferPrepares property is set to true, the DB2 universal JDBC type 4 driver uses the standard JDBC data mapping.
  2. Changes are made to the Java Database Connectivity providers in WebSphere Application Server - Express V5.0.1.
    The following changes are made to the Java Database Connectivity (JDBC) providers in WebSphere Application Server - Express V5.0.1:
    • WebSphere Application Server - Express V5.0.1 provides a new JDBC provider for DB2:DB2 Universal JDBC driver provider. Use this JDBC provider to test the new DB2 Universal JDBC type 4 driver. This provider only supports 5.0 data source in WebSphere Application Server - Express, Version 5.0.1. To distinguish between this new jdbc provider and the existing DB2 type 2 jdbc provider, V5.0.1 changes the name of the provider in  the jdbc-resource-provider-templates.xml file to match the provider with the name.
    • It is recommended for performance reasons that  users continue using the IBM Developer Kit for Java JDBC driver (Native JDBC driver) for accessing the local iSeries database, and the IBM Toolbox for Java JDBC driver for accessing remote iSeries databases.
Back to top
 
XML
  1. Programs containing the Xerces parser routine that work on WebSphere Application Server Version 4.0.x might not work on WebSphere Application Server - Express Version 5.0.1.
Versions of Xerces prior to 2.0.0, including the versions shipped with WebSphere Application Server Version 4.0.x, were not J2EE1.3 compliant. In order to meet J2EE1.3 certification constraints (DOM2/SAX2/JAXP1.1 (and no higher)), WebSphere Application Server - Express Version 5.0 requires use of XML4J4.0.0 (Xerces 2.0 + bug fixes). In Xerces versions prior to 2.0.0 and Xalan versions prior to 2.2, the DOM, SAX, and JAXP APIs were bundled inside of the xerces.jar and xalan.jar files. In the most recent versions, these non-apache XML APIs have been moved into a separate JAR file in the XML-commons Apache project. These common XML APIs are required by the specifications and contained within the WebSphere Application Server - Express Version 5.0.1 j2ee.jar file. The cause of the problem is that the classloader behavior mixes the classes that are required by J2EE1.3 with those of the older Xerces implementation.
To work around this problem, use the Xerces parser routine version that ships with WebSphere Application Server - Express Version 5.0.1.
Back to top
 
Business applications
  IBM Telephone Directory
  • Note that IBM Telephone Directory is installed and configured with OS/400 V5R2 for some iSeries models. Before attempting to install the product, use the iSeries command GO LICPGM with option 10 to determine if the product 5722-IWE option 3 is already installed. Refer to the IBM Telephone Directory configuration documentation in InfoCenter to determine if the product is already configured.
  • LDAP over SSL is not yet fully supported by IBM Telephone Directory. You may specify the -Z option on the itdsetup script to set up your LDAP server using SSL connections. However, the IBM Telephone Directory application currently will not use SSL connections to communicate with your LDAP server. It will only use non-SSL connections. A solution to this problem will be available soon.
  • IBM Telephone Directory will not function properly in a WebSphere - Express instance where Global Security is enabled and Java 2 Security is enforced. To use IBM Telephone Directory in a secure instance, uncheck 'Enforce Java 2 Security' on the Global Security configuration page in the Administrative Console. This option is checked by default when Global Security is enabled.
Back to top
 
Web Services
  Universal Description, Discovery, and Integration Registry component (UDDI)

  1. Universal Description, Discovery, and Integration 4J (UDDI4J) is a class library that provides an API used to interact with a UDDI Registry.

    Two class libraries are provided for UDDI4J in the /QIBM/ProdData/WebASE/ASE5/lib subdirectory:

    • uddi4j.jar supports Version 1 of the UDDI API. This is provided for compatibility with applications that have been written using UDDI Version 1, and the classes in this class library are deprecated.
    • uddi4jv2.jar supports Version 2 of the UDDI specification. The class in this library should be used by any application using UDDI4J to communicate with a Version 2 UDDI-compliant registry.
Back to top
 
HTTP Server
  1. Communication between the HTTP server plugin and WebSphere application server - Express can be done via HTTP or HTTPS. The additional products necessary to run with HTTPS may or may not already be installed on the iSeries. If the following message is in the HTTP server job log, the WebSphere HTTP server plugin detected it has been configured so it should use HTTPS when communicating with the app server, however, the required products for HTTPS communication were NOT installed on the iSeries.
    Joblog message:
    Plugin will continue to startup, however, SSL transport did not initilize. Secure communication between app server and plugin will NOT occur. To run with SSL, additional products may need to be installed: 1) OS/400 Digital Certificate Manager (5722-SS1 or 5769-SS1, option 34) 2) Cryptographic Access Provider 5769-AC1 (40-bit), 5722-AC2 or 5769-AC2 (56-bit), 5722-AC3 or 5769-AC3 (128-bit)
  2. An HTTP server configured to communicate with a WebSphere - Express Application Server instance at the 5.0.1 level may not function properly after moving to i5/OS (OS/400 V5R3.) An Express fix level of 5.0.2.3 or later is recommended for inter-operability between an Apache HTTP Server and an Express server on a V5R3 system. The Express 5.0 product (5722IWE) should be updated by applying the V5R3 Group PTF (SF99272.)
Back to top
 
Security
  1. The Domino 6.0 LDAP server is not currently supported as a user registry. Single sign-on between a WebSphere application server - Express and a Domino 6.0 server is not currently supported. Using a Domino 5.0 LDAP server as a user registry is supported. Single Sign-on with Domino 5.0 is supported.

  2. The IBM Java Secure Socket Extension (JSSE) is currently not supported within applets.

  3. When Java 2 Security is enabled in the Global Security settings, the installed SecurityManager does not currently check modifyThread and modifyThreadGroup permissions for non-system threads.

  4. The Java Authentication and Authorization Service (JAAS) login configuration entries in the Security Center are propagated to the server run time when they are created, not when the configuration is saved.

    However, the deleted JAAS login configuration entries are not removed from the server run time. To remove the entries, save the new configuration, then stop and restart the server.

  5. Web client certificate authentication is not currently supported when using the local operating system (LocalOS) user registry. However, Java client certificate authentication does work with LocalOS. Java client certificate authentication maps the first attribute of the certificate domain name to the user ID in the LocalOS user registry.

    Even though Java client certificates work properly, the following error displays in the SystemOut.log file:

    SECJ0337E: The mapCertificate method is not supported
    The error is intended for Web client certificates, but also displays for Java client certificates. You can ignore this error for Java client certificates.

  6. When specifying identity assertion on the CSIv2 Authentication Outbound panel, you must also select basic authentication as supported or required on the CSIv2 Authentication Outbound panel. This action allows the server identity to be submitted, along with the identity token, so that the receiving server can trust the sending server. Without specifying basic authentication as supported or required, trust is not established and the identity assertion fails.

  7. Do not use the forward slash character (/) in the alias name when defining JAAS login configuration entries. The JAAS login configuration parser cannot handle the forward slash charact

  8. Some of the links from the following WebSphere Application Server - Express security windows to their corresponding help files are incorrectly mapped:

    Environment > Naming > CORBA Naming Service Users

    Environment > Naming > CORBA Naming Service Users > Add

    Environment > Naming > CORBA Naming Service Groups

    Environment > Naming > CORBA Naming Service Groups > Add

    System Administration > Console Groups > Add

    Note: In the System Administration > Console Groups > Add window, the links to the help located next to Group Description and Role Description are correct. However, the link to the help text at the top of the help window is incorrect.

    If you access a help file that does not correspond to the appropriate WebSphere Application Server - Express window, use the following table to locate the correct help information. When you access the incorrect help file, find the listing of help files located under Core Console on the left side of your current help file window and click the appropriate link.


    Window path Correct Help file
    Environment > Naming > CORBA Naming Service Users CORBA Naming Service users settings
    Environment > Naming > CORBA Naming Service Users > Add  CORBA Naming Service users settings
    Environment > Naming > CORBA Naming Service Groups  CORBA Naming Service groups
    Environment > Naming > CORBA Naming Service Groups > Add  CORBA Naming Service groups
    System Administration > Console Groups > Add  Console groups settings

  9. In WebSphere Application Server - Express, Version 5.0.1, the distinguished name is normalized according to the Lightweight Directory Access Protocol (LDAP) specification. In WebSphere Application Server - Express, Version 5, the normalization of the distinguished name is not done. The normalization consists of removing spaces in the base distinguished name before or after commas and equal symbols.

    An example of a non-normalized base distinguished name is "o = ibm, c = us" or "o=ibm, c=us".

    An example of a normalized base distinguished name is "o=ibm,c=us".

    It is preferred that the distinguished name is manually normalized when you enter the base distinguished name in the configuration. In WebSphere Application Server - Express, Version 5.0.1 and higher version, the normalization occurs automatically at the run time.

    When a WebSphere Application Server - Express, Version 5.0.1 system, which always has a normalized distinguished name, sends a security token to a WebSphere Application Server - Express, Version 5 system that contains a non-normalized distinguished name, the request is rejected due to the mismatched distinguished names during authorization.

    To ensure the interoperability between WebSphere Application Server - Express, Version 5 and Version 5.0.1, manually normalize the base distinguished name in the LDAP configuration on a WebSphere Application Server - Express, Version 5.0 system by removing all the spaces before and after the commas and equal symbols.Grant entries specified in the app.policy and was.policy files must have a code base defined. If there are grant entries specified without a code base, the policy files are not loaded properly and the application can fail.

    If the intent is to grant the permissions to all applications, then use file:${application} as a code base in the grant entry.

    When specifying identity assertion on the CSIv2 Authentication Outbound panel, you must also select basic authentication as supported or required on the CSIv2 Authentication Outbound panel. This action allows the server identity to be submitted, along with the identity token, so that the receiving server can trust the sending server. Without specifying basic authentication as supported or required, trust is not established and the identity assertion fails.

    Several release notes follow that relate to how IBM WebSphere Application Server - Express, Version 5 exposes the JAAS Subject object and WSPrincipal interface.

    • The Subject object that is generated by the WSLoginModuleImpl instance and WSClientLoginModuleImpl instance contains a principal that implements the WSPrincipal interface. The getCredential() method of a WSPrincipal object returns an object that implements the WSCredential interface. You can also find the WSCredential object instance in the PublicCredentials list of the subject instance. It is recommended that you retrieve the WSCredential object from the PublicCredentials list instead of using the getCredential() method.
    • The Subject object generated by the J2C DefaultPrincipalMapping module contains a resource principal and a PasswordCredentials list. In the present implementation the resource principal represents the caller. See the article entitled, "Develop your own J2C principal mapping module"
Back to top
 
National Language Version Issues/Limitations
  1. The help search in the administrative console does not return search results for Latin-1 terms that contain diacritical markings (for example, German "für", where the "u" includes an umlaut). To work around this problem, use the decimal representation of the character in the search term (for example, "für").
  2. A known problem exists when using national characters in instance names and application server names. Instances or application servers that are created with names that contain a character that is greater than 0x7f ASCII may create successfully, but they will not start. It is recommended that you limit your instance and application server names to the following characters when you create a server:
    • A through Z
    • a through z
    • 0 through 9
    • "_" and "-"
Back to top

IBM, iSeries, OS/400, RS/6000, AIX, Lotus, and WebSphere are trademarks of International Business Machines Corporation in the United States and/or other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.