A fix is available
APAR status
Closed as program error.
Error description
When using the CICS supplied security handler, configured for STS Authentication in a Requester pipeline, the handler sometimes treats faults from the STS as valid responses and continues the request. This occurs when the size of the returned fault is greater than 512 bytes. This results in the fault returned by the STS being added to security header of the outbound request.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: The CICS supplied WS-Security handler * * was deployed in a requester pipeline. * * It was configured to perform STS * * authentication. The STS returned * * a SOAP Fault to the handler. * * The handler treated this result * * as a valid response and continued * * processing, resulting the the Fault * * being added to the SOAP Header of * * the outbound SOAP Request. * **************************************************************** * RECOMMENDATION: * **************************************************************** The trace indicates that the request to DFHPITC with the ISSUE call, made by the Security handler to call the STS, failed with a BUFFER_TOO_SMALL Exception. This is because the returned fault was larger than the internal buffer size of 512 bytes. If the fault had been small enough to fit in the buffer a TRUST_FAULT Exception would have been returned. Since the BUFFER_TOO_SMALL Exception masked the fault execption the logic to handle faults from the STS was incorrectly bypassed Additional Keywords: pitc_faulted pitc_buffer_too_small
Problem conclusion
The optional FAULTED parameter was added to the the DFHPITC ISSUE call made in the Requester path for the security handler. When a fault is returned from the STS this is set to YES regardless of the Exception reason returned by the domain call. The calling code now executes the fault logic if the trust_fault exception is returned or if the faulted value is set to yes. This caused the security handler to fail correctly when a large SOAP Fault message is returned.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK48339
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-07-04
Closed date
2007-08-15
Last modified date
2007-09-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
DESPITC DFHPITC DFHPITCA DFHPITCM DFHPITCT
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK28190
UP07/08/22 P F708
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 September 2007