Fixes are available
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
APAR status
Closed as program error.
Error description
A general policy binding is exported from an application server that has custom password encryption. That general binding is then imported into another application server. When the binding is attached to and used by a JAX-WS application, an error similar to the following occurs: CWWSS7315E: Caught an exception attempting to create default configuration objects. The following exception occurred: com.ibm.wsspi.wssecurity.core. SoapSecurityException: CWWSS5003E: The /WebSphere/AppServer/profiles/etc/ws-security/samples/ key store cannot be read because an IOException error occurred.: java.io.IOException: Keystore was tampered with, or password was incorrect.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All administrators of IBM WebSphere * * Application Server * **************************************************************** * PROBLEM DESCRIPTION: WS-Security policy bindings exported * * with encrypted passwords cannot be * * imported * **************************************************************** * RECOMMENDATION: Install a fix pack that includes this * * APAR. * **************************************************************** If the application server that is importing the binding either does not have custom password encryption enabled, or the password encryption algorighm, or decryption keys are different, the passwords in the imported WS-Security bindings will be unusable. The only way to fix the issue is to find all the passwords in the binding and update them manually with the administrative console.
Problem conclusion
The admin task that exports the WS-Security bindings just exports the files as they appear on the disk. The admin task that exports the WS-Security bindings is updated to allow a WS-Security bindings.xml file with encrypted passwords be exported using XOR encoded passwords instead. This will allow an application server that imports the bindings to read and use the passwords successfully. In order to be able to export encrypted passwords as encoded passwords, the following JVM system property must be set to true on the application server or wsadmin at startup: com.ibm.ws.policyset.exportEncodedPasswords=true The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.37, 8.0.0.10, and 8.5.5.5. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI09785
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-01-16
Closed date
2014-10-09
Last modified date
2014-10-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R700 PSY
UP
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
12 January 2022