IBM Support

PI22741: NEW ISSUER LOST FROM XML WHEN RE-SIGNING SAML TOKEN

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a SAMLToken object is re-signed using a SAMLTokenFactory
    API, if the Issuer is specified to be changed, it will be
    missing from the token's XML.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server 7.0        *
    *                  developers of SAML applications             *
    ****************************************************************
    * PROBLEM DESCRIPTION: When a SAML token is re-signed using    *
    *                      the SAMLTokenFactory API specifying a   *
    *                      new Issuer, the Issuer is missing       *
    *                      from the token XML.                     *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that contains this       *
    *                  APAR.                                       *
    ****************************************************************
    When a SAMLToken object is re-signed using a
    SAMLTokenFactory API, if the Issuer for the SAMLToken is
    changed using a ProviderConfig object, the Issuer will be
    updated in the SAMLToken object.  However, if the SAMLToken is
    converted to a string, the Issuer will be missing from the XML.
    

Problem conclusion

  • The SAMLTokenFactory APIs used to re-sign a SAMLToken object
    are updated so that a new Issuer is properly reflected in the
    object's XML.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.35.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    Keywords: IBMWL3WSS, WSSEC, SAMLWSSEC
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI22741

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-07-28

  • Closed date

    2014-08-06

  • Last modified date

    2015-09-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 October 2021