IBM Support

PI32465: Inconsistent behavior when OAuth20 configuration contains more t han one identical filter.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When there are a multiple clients which are specified using
    the same filter setting, even the runtime code cannot
    identify which client should be used, it uses the
    configuration of one the first matched client.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty Profile - Security           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Inconsistent behavior when OAuth20      *
    *                      configuration contains more than one    *
    *                      identical filter.                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When there are a multiple clients which are specified using the
    same filter setting, even the runtime code cannot identify which
    client should be used, it uses the configuration of one the
    first matched client.
    

Problem conclusion

  • With this fix, when the code detects the duplicate filter
    setting, CWOAU0041E message is logged and the request is
    returned with 403 error.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 8.5.5.4.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI32465

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-01-09

  • Closed date

    2015-01-14

  • Last modified date

    2015-01-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022