IBM Support

PI32912: RESOURCEOWNERVALIDATIONMEDIATOR.INIT() IS NEVER INVOKED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The default OAuth2Mediator class,
    com.ibm.ws.security.oauth20.mediator.
    ResourceOwnerValidationMediator is not initialized along with
    the other server elements. This causes a NullPointerException
    upon OAuth2 token submission due to the registry variables and
    other data not being set.
    

Local fix

  • Implement a customer Mediator class.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty Profile who use OAuth and    *
    *                  OpenID Connect features                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: When an OAuth provider is configured    *
    *                      with default mediator, an OAuth         *
    *                      request                                 *
    *                      to token endpoint with grant_type of    *
    *                      password fails with                     *
    *                      NullPointerException.                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    This problem occurred in the OAuth default mediator code
    because
    the code was attempting to reference an uninitialized variable.
    

Problem conclusion

  • This problem was fixed by initializing the uninitialized
    variable before referencing it in the OAuth default mediator
    code.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 8.5.5.5.  Please refer to the Recommended Updates page for
    delivery information:
    
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    Keywords: IBMWL3WSS, OAUTH, LIBERTY
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI32912

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-01-16

  • Closed date

    2015-02-05

  • Last modified date

    2015-09-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 April 2022