IBM Support

PI50765: NULLPOINTEREXCEPTION IN OPENID WHEN KEY NOT IN CACHE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the rp_identifier in an OpenID authentication response is
    not found in the cache, an NullPointerException error occurs.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server            *
    *                  administrators using the OpenID TAI         *
    ****************************************************************
    * PROBLEM DESCRIPTION: OpenID emits NullPointerException       *
    *                      error when rp_identifier is not found   *
    *                      in the cache                            *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that contains this       *
    *                  APAR.                                       *
    ****************************************************************
    In the OpenID Relying Party TAI, when the rp_identifier from
    an authentication response from the OpenID provider isn't
    found in OpenID cache, a NullPointerException error will occur:
    SECJ0128E: An unexpected exception occurred during Trust
    Association. The exception is java.lang.NullPointerException
    at
    com.ibm.ws.security.openid20.client.OpenIDClientAuthenticator.ve
    rifyResponse(OpenIDClientAuthenticator.java:200)
    at
    com.ibm.ws.security.openid20.client.OpenIDRelyingPartyTAI.negoti
    ateValidateandEstablishTrust(OpenIDRelyingPartyTAI.java:238)
    ...
    

Problem conclusion

  • The OpenID relying party TAI is updated to better handle the
    condition where the rp_identifier is not found in its cache.
    When this error occurs, the following error will be emitted:
    
    CWTAI3016E: The key, {0}, obtained from the rp_identifier
    parameter on the authentication response from the OpenID
    provider, was not found in the OpenID cache.  Consider
    configuring session affinity on your front-end HTTP server.
    
    If the rp_identifier is missing from the authentication
    response received from the OpenID provider, the following
    error will be emitted:
    
    CWTAI3015E: There is no rp_identifier parameter in the
    authentication response from the OpenID provider.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.0.0.13 and 8.5.5.9.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    IBMWL3WSS, OPENID20
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI50765

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-10-19

  • Closed date

    2016-01-14

  • Last modified date

    2016-01-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 April 2022