Fixes are available
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for AIX
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for IBM i
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Windows
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for HP-UX
7.0.0.5: Java SDK 1.6 SR5 Cumulative Fix for WebSphere Application Server
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Solaris
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Linux
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for IBM i
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for AIX
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Windows
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for HP-UX
7.0.0.7: Java SDK 1.6 SR6 Cumulative Fix for WebSphere Application Server
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Solaris
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Linux
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for IBM i
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Windows
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for AIX
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for HP-UX
7.0.0.9: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Solaris
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Linux
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
When a WS-Security enabled JAX-WS service provider is configured for blind trust, all service requests to the provider are rejected with the following error in the SOAP response: CWWSS7283E: The caller [com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig$CallerConf Impl(jaasConfig=[system.wss.caller], jaasConfigProperties=[{}], callbackHandler=[null], useIdentityAssertion=[false], trustAnyTrustedIdentity=[true], callerIdentity=[http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-username-token-profile-1.0#UsernameToken], trustedIdentity=[null], requiredSigningPartReference=[null], order=[1])] does not have a matching protection or supporting token in the policy.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server V7.0 users * * of WS-Security enabled JAX-WS web services * **************************************************************** * PROBLEM DESCRIPTION: When a WS-Security enabled JAX-WS web * * service is configured for blind * * trust, all service requests are * * rejected. * **************************************************************** * RECOMMENDATION: Apply a fix pack that contains this APAR. * **************************************************************** When a WS-Security enabled JAX-WS service provider is configured for blind trust, the provider's policy set is not loaded properly and all service requests to the provider are rejected. The following statement can be found in trace.log: Unable to process inbound SOAP message. PolicySet not loaded properly. A message similar to the following can be found in trace.log or an FFDC log: CWWSS7283E: The caller [com.ibm.ws.wssecurity.confimpl.PrivateConsumerConfig$CallerConf Impl(jaasConfig=[system.wss.caller], jaasConfigProperties=[{}], callbackHandler=[null], useIdentityAssertion=[false], trustAnyTrustedIdentity=[true], callerIdentity=[http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-username-token-profile-1.0#UsernameToken], trustedIdentity=[null], requiredSigningPartReference=[null], order=[1])] does not have a matching protection or supporting token in the policy. at com.ibm.wsspi.wssecurity.core.SoapSecurityException.format (SoapSecurityException.java:77) at com.ibm.ws.wssecurity.handler.PolicyInboundConfig.init (PolicyInboundConfig.java:3093) at com.ibm.ws.wssecurity.handler.PolicyInboundConfig.<init> (PolicyInboundConfig.java:235) at com.ibm.ws.wssecurity.handler.WSSecurityBindingLoaderImpl. loadCustom(WSSecurityBindingLoaderImpl.java:375) at com.ibm.ws.policyset.runtime.BindingAggregator.getCustomBinding (BindingAggregator.java:334) The CWWSS7283E message will be returned in the SOAP response to the consumer application. A WS-Security blind trust binding configuration for a service provider consists of a UsernameToken consumer with the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed=true property specified on the callback handler. A caller config would exist for the UsernameToken that has 'User identity assertion' checked, but no 'Trusted identity local part' or 'Trusted identity namespace URI' indicated. With this configuration, the WS-Security runtime should accept UsernameTokens that do not include a password; no associated trust token is required as would be in a 'normal' identity assertion scenario. The runtime will validate that the Username in the UsernameToken exists in the user registry and obtain the corresponding WebSphere credentials for it. If the Username in the UsernameToken does not exist in the user registry, an LoginException should occur.
Problem conclusion
The WS-Security policy set validator was updated to recognize the blind trust configuration. A CWWSS7283E error will no longer occur when blind trust is configured. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.5. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK84629
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-04-14
Closed date
2009-06-24
Last modified date
2009-06-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R700 PSY
UP
Document Information
Modified date:
24 October 2021