PM02375: AUTOMATICALLY ENCODE SAML CUSTOM PROPERTIES THAT CONTAIN PASSWORDS

Fixes are available

APAR status

Closed as program error.

Error description

A few new SAML binding custom properties were added that
contain passwords. Instead of automatically encoding the
passwords through the admin tasks that read/write these
properties, the steps needed to manually encode the passwords
were documented in the Information Center.

The manual method of encoding the password is detailed and
repetitive for customers.  Because of this,
customers may skip this step resulting in passwords in
plaintext passowrds in their binding files.

If the manual steps are followed incorrectly, the process may
leave improperly encoded passwords which will result in failed
web services requests.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server V7.0 users *
*                  of WS-Security enabled web services using   *
*                  SAML binding custom properties              *
****************************************************************
* PROBLEM DESCRIPTION: SAML binding custom properties          *
*                      are not automatically encoded           *
****************************************************************
* RECOMMENDATION:  Install a fix pack that contains this APAR. *
****************************************************************
The WS-Security admin task, used by the Administrative
Console and wsadmin, does not automatically encode the
following SAML custom properties:

trustStorePassword
keyStorePassword
keyPassword

This results in plain text passwords being written out to the
bindings.xml file unless the user takes the extra step to
manually encode them.

Problem conclusion

The code has been updated to check for the above three custom
properties and automatically encode their values prior to
writing out the bindings.xml file.

The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.9.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PM02375
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-11-30
Closed date
2009-12-17
Last modified date
2009-12-17

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R700 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
24 October 2021

Tips

PM02375: AUTOMATICALLY ENCODE SAML CUSTOM PROPERTIES THAT CONTAIN PASSWORDS

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R700 PSY

Document Information

Share your feedback

Need support?