Fixes are available
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
The SAMLTokenFactory.newSAMLToken(SAMLToken) method always returns null. This method should return a SAMLToken object that is a clone of the input SAMLToken object.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server * * developers using SAML APIs * **************************************************************** * PROBLEM DESCRIPTION: SAMLTokenFactory.newSAMLToken(SAMLToken * * ) method always returns null * **************************************************************** * RECOMMENDATION: Install an fix pack that includes this * * APAR. * **************************************************************** The method com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory.new SAMLToken(SAMLToken) always returns null. No errors appear in SystemOut.log or trace.log. This method should return a SAMLToken object that is a clone of the input SAMLToken object. Also, because of this issue, the method that is used toe re-sign a SAML token: SAMLTokenFactory.newSAMLToken(SAMLToken,RequesterConfig,Provider Config) will exit with a WSSException error with a call stack similar to the following: com.ibm.websphere.wssecurity.wssapi.WSSException: null: java.lang.NullPointerException: null at com.ibm.ws.wssecurity.wssapi.token.impl.SAML20TokenFactoryImpl.n ewSAMLToken(SAML20TokenFactoryImpl.java:672) at test.token.loginModule.createSamlToken(myLoginModule.java:222) ... This issue does not affect the WS-Security SAML token generation or consuming processes, nor does it affect any of the SAMLTokenFactory APIs other than the two mentioned. This issue only occurs on the IBM WebSphere Application Server and the family of products that include the Application Server. This issue does not occur on any IBM product that embeds the WS-Security common component jar, was-wssecurity-*.jar, such as CICS or the IMS Enterprise Suite.
Problem conclusion
When running in a WebSphere Application Server environment, the SAMLTokenImpl class is wrapped in one of two extension classes: com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSA ML11TokenImpl com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSA ML20TokenImpl Both of these extension classes override the clone() method implemented in SAMLTokenImpl. The overriding clone() methods in these classes is empty, just returning null. So, although the SAMLTokenImpl class has a populated implementation for the clone() method, any object instantiated as a WasSAML11TokenImpl or WasSAML20TokenImpl does not. The clone() methods in the WasSAML11TokenImpl and WasSAML20TokenImpl extension classes in the WebSphere Application Server are updated to return a clone of the input SAMLToken object. The fix for this APAR is currently targeted for inclusion in fix packs 7.0.0.35, 8.0.0.10, and 8.5.5.3. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI20105
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-06-16
Closed date
2014-06-24
Last modified date
2014-06-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R700 PSY
UP
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
28 April 2022