IBM Support

PI20105: CLONING A SAMLTOKEN OBJECT USING SAMLTOKENFACTORY.NEWSAMLTOKEN(TOKEN) RETURNS NULL.

Fixes are available

8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The SAMLTokenFactory.newSAMLToken(SAMLToken) method always
    returns null.  This method should return a SAMLToken object
    that is a clone of the input SAMLToken object.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server            *
    *                  developers using SAML APIs                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: SAMLTokenFactory.newSAMLToken(SAMLToken *
    *                      ) method always returns null            *
    ****************************************************************
    * RECOMMENDATION:  Install an fix pack that includes this      *
    *                  APAR.                                       *
    ****************************************************************
    The method
    com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory.new
    SAMLToken(SAMLToken) always returns null.  No errors appear in
    SystemOut.log or trace.log.
    This method should return a SAMLToken object that is a clone
    of the input SAMLToken object.
    Also, because of this issue, the method that is used toe
    re-sign a SAML token:
    SAMLTokenFactory.newSAMLToken(SAMLToken,RequesterConfig,Provider
    Config)
    will exit with a WSSException error with a call stack similar
    to the following:
    com.ibm.websphere.wssecurity.wssapi.WSSException: null:
    java.lang.NullPointerException: null
    at
    com.ibm.ws.wssecurity.wssapi.token.impl.SAML20TokenFactoryImpl.n
    ewSAMLToken(SAML20TokenFactoryImpl.java:672)
    at
    test.token.loginModule.createSamlToken(myLoginModule.java:222)
    ...
    This issue does not affect the WS-Security SAML token
    generation or consuming processes, nor does it affect any of
    the SAMLTokenFactory APIs other than the two mentioned.
    This issue only occurs on the IBM WebSphere Application Server
    and the family of products that include the Application
    Server.  This issue does not occur on any IBM product that
    embeds the WS-Security common component jar,
    was-wssecurity-*.jar, such as CICS or the IMS Enterprise
    Suite.
    

Problem conclusion

  • When running in a WebSphere Application Server environment,
    the SAMLTokenImpl class is wrapped in one of two extension
    classes:
    
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSA
    ML11TokenImpl
    com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.WasSA
    ML20TokenImpl
    
    Both of these extension classes override the clone() method
    implemented in SAMLTokenImpl.  The overriding
    clone() methods in these classes is empty, just returning
    null.  So, although the SAMLTokenImpl class has a populated
    implementation for the clone() method, any object instantiated
    as a WasSAML11TokenImpl or WasSAML20TokenImpl does not.
    
    The clone() methods in the WasSAML11TokenImpl and
    WasSAML20TokenImpl extension classes in the WebSphere
    Application Server are updated to return a clone of the input
    SAMLToken object.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.35, 8.0.0.10, and 8.5.5.3.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI20105

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-06-16

  • Closed date

    2014-06-24

  • Last modified date

    2014-06-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI20105

Modified date: 24 June 2014