IBM Support

PI58160: ADD NEW CLIENT AND PROVIDER GENERAL BINDINGS WITH SHA256

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Add new client and provider general bindings with SHA256
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server            *
    *                  administrators of WS-Security enabled web   *
    *                  services applications                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: Add new client and provider general     *
    *                      bindings with SHA256                    *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that contains this       *
    *                  APAR.                                       *
    ****************************************************************
    WS-Security general bindings should be available to customers
    to make it easier to avoid using the potentially vulnerable
    SHA1 signature algorithms that are specification-required by
    the algorithm suites in the policies.
    

Problem conclusion

  • A new set of client and provider sample general bindings are
    added to the application server:
    
    * Provider sample SHA256
    
    This binding is the same as the standard provider sample
    binding, except 1) it adds the SignatureAlgorithm custom
    property for the SHA256 signature algorithms to all the
    symmetric and assymetric sign parts and 2) it contains the
    SAML Bearer token consumers. You should modify this binding to
    meet your security requirements before using in a production
    environment.
    
    * Client sample SHA256
    
    This binding is the same as the standard client sample
    binding, except 1) to all the symmetric and assymetric sign
    parts, it adds the SignatureAlgorithm custom property for the
    SHA256 signature algorithms and 2) it contains the SAML Bearer
    token generators. You should modify this binding to meet your
    security requirements before using in a production
    environment.
    
    These new sample bindings will be available to new profiles
    created after a fix pack containing this APAR is installed.
    
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.43, 8.0.0.13, and 8.5.5.10.  Please refer to
    the Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    Keywords: IBMWL3WSS, WSSEC
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI58160

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-02-26

  • Closed date

    2016-04-26

  • Last modified date

    2016-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI58160

Modified date: 26 April 2016