IBM Support

PI58900: CWSML7011E EXCEPTION OCCURS WHEN A SAML ASSERTION CONTAINS A SAML2:ADVICE ELEMENT.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • If a SAML Assertion contains an Advice element, token
    validation fails and a CWSML7011E error is logged that says
    that the Advice element is not supported.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All administrators IBM WebSphere            *
    *                  Application Server and SAML                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: Whe the application server receives a   *
    *                      SAML Assertion that contains an         *
    *                      Advice element, token validation        *
    *                      fails with CWSML7011E                   *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that contains this       *
    *                  APAR.                                       *
    ****************************************************************
    When the application server receives a SAML Assertion that
    contains an Advice element, token validation fails with the
    following error:
    CWSML7011E: An element exists in the SAML assertion that is
    not supported.  The unsupported element is [Advice].
    Since the SAML specification says that the receiver may ignore
    the Advice element, the application server should skip the
    element instead of exiting token validation with an error.
    

Problem conclusion

  • The SAML token validator that is used by SAML Web Single
    Sign-On and Web Services Security is updated so that it will
    not fail if it encounters an Assertion that contains an Advice
    element.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.43, 8.0.0.13, and 8.5.5.10.  Please refer to
    the Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    Keywords: IBMWL3WSS, SAMLWSSO, SAMLWSSEC, WSSEC
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI58900

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-03-10

  • Closed date

    2016-04-06

  • Last modified date

    2016-04-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI58900

Modified date: 13 April 2016