IBM Support

PM26989: There is no public interface to pass a SAML token to SAMLGenerateLoginModule

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • There is no public programming interface to pass a SAML token to
    SAMLGenerateLoginModule.  All SAML tokens must be created by
    SAMLGenerateLoginModule itself.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server V7.0 users *
    *                  of WS-Security enabled JAX-WS applications  *
    *                  and custom SAML tokens                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: There is no public programming          *
    *                      interface to pass a custom SAML token   *
    *                      to SAMLGenerateLoginModule              *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that includes this APAR. *
    ****************************************************************
    There is no public programming interface to pass a SAML token
    produced by a custom LoginModule to SAMLGenerateLoginModule.
    
    In order for an application to be able to generate SAML tokens
    with a custom LoginModule and still use
    SAMLGenerateLoginModule, there needs to be a public
    programming interface to pass the SAML token that is generated
    to SAMLGenerateLoginModule.
    

Problem conclusion

  • SAMLGenerateLoginModule is updated to obtain a SAML token
    produced by a custom JAAS LoginModule from a shared state
    object initialized in the login module.
    
    Following is an example of how to use this functionality:
    
    In the initialize method of the JAAS login module, save off
    the shared state object into a class variable:
    
    import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
    import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
    import com.ibm.wsspi.wssecurity.core.Constants;
    
    public class myLoginModule implements LoginModule {
    ...
    private Map _sharedState;
    ...
    public void initialize(Subject subject,
    CallbackHandle rcallbackHandler,
    Map<String, ?> sharedState,
    Map<String, ?> options) {
    ...
    this._sharedState = sharedState;
    ...
    }
    
    Create an ArrayList of SecurityToken and put the
    application generated SAMLToken as the only entry in it (the
    code will loop through the list and use only the first hit).
    
    Put the ArrayList object in the _sharedState object with the
    following key:
    
    com.ibm.wsspi.wssecurity.core.Constants.
    WSSECURITY_TOKEN_TO_BE_INSERTED
    
    public boolean login() throws LoginException {
    ...
    SAMLToken mySamlToken=someSAMLToken;
    ArrayList<SecurityToken> tokenList =
    new ArrayList<SecurityToken>();
    tokenList.add(mySamlToken);
    _sharedState.put(
    Constants.WSSECURITY_TOKEN_TO_BE_INSERTED,
    tokenList);
    ...
    }
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.17.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM26989

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-11-17

  • Closed date

    2011-01-31

  • Last modified date

    2011-02-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM31790

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM26989

Modified date: 02 February 2011