Fixes are available
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
There is no public programming interface to pass a SAML token to SAMLGenerateLoginModule. All SAML tokens must be created by SAMLGenerateLoginModule itself.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server V7.0 users * * of WS-Security enabled JAX-WS applications * * and custom SAML tokens * **************************************************************** * PROBLEM DESCRIPTION: There is no public programming * * interface to pass a custom SAML token * * to SAMLGenerateLoginModule * **************************************************************** * RECOMMENDATION: Install a fix pack that includes this APAR. * **************************************************************** There is no public programming interface to pass a SAML token produced by a custom LoginModule to SAMLGenerateLoginModule. In order for an application to be able to generate SAML tokens with a custom LoginModule and still use SAMLGenerateLoginModule, there needs to be a public programming interface to pass the SAML token that is generated to SAMLGenerateLoginModule.
Problem conclusion
SAMLGenerateLoginModule is updated to obtain a SAML token produced by a custom JAAS LoginModule from a shared state object initialized in the login module. Following is an example of how to use this functionality: In the initialize method of the JAAS login module, save off the shared state object into a class variable: import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken; import com.ibm.wsspi.wssecurity.core.Constants; public class myLoginModule implements LoginModule { ... private Map _sharedState; ... public void initialize(Subject subject, CallbackHandle rcallbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { ... this._sharedState = sharedState; ... } Create an ArrayList of SecurityToken and put the application generated SAMLToken as the only entry in it (the code will loop through the list and use only the first hit). Put the ArrayList object in the _sharedState object with the following key: com.ibm.wsspi.wssecurity.core.Constants. WSSECURITY_TOKEN_TO_BE_INSERTED public boolean login() throws LoginException { ... SAMLToken mySamlToken=someSAMLToken; ArrayList<SecurityToken> tokenList = new ArrayList<SecurityToken>(); tokenList.add(mySamlToken); _sharedState.put( Constants.WSSECURITY_TOKEN_TO_BE_INSERTED, tokenList); ... } The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.17. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM26989
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-11-17
Closed date
2011-01-31
Last modified date
2011-02-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R700 PSY
UP
Document Information
Modified date:
27 October 2021