IBM Support

PM27388: DUPLICATE ONETIMEUSE AND DONOTCACHECONDITION XML ENTRIES CREATED

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Description: When using setOneTimeUse(true) duplicate OneTimeUse
    (for SAML 2.0) and DoNotCacheCondition (for SAML 1.1) entries
    are being set.
    Here's one example.
    
    <saml2:Conditions NotBefore="2010-11-09T15:49:22.68Z"
    NotOnOrAfter="2010-11-09T15:54:22.68Z">
    <saml2:OneTimeUse>
    <saml2:OneTimeUse/>
    </saml2:OneTimeUse>
    </saml2:Conditions>
    
    Fix the code creating duplicate entries.
    

Local fix

  • <NONE>
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server V7.0 users *
    *                  of WS-Security enabled JAX-WS applications  *
    *                  and SAML                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: Duplicate OneTimeUse and                *
    *                      DoNotCacheCondition assertions are      *
    *                      being created in a SAML Token.          *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that includes this APAR  *
    ****************************************************************
    For SAML 2.0, a user may attempt to set OneTimeUse using the
    SAML API. One example would be:
    
    RequesterConfig
    reqData=samlFactory.newBearerTokenGenerateConfig();
    reqData.setOneTimeUse(true);
    
    When the SAML token is created, the resulting condition will
    contain duplicate OneTimeUse assertions, such as this one:
    
    <saml2:Conditions NotBefore="2010-11-09T15:49:22.68Z"
    NotOnOrAfter="2010-11-09T15:54:22.68Z">
    <saml2:OneTimeUse>
    <saml2:OneTimeUse/>
    </saml2:OneTimeUse>
    </saml2:Conditions>
    
    A similar situation takes place when attempting to set the
    DoNotCacheCondition for a SAML 1.1 token.
    

Problem conclusion

  • The code erroneously enclosed a duplicate OneTimeUse and
    DoNotCacheCondition inside the condition itself. This code fix
    removes the code that added the duplicate entry.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.17.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM27388

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-11-24

  • Closed date

    2010-12-17

  • Last modified date

    2011-06-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM27388

Modified date: 09 June 2011