IBM Support

PM38651: WSS APIs DO NOT PROVIDE ACCESS TO THE 'RECIPIENT' ATTRIBUTE OF A SAML TOKEN

Fixes are available

8.0.0.1: WebSphere Application Server V8.0 Fix Pack 1
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
8.0.0.2: WebSphere Application Server V8.0 Fix Pack 2
8.0.0.3: WebSphere Application Server V8.0 Fix Pack 3
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
8.0.0.5: WebSphere Application Server V8.0 Fix Pack 5
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The WebSphere Web Services Security APIs do not provide access
    to the 'Recipient' attribute of a SAML token with the token is
    either sent or received.
    

Local fix

  • N/A.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server users of   *
    *                  WS-Security enabled web services            *
    *                  applications and SAML                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: Recipient attribute in SAML token is    *
    *                      not available when generating or        *
    *                      consuming the token using the WSS APIs  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When using the Web Services Security (WSS) APIs to generate or
    consume a SAML token, the Recipient attribute is not available
    for use.
    

Problem conclusion

  • The code is updated to make the Recipient attribute of a SAML
    token available. The following setter/getter methods are added
    to the com.ibm.wsspi.wssecurity.saml.config.RequesterConfig
    class:
    
    public void setRecipient(String url);
    public String getRecipient();
    
    The following setter/getter methods are also added to the same
    class to allow access to other previously inaccessible SAML
    attributes:
    
    public void setInResponseTo(String url);
    public String getInResponseTo();
    public void setAddress(String url);
    public String getAddress();
    public void setEnableNotBefore(boolean notBefore);
    public boolean enableNotBefore();
    public void setNotOnOrAfter(long minutes);
    public long getNotOnOrAfter();
    public void setAuthnContextDeclRef(String url);
    public String getAuthnContextDeclRef();
    public void setAuthnContextDecl(String url);
    public String getAuthnContextDecl();
    public void setAuthenticatingAuthority(String url);
    public String getAuthenticatingAuthority();
    public void setSessionNotOnOrAfter(long minutes);
    public long getSessionNotOnOrAfter();
    public void setEncryptSAML(boolean enc);
    public boolean isEncryptSAML();
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.21 and 8.0.0.1.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM38651

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-05-06

  • Closed date

    2011-07-05

  • Last modified date

    2011-07-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM38651

Modified date: 05 July 2011