APAR status
Closed as program error.
Error description
Error Message, as reported by customer: Customer reports the following error from a test case in their Windows AzureAD environment: java.lang.IllegalArgumentException: provided null name in com.ibm.security.auth.JAASPrincipal. Stack Trace, if applicable: Before construct Win64System No mapping between account names and security IDs was done. [JAASLoginModule] succeeded importing info: user name = XXYYZZ user SID = S-1-12-1-731028960-1096896208-158070199-1005826882 user domain = AzureAD java.lang.IllegalArgumentException: provided null name after construct Win64System at com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76 ) at com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal .java:65) at com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu le.java:176) at Main.main(Main.java:20) Disconnected from the target VM, address: '127.0.0.1:56788', transport: 'socket' getting access token [getToken] got user access token getting user info [getUser] Got TokenUser info [getUser] userName: XXYYZZ, domainName = AzureAD [getUser] userSid: S-1-12-1-731028960-1096896208-158070199-1005826882 [getUser] LookupAccountName error: 1332 getting primary group [getPrimaryGroup] Got TokenPrimaryGroup info [getPrimaryGroup] primaryGroup: S-1-12-1-731028960-1096896208-158070199-1005826882 getting supplementary groups [getGroups] Got TokenGroups info [getGroups] group 0: S-1-16-8192 [getGroups] group 1: S-1-1-0 [getGroups] group 2: S-1-5-21-1053931748-2307000595-3209804414-1002 [getGroups] group 3: S-1-5-32-544 [getGroups] group 4: S-1-5-32-559 [getGroups] group 5: S-1-5-32-545 [getGroups] group 6: S-1-5-4 [getGroups] group 7: S-1-2-1 [getGroups] group 8: S-1-5-11 [getGroups] group 9: S-1-5-15 [getGroups] group 10: S-1-5-5-0-1315436 [getGroups] group 11: S-1-2-0 [getGroups] group 12: S-1-5-64-36 Process finished with exit code 0 Other Error Information, as reported by customer: N/A
Local fix
N/A
Problem summary
JAASPrincipal "provided name is null" error in Windows AzureAD environment. ERROR DESCRIPTION: Customer reports the following error from a test case in their Windows AzureAD environment: Before construct Win64System No mapping between account names and security IDs was done. [JAASLoginModule] succeeded importing info: user name = XXYYZZ user SID = S-1-12-1-731028960-1096896208-158070199-1005826882 user domain = AzureAD java.lang.IllegalArgumentException: provided null name after construct Win64System at com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76 ) at com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal .java:65) at com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu le.java:176) at Main.main(Main.java:20) Disconnected from the target VM, address: '127.0.0.1:56788', transport: 'socket' getting access token [getToken] got user access token getting user info [getUser] Got TokenUser info [getUser] userName: XXYYZZ, domainName = AzureAD [getUser] userSid: S-1-12-1-731028960-1096896208-158070199-1005826882 [getUser] LookupAccountName error: 1332 getting primary group [getPrimaryGroup] Got TokenPrimaryGroup info [getPrimaryGroup] primaryGroup: S-1-12-1-731028960-1096896208-158070199-1005826882 getting supplementary groups [getGroups] Got TokenGroups info [getGroups] group 0: S-1-16-8192 [getGroups] group 1: S-1-1-0 [getGroups] group 2: S-1-5-21-1053931748-2307000595-3209804414-1002 [getGroups] group 3: S-1-5-32-544 [getGroups] group 4: S-1-5-32-559 [getGroups] group 5: S-1-5-32-545 [getGroups] group 6: S-1-5-4 [getGroups] group 7: S-1-2-1 [getGroups] group 8: S-1-5-11 [getGroups] group 9: S-1-5-15 [getGroups] group 10: S-1-5-5-0-1315436 [getGroups] group 11: S-1-2-0 [getGroups] group 12: S-1-5-64-36 Process finished with exit code 0JAASPrincipal "provided name is null" error in Windows AzureAD environment. ERROR DESCRIPTION: Customer reports the following error from a test case in their Windows AzureAD environment: Before construct Win64System No mapping between account names and security IDs was done. [JAASLoginModule] succeeded importing info: user name = XXYYZZ user SID = S-1-12-1-731028960-1096896208-158070199-1 user domain = AzureAD java.lang.IllegalArgumentException: provided null name after construct Win64System at com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76 ) at com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal .java:65) at com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu le.java:176) at Main.main(Main.java:20) Disconnected from the target VM, address: '127.0.0.1:56788', transport: 'socket' getting access token [getToken] got user access token getting user info [getUser] Got TokenUser info [getUser] userName: XXYYZZ, domainName = AzureAD [getUser] userSid: S-1-12-1-731028960-1096896208-158070199-1005826882 [getUser] LookupAccountName error: 1332 getting primary group [getPrimaryGroup] Got TokenPrimaryGroup info [getPrimaryGroup] primaryGroup: S-1-12-1-731028960-1096896208-158070199-1005826882 getting supplementary groups [getGroups] Got TokenGroups info [getGroups] group 0: S-1-16-8192 [getGroups] group 1: S-1-1-0 [getGroups] group 2: S-1-5-21-1053931748-2307000595-3209804414-1002 [getGroups] group 3: S-1-5-32-544 [getGroups] group 4: S-1-5-32-559 [getGroups] group 5: S-1-5-32-545 [getGroups] group 6: S-1-5-4 [getGroups] group 7: S-1-2-1 [getGroups] group 8: S-1-5-11 [getGroups] group 9: S-1-5-15 [getGroups] group 10: S-1-5-5-0-1315436 [getGroups] group 11: S-1-2-0 [getGroups] group 12: S-1-5-64-36 Process finished with exit code 0
Problem conclusion
Updated JAASPrincipal to allow empty name string in constructor for Windows platforms. The associated RTC PR is 139554 The associated Austin CMVC defect is N/A The associated Austin APAR is IJ10831 JVMs affected: Java 7 & 8 The fix was delivered for: Java 7 SR10 FP40 (level 20181106_01), Java 7.1 SR4 FP40 (level 20181106_01), Java 8 SR5 FP30 (level 20181102_04) The affected jars: rt.jar
Temporary fix
Comments
APAR Information
APAR number
IJ10831
Reported component name
JAVA AUTHEN AUT
Reported component ID
TIVSECJAA
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-10-26
Closed date
2018-11-07
Last modified date
2018-11-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
NONE 999
Fix information
Fixed component name
JAVA AUTHEN AUT
Fixed component ID
TIVSECJAA
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL43","label":"JAAS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
07 November 2018