IV31658: ENDPOINT SPLITURL PARSING CAUSE CONFIG FILE CORRUPTION

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Recreate steps (recreated at 6.2.1.2 level, also present in
    6.2.2 and possibly others.
    1) Create a IP SAML 2 federation.
    2) When prompted please only use the basic endpoints.
    3) Complete the wizard and reload the changes to the runtime.
    4) Open the properties of the federation and scroll down to the
    Name Identifier Management  entry
    5) Enter a URL in the form of <proto>://host  with no path
    including sps or just nothing else.  For example
    https://testcase.ibm.com:83 or http://testcase.ibm.com etc...
    I'm sure there are other combinations that work.
    6) Select one of the binding methods.
    7) Click OK and load the config changes to the runtime.
    8) View the properties of the federation or the feds.xml file
    and you will see that the endpoint value of
    SAML2.ManageNameIDServiceInit and SAML2.ManageNameIDService are
    incorrectly formed. They are missing the first three characters
    of the input and contain the URL information which they should
    not.
    
    
    So far I've been able to cause this for at least the following.
    SAML2.ManageNameIDServiceInit
    SAML2.ManageNameIDService
    SAML2.AdminUserLogoutService
    SAML2.AdminDefederateUserService
    SAML2.AuthenticationURL
    
    This also effects the sps.xml file.  Where the entries for the
    following are invalid:
    <federation>/saml20/auth
    <federation>/saml20/adminDefederateUser
    <federation>/saml20/adminLogoutUser
    <federation>/saml20/mnids
    <federation>/saml20/mnidsinit
    
    I've also run into a case where the general endpoint
    endpoint./auth was missing from sps.xml
    

Local fix

  • Delete and recreate the federation
    

Problem summary

  • Corrupted URLs in the feds.xml and sps.xml when a non-sps
    URL is provided for Single Sign-On Service, Single
    Logout Service, Soap Endpoint, Artifact Resolution Service,
    Assertion Consumer Service or Name ID Management Service
    URLs in the SAML 2.0 IP/SP Federation properties page via
    Management Console.
    
    Fix for this defect will include validation of the above
    URLs. The URL provided will be checked to ensure
    that it is a properly formatted URL and that it is a
    sps URL.
    

Problem conclusion

  • The fix for this APAR is expected to be contained in the
    following maintenance delivery vehicle:
    | fix pack | 6.2.2-TIV-TFIM-FP0004
    

Temporary fix

  • Delete and re-create the federation
    

Comments

APAR Information

  • APAR number

    IV31658

  • Reported component name

    TIV FED ID MGR

  • Reported component ID

    5724L7300

  • Reported release

    622

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-08

  • Closed date

    2012-11-08

  • Last modified date

    2012-11-08

  • APAR is sysrouted FROM one or more of the following:

    IV25246

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV FED ID MGR

  • Fixed component ID

    5724L7300

Applicable component levels

  • R622 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Federated Identity Manager

Software version:

622

Reference #:

IV31658

Modified date:

2012-11-08

Translate my page

Machine Translation

Content navigation