Fixes are available
APAR status
Closed as program error.
Error description
Recreate steps (recreated at 6.2.1.2 level, also present in 6.2.2 and possibly others. 1) Create a IP SAML 2 federation. 2) When prompted please only use the basic endpoints. 3) Complete the wizard and reload the changes to the runtime. 4) Open the properties of the federation and scroll down to the Name Identifier Management entry 5) Enter a URL in the form of <proto>://host with no path including sps or just nothing else. For example https://testcase.ibm.com:83 or http://testcase.ibm.com etc... I'm sure there are other combinations that work. 6) Select one of the binding methods. 7) Click OK and load the config changes to the runtime. 8) View the properties of the federation or the feds.xml file and you will see that the endpoint value of SAML2.ManageNameIDServiceInit and SAML2.ManageNameIDService are incorrectly formed. They are missing the first three characters of the input and contain the URL information which they should not. So far I've been able to cause this for at least the following. SAML2.ManageNameIDServiceInit SAML2.ManageNameIDService SAML2.AdminUserLogoutService SAML2.AdminDefederateUserService SAML2.AuthenticationURL This also effects the sps.xml file. Where the entries for the following are invalid: <federation>/saml20/auth <federation>/saml20/adminDefederateUser <federation>/saml20/adminLogoutUser <federation>/saml20/mnids <federation>/saml20/mnidsinit I've also run into a case where the general endpoint endpoint./auth was missing from sps.xml
Local fix
Delete and recreate the federation
Problem summary
Corrupted URLs in the feds.xml and sps.xml when a non-sps URL is provided for Single Sign-On Service, Single Logout Service, Soap Endpoint, Artifact Resolution Service, Assertion Consumer Service or Name ID Management Service URLs in the SAML 2.0 IP/SP Federation properties page via Management Console. Fix for this defect will include validation of the above URLs. The URL provided will be checked to ensure that it is a properly formatted URL and that it is a sps URL.
Problem conclusion
The fix for this APAR is expected to be contained in the following maintenance delivery vehicle: | fix pack | 6.2.2-TIV-TFIM-FP0004
Temporary fix
Delete and re-create the federation
Comments
APAR Information
APAR number
IV31658
Reported component name
TIV FED ID MGR
Reported component ID
5724L7300
Reported release
622
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-08
Closed date
2012-11-08
Last modified date
2012-11-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIV FED ID MGR
Fixed component ID
5724L7300
Applicable component levels
R622 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.