IV31660: IBM TFIM CONTROL OPTIONAL WS-FED ELEMENTS WST:RENEWING, WST:FORWARDABLE, WST:STATUS, AND WST:DELEGATABLE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • TFIM generates a WS-FED message that contains the optional
    elements wst:Renewing, wst:Forwardable, wst:Status, and
    wst:Delegatable.  There are some vendor products that are unable
    to process these elements correctly, so in order to interoperate
    with these other vendors FIM needs to be able to suppress the
    addition of these elements in the response.  This should have at
    least the fine grain control of setting this on a per partner
    level.
    

Local fix

  • Modification of the ip_post_to_sp.html with javascript can be
    used to remove these elements before posting the response,
    however this poses several challenges as the javascript needs to
    be compatible with all browsers which requires a high level of
    Maintenance.
    

Problem summary

  • Some Service Providers for the WS-Federation Passive Profile
    do not accept RequestSecurityTokenResponse that contain
    certain elements. For example, Sharepoint does not accept
    RequestSecurityTokenResponse that contains the elements
    wst:Forwardable, wst:Delegatable, wst:Status and wst:Renewing.
    However, these elements are present in the
    RequestSecurityTokenResponse generated by the TFIM Identity
    Provider for the WS-Federation Passive Profile.
    

Problem conclusion

  • The fix for this APAR is contained in the following maintenance
    packages:
    | fix pack | 6.2.2-TIV-TFIM-FP0004
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV31660

  • Reported component name

    TIV FED ID MGR

  • Reported component ID

    5724L7300

  • Reported release

    622

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-08

  • Closed date

    2012-11-08

  • Last modified date

    2012-11-08

  • APAR is sysrouted FROM one or more of the following:

    IV24603

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TIV FED ID MGR

  • Fixed component ID

    5724L7300

Applicable component levels

  • R622 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Federated Identity Manager

Software version:

622

Reference #:

IV31660

Modified date:

2012-11-08

Translate my page

Machine Translation

Content navigation