IV33981: IBM TFIM CONTROL OPTIONAL WS-FED ELEMENTS WST:RENEWING, WST:FORWARDABLE, WST:STATUS, AND WST:DELEGATABLE
A fix is available
Closed as program error.
TFIM generates a WS-FED message that contains the optional elements wst:Renewing, wst:Forwardable, wst:Status, and wst:Delegatable. There are some vendor products that are unable to process these elements correctly, so in order to interoperate with these other vendors FIM needs to be able to suppress the addition of these elements in the response. This should have at least the fine grain control of setting this on a per partner level.
Some Service Providers for the WS-Federation Passive Profile do not accept RequestSecurityTokenResponse that contain certain elements. For example, Sharepoint does not accept RequestSecurityTokenResponse that contains the elements wst:Forwardable, wst:Delegatable, wst:Status and wst:Renewing. However, these elements are present in the RequestSecurityTokenResponse generated by the TFIM Identity Provider for the WS-Federation Passive Profile.
The fix for this APAR is contained in the following maintenance packages: | fix pack | 6.2.1-TIV-TFIM-FP0005
Reported component name
TIV FED ID MGR
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
TIV FED ID MGR
Fixed component ID
Applicable component levels