IV33981: IBM TFIM CONTROL OPTIONAL WS-FED ELEMENTS WST:RENEWING, WST:FORWARDABLE, WST:STATUS, AND WST:DELEGATABLE

APAR status

Closed as program error.

Error description

TFIM generates a WS-FED message that contains the optional
elements wst:Renewing, wst:Forwardable, wst:Status, and
wst:Delegatable.  There are some vendor products that are unable
to process these elements correctly, so in order to interoperate
with these other vendors FIM needs to be able to suppress the
addition of these elements in the response.  This should have at
least the fine grain control of setting this on a per partner
level.

Local fix

Modification of the ip_post_to_sp.html with javascript can be
used to remove these elements before posting the response,
however this poses several challenges as the javascript needs to
be compatible with all browsers which requires a high level of
Maintenance.

Problem summary

Some Service Providers for the WS-Federation Passive Profile
do not accept RequestSecurityTokenResponse that contain
certain elements. For example, Sharepoint does not accept
RequestSecurityTokenResponse that contains the elements
wst:Forwardable, wst:Delegatable, wst:Status and wst:Renewing.
However, these elements are present in the
RequestSecurityTokenResponse generated by the TFIM Identity
Provider for the WS-Federation Passive Profile.

Problem conclusion

The fix for this APAR is contained in the following maintenance
packages:
| fix pack | 6.2.1-TIV-TFIM-FP0005

Temporary fix

Add JavaScript to the ip_post_to_sp.html
page to remove the elements. See
https://www.ibm.com/support/entdocview.wss?uid=swg24029517
for example. Note that this is not compatible with
all browsers.

Comments

APAR Information

APAR number
IV33981
Reported component name
TIV FED ID MGR
Reported component ID
5724L7300
Reported release
621
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-12-26
Closed date
2012-12-26
Last modified date
2012-12-26

APAR is sysrouted FROM one or more of the following:

IV24603
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
TIV FED ID MGR
Fixed component ID
5724L7300

Applicable component levels

R621 PSY
UP

Rate this page:

(0 users)Average rating

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Document information

Tivoli Federated Identity Manager

Software version:
621

Reference #:
IV33981

Modified date:
2012-12-26

IV33981: IBM TFIM CONTROL OPTIONAL WS-FED ELEMENTS WST:RENEWING, WST:FORWARDABLE, WST:STATUS, AND WST:DELEGATABLE

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R621 PSY

Rate this page:

Copyright and trademark information

Rate this page:

Add comments

Document information

Translate my page

Content navigation

Footer links