A fix is available
APAR status
Closed as program error.
Error description
You are attempting to deploy Web Services with CICS as a provider. You have a simple Webservice that simply echos data to perform initial testing and have been successful. You are now attempting to introduce WS-Security into the environment with <authentication trust="basic" mode="basic" as described at http://www-1.ibm.com/support/docview.wss?rs=166&uid=swg21248735 When you attempt to invoke the Web Service we receive the following fault: <SOAP-ENV:Fault> <faultcode>wsse:InvalidSecurity</faultcode> <faultstring>ERROR: Caught *XSECException* during operation: processMessage()</faultstring> <detail> <e:myfaultdetails xmlns:e="http://www.ibm.com/software/htp/cics/wssec"> <message>SecurityContext::checkId - Duplicate 'wsu:Id' value within header</message> <errorcode>1</errorcode> </e:myfaultdetails> </detail> </SOAP-ENV:Fault> . Defect 18673 found in TS 3.2 should fix this issue. . The problem occurs because you haven't given your UsernameTokens a wsuID. The method that checks for duplicates thus registers the wsuID as a null! So on the second UsernameToken with a null id, it thinks it's found a duplicate.
Local fix
If customer has control over the message sent by the client, then he can add a unique wsuID attribute to each UsernameToken.
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users with PK49136 applied. * **************************************************************** * PROBLEM DESCRIPTION: Duplicate wsuID error using WS * * security. * **************************************************************** * RECOMMENDATION: * **************************************************************** A provider webservice is running CICS with WS-Security active. The authentication is set to: <authentication mode="basic" trust="basic"> This authentication says that the issuer of the request identifies themselves via a UsernameToken and the userid that the work is to run is identified by a second UsernameToken. If there is a wsuID attribute present as part of the UsernameToken element, it should be unique. In this case the attribute for both tokens was null. CICS processed the first element successfully and registered a wsuID of null for that element. When the second element was processed the wsuid was checked to make sure it was unique. This was also null so it was deemed to be a duplicate and an exception was raised causing a SOAP fault to be returned. In addition, PK49136 caused the fix supplied by PK29380 to be removed. The problem described by PK29380 will appear again after PK49136 is applied.
Problem conclusion
UK29407 Routine xml-security-c-1.1.0/xsec/wsse/SecurityContext.cpp has been changed to bypass the check for a unique wsuID if the wsuID has not been supplied. The fix for PK29380 has also been reinstated.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK55244
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-10-23
Closed date
2008-02-11
Last modified date
2008-03-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK33621
Modules/Macros
DFHWSSE1 DFHWS002 DFHWS003 DFHWS004 DFHWS005 DFHWS006 DFHWS007 DFHWS008 DFHWS009 DFHWS010 DFHWS011 DFHWS012 DFHWS013 DFHWS014 DFHWS015 DFHWS016 DFHWS017 DFHWS018 DFHWS019 DFHWS020 DFHWS021 DFHWS022 DFHWS023 DFHWS024 DFHWS025 DFHWS026 DFHWS027 DFHWS028 DFHWS029 DFHWS030 DFHWS031 DFHWS032 DFHWS033 DFHWS034 DFHWS035 DFHWS036 DFHWS037 DFHWS038 DFHWS039 DFHWS040 DFHWS041 DFHWS042 DFHWS043 DFHWS044 DFHWS045 DFHWS046 DFHWS047 DFHWS048 DFHWS049 DFHWS050 DFHWS051 DFHWS052 DFHWS053 DFHWS054 DFHWS055 DFHWS056 DFHWS057 DFHWS058 DFHWS059 DFHWS060 DFHWS061 DFHWS062 DFHWS063 DFHWS064 DFHWS065 DFHWS066 DFHWS067 DFHWS068 DFHWS069 DFHWS070 DFHWS071 DFHWS072 DFHWS073 DFHWS074 DFHWS075 DFHWS076 DFHWS077 DFHWS078 DFHWS079 DFHWS080 DFHWS081 DFHWS082 DFHWS083 DFHWS084 DFHWS085 DFHWS086 DFHWS087 DFHWS088 DFHWS089 DFHWS090 DFHWS091 DFHWS092 DFHWS093 DFHWS094
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R40W PSY UK33621
UP08/02/14 P F802
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 March 2008