IC98670: DATAPOWER DOES NOT VALIDATE AND ACCEPT OAUTH TOKEN WHICH IS URL SAFE BASED ON RFC 4648 SPECIFICATIONS
Fixes are available
Fix packs for DataPower XML Security Gateway version 6.0
Fix packs for DataPower B2B Appliance version 6.0
Fix packs for DataPower Integration Appliance version 6.0
Fix packs for DataPower Low Latency Appliance version 6.0
Fix packs for DataPower Service Gateway version 6.0
Fix packs for DataPower Service Gateway version 6.0.1
Fix packs for DataPower B2B Appliance version 6.0.1
Fix packs for DataPower Integration Appliance version 6.0.1
Closed as program error.
The DataPower 7.0 firmware generates OAuth token "url safe" per RFC 4648. In a cluster environment, if the 7.0 generated token is used/verified by a prior firmware, crypto verification (decrypt and verify) fails if the token contains "/" or "+".
Token validation might fail if the token is not URL-encoded but safe per RFC 4648. For a pre-7.0 releases of DataPower to verify the tokens generated by firmware 7.0, this fix is required. Tokens generated using pre-7.0 firmware releases of DataPower still need to be url-encoded.
Fix is available in 188.8.131.52, 184.108.40.206, and 220.127.116.11. For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels