IBM Support

IC98670: DATAPOWER DOES NOT VALIDATE AND ACCEPT OAUTH TOKEN WHICH IS URL SAFE BASED ON RFC 4648 SPECIFICATIONS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The DataPower 7.0 firmware generates OAuth token "url safe" per
    RFC 4648.
    
    In a cluster environment, if the 7.0 generated token is
    used/verified by a prior firmware, crypto verification (decrypt
    and verify) fails if the token contains "/" or "+".
    

Local fix

Problem summary

  • Token validation might fail if the token is not URL-encoded but
    safe per RFC 4648.
    
    For a pre-7.0 releases of DataPower to verify the tokens
    generated by firmware 7.0, this fix is required.
    
    Tokens generated using pre-7.0 firmware releases of DataPower
    still need to be url-encoded.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC98670

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-01-10

  • Closed date

    2014-05-05

  • Last modified date

    2014-05-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R500 PSY

       UP

  • R600 PSY

       UP

  • R601 PSY

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 5.0.0

Reference #: IC98670

Modified date: 26 May 2014