Fixes are available
APAR status
Closed as program error.
Error description
In the OIDC Relying Party TAI, administrators may need different clientId and clientSecret for the introspection endpoint than they do for the authorization endpoint. The TAI only supports one set of values.
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server and OpenID Connect * **************************************************************** * PROBLEM DESCRIPTION: Allow an administrator to configure * * unique clientId and clientSecret * * values * * for the OP's introspect endpoint in * * the * * OIDC TAI. * **************************************************************** * RECOMMENDATION: Install a fix pack or interim fix that * * contains this APAR. * **************************************************************** In the OpenID Connect (OIDC) Relying Party (RP), the value for the clientId and clientSecret that is sent to the OpenID provider's (OP) introspection endpoint is the same as that for the authentication endpoint. If the administrator needs to send different values for clientId and clientSecret for each endpoint, they cannot do that.
Problem conclusion
The following properties are added to the OIDC TAI: provider_<id>. introspectClientId Values: The default value is the value for provider_(id).clientId. Description: Specifies the clientId to include in the requests to the OpenId Provider's introspection endpoint. provider_<id>.introspectClientSecret Values: The default value is the value for provider_(id).clientSecret Description: Specifies the clientSecret to include in the requests to the OpenId Provider's introspection endpoint. The fix for this APAR is targeted for inclusion in fix packs 8.5.5.19 and 9.0.5.6. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH27827
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-07-24
Closed date
2020-08-18
Last modified date
2020-09-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
06 December 2021