IBM Support

IT40243: CLIENT-SECURITY POLICY MAY NOT DETECT INVALID SUBSCRIPTION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When using the assembly action client-security feature
(available in API assembly) in an unsecured API, invalid
subscription may not be detected and request could return a 200
OK code.

Local fix

  • Enforcing security schema in the API or a Global Policy can be
configured to circumvent it.
More details on this can be found
here:https://github.com/ibmArtifacts/GlobalPolicy_and_UDP

Problem summary

  • A Client-security policy may not detect an invalid subscription.

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT40243
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    A0X
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-03-10
    • 

  • Closed date
    2022-04-21
    • 

  • Last modified date
    2022-04-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            22 April 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback