Fixes are available
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
PH13175: OIDC v1.2.0; OIDC RP tokens are not revoked when sessions are evicted from the cache
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
PH29099: OIDC v1.3.1; OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
PH39666: OIDC v1.3.2; OIDC RP: Initial login might fail when the OIDC stateId contains special characters
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
When a POST body with newline fields is saved by the tWAS OpenId Connect (OIDC) Relying Party (RP), an extra <br/> tag is added to the saved data.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server and * * OpenID Connect Relying Party * **************************************************************** * PROBLEM DESCRIPTION: The OIDC TAI always transforms * * newlines in POST data to <br> * **************************************************************** * RECOMMENDATION: Install a fix pack or interim fix that * * contains this APAR. * **************************************************************** After successful authentication, the OpenID Connect (OIDC) Relying Party (RP) Trust Association Interceptor (TAI) always encodes the HTTP post data before redirecting to the target URL. New line characters are always being transformed into <br> tags. Application developers may require that the new line characters remain in the POST parameters.
Problem conclusion
The following OIDC TAI custom property is added: provider_<id>.encodeNewline, default=true When encodeNewline is set to false, the new line characters that exist in POST data will not be transformed into encoded <br> tags. The OIDC TAI is also updated so that, when it encodes the POST data, instead of replacing a new line with a <br> tag, it replaces with the encoded form of the tag, <br;> The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.11. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH02192
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-08-27
Closed date
2018-11-06
Last modified date
2018-11-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
Document Information
Modified date:
28 April 2022