Fixes are available
IBM Tivoli Federated Identity Manager 6.2.0 fix pack 3 (6.2.0-TIV-TFIM-FP0003)
Tivoli Federated Identity Manager 6.2.0 Fixpack 8 (6.2.0-TIV-TFIM-FP0008)
Tivoli Federated Identity Manager 6.2.0 Fixpack 9 (6.2.0-TIV-TFIM-FP0009)
Tivoli Federated Identity Manager 6.2.0 Fixpack 13 (6.2.0-TIV-TFIM-FP0013)
APAR status
Closed as program error.
Error description
Note this defect only affects users of username/password managed information card identity provider configurations. When tracing is turned on for the class com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate and someone presents a username/password information card at the IDP to exchange for a SAML assertion, the user's password is logged in trace. To recreat: Set up and InforCard IDP federation and turn on the trace string: com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate=all Then authenticate to a relying-party with a username/password managed card and check trace.
Local fix
Don't turn on trace for that class, or be very aware that passwords may appear in trace text and don't send them unaltered to anyone.
Problem summary
CMVC 88384
Problem conclusion
The fix for this APAR will be contained in the following maintenance packages: | fix pack | 6.2.0-TIV-TFIM-FP0002 |
Temporary fix
Comments
APAR Information
APAR number
IZ44560
Reported component name
TIV FED ID MGR
Reported component ID
5724L7300
Reported release
620
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-02-23
Closed date
2009-03-28
Last modified date
2009-05-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIV FED ID MGR
Fixed component ID
5724L7300
Applicable component levels
R620 PSY
UP
R600 PSN
UP
R610 PSN
UP
R611 PSN
UP
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSZSXU","label":"Tivoli Federated Identity Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620"}]
Document Information
Modified date:
29 December 2021