APAR status
Closed as program error.
Error description
The KTP KerberosTokenConsumer security context client entry principal name is being overwritten with the Kerberos realm name due to a error in KerberosTokenConsumer.fillContext() when parsing the Kerberos ticket data.
Local fix
N/A
Problem summary
Kerberos Token Profile (KTP) security context client entry principal name contains realm name instead of client name, after moving from Java 7 to Java 8. PROBLEM DESCRIPTION: The KTP KerberosTokenConsumer security context client entry principal name is being overwritten with the Kerberos realm name due to a error in KerberosTokenConsumer.fillContext() when parsing the Kerberos ticket data.
Problem conclusion
Modified KerberosTokenConsumer.fillContext() to correctly add the client entry realm name instead of incorrectly overwriting the existing client entry principal name. The fix is delivered with "WSSKrbToken.jar", build level "20200412", to the WSS development team internally for inclusion in their product image packaging. The associated Austin CMVC defects are: 118238, 118249. The associated RTC PR is: N/A JVMs affected: N/A
Temporary fix
Comments
APAR Information
APAR number
IJ22840
Reported component name
TIV JAVA CRYPTO
Reported component ID
TIVSECJCE
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-20
Closed date
2020-04-13
Last modified date
2020-04-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
TIV JAVA CRYPTO
Fixed component ID
TIVSECJCE
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL42","label":"JCE"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
15 April 2020