APAR status
Closed as program error.
Error description
If SOAPINput node is configured to handle ws-security signed and/or encrypted messages using kerberos token, the ws-security layer provides username and realm value which can be seen in IdentitySourceToken and IdentitySourceIssuedBy fields of message tree. However, its seen that, in IIB versions shipping Java 8 , the IdentitySourceToken is populated with realm value and IdentitySourceIssuedBy holds the string "SOAP_WS_SECURITY"
Local fix
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM Integration Bus v10 and IBM App Connect Enterprise v11 using Kerberos tokens for SOAP Ws-Security. Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: <span style="background-color:rgb(255, 255, 255)">When a SOAPInput node is configured to handle ws-security signed and/or encrypted messages using Kerberos token, the username and realm values get populated in the IdentitySourceToken and IdentitySourceIssuedBy fields of </span><span style="background-color:rgb(255, 255, 255)">the message tree respectively. For IIB versions shipping java8, these fields are seen having wrong values with the realm value in IdentitySourceToken and the string "SOAP_WS_SECURITY" in IdentitySourceIssuedBy .</span> <span style="background-color:rgb(255, 255, 255)"> </span> <span style="background-color:rgb(255, 255, 255)"> </span>
Problem conclusion
The problem is fixed in the Ws-Security layer to return the right username and realm value which gets reflected in the message tree. The corresponding Ws-Security runtime APAR under which the issue fixed is PH22517. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.21 v11.0 11.0.0.9 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT32035
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-28
Closed date
2020-06-17
Last modified date
2020-06-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0540
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
18 June 2020