APAR status
Closed as program error.
Error description
override_provider_ttl option for OIDC user registry does not seem to work. User have tested couple of scenarios: - Create OIDC user registry with override_provider_ttl false and configured it in Cloud Manager. User invited a new user to Admin org and assigned a role. I have validated that access token TTL was set to 1 hour (inherited from identity provider). User have changed override_provider_ttl to true. User have logged out and logged back in to get a new token. I still got TTL of 1 hour on access token, instead of expected 8 hours (APIC default). User changed the Access Token TTL in Onboarding settings to 4 hours. Logged out and logged back in again - again got 1 hour TTL on access token instead of expected 4. Restarted APIM pod. Logged out and logged in - still got 1 hour TTL on access token. - user have created OIDC UR using override_provider_ttl to true from the start. After onboarding a new member user received a token with 1 hour TTL instead expected 4 hours. The expectation here is that override_provider_ttl option when enabled will override TTL of access token that is received from IDP will be re-written to what is set up in Onboarding settings in Cloud Manager, instead of honoring IDP settings. This should be valid for both Cloud Manager and API Manager login.
Local fix
Problem summary
<div><span style="font-family:arial,helvetica,sans-serif"><span style="font-size:12px"><span style="background-color:rgb(255, 255, 255)">OVERRIDE_PROVIDER_TTL (</span>Use IBM APIC token expiration setting from the cloud) property change doesn't take into effect when user modifies this property in <span style="background-color:rgb(255, 255, 255)">OIDC User Registry in API Manager and Cloud Manager.</span></span></span></div>
Problem conclusion
<span style="font-family:arial,helvetica,sans-serif"><span style="font-size:12px"><span style="background-color:rgb(255, 255, 255);color:rgb(36, 41, 46)">The fix is targeted for inclusion in IBM API Connect v10.0.1.7 and v10.0.5 </span></span></span>
Temporary fix
Comments
APAR Information
APAR number
LI82621
Reported component name
API CONNECT ENT
Reported component ID
5725Z2201
Reported release
A0X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-05-13
Closed date
2022-07-15
Last modified date
2022-09-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
API CONNECT ENT
Fixed component ID
5725Z2201
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
08 September 2022