PH49566: OIDC: CWTAI2047E when more than one key without alg claim in JWK

Download

Downloadable File

File link	File size	File description

Abstract

Download Description

THIS FIX HAS BEEN SUPERSEDED BY THE A LATER IFIX
This fix has been superseded by a fix for another APAR. For information on how to obtain the latest OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.

PH49566 resolves the following problem:

ERROR DESCRIPTION:

When the OpenID Connect (OIDC) Trust Association Interceptor (TAI) attempts to process a JWK that contains more than one key that does not contain an alg claim, an error similar to the following error is found in the logs:

CWTAI2047E: No key was found to verify the signature. The signature algorithm is [RS256]. The JWT [kid] claim value is [YOURKID] and the [x5t] claim value is [YOURX5T]. The [jwkEndpointUrl] is [https://acme.com/jwk.jwks]. The [signVerifyAlias] property value is [ALIAS].

This issue happens after installing fix pack 9.0.5.13.

PROBLEM CONCLUSION:

The OIDC TAI is updated to allow for keys with no "sig" claim in a JWK.

The fix for this APAR is targeted for inclusion in fix pack 8.5.5.23 and 9.0.5.14. Refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Off

Document Location

Worldwide

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdESAA0","label":"Security-\u003ESSO-\u003EOpenId Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.5;9.0.0;9.0.5"}]

Tips

PH49566: OIDC: CWTAI2047E when more than one key without alg claim in JWK

Download

Downloadable File

Abstract

Download Description

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?