APAR status
Closed as program error.
Error description
When a SAML Assertion that uses millisecond precision in its NotBefore or NotOnOrAfter timestamps is processed by DataPower, the timestamp comparison may be performed incorrectly if the message is processed in the same second as either timestamp. The resulting behavior is that assertions are falsely marked as not yet valid when compared during the same second it was created, or are incorrectly marked as valid if compared in the same second it should expire.
Local fix
Do not use millisecond precision when generating the timestamps. If currently running 3.8.1, use the skew time option.
Problem summary
If a SAML assertion contains a timestamp with millisecond precision, DataPower may reject the assertion as invalid.
Problem conclusion
DataPower processes SAML assertions containing timestamps with millisecond precision.
Temporary fix
Comments
APAR Information
APAR number
IC71722
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
380
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-10-07
Closed date
2010-12-02
Last modified date
2010-12-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R373 PSY
UP
R380 PSY
UP
R381 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 February 2022