IZ66908: POST MESSAGE TO RETURN_TO URL SHOULD USE QUERY STRING IF POSSIBLE

IBM Tivoli Federated Identity Manager 6.2.0 fix pack 3 (6.2.0-TIV-TFIM-FP0003)
Tivoli Federated Identity Manager 6.2.0 Fixpack 8 (6.2.0-TIV-TFIM-FP0008)
IBM Tivoli Federated Identity Manager Business Gateway v6.2.0, Fix Pack 8, 6.2.0-TIV-TFIMBG-FP0008
Tivoli Federated Identity Manager 6.2.0 Fixpack 9 (6.2.0-TIV-TFIM-FP0009)
Tivoli Fed Id Mgr Business Gateway v6.2.0, Fix Pack 9, 6.2.0-TIV-TFIMBG-FP0009
Tivoli Federated Identity Manager 6.2.0 Fixpack 13 (6.2.0-TIV-TFIM-FP0013)
Tivoli Fed Id Mgr Business Gateway v6.2.0, Fix Pack 13, 6.2.0-TIV-TFIMBG-FP0013

APAR status

• Closed as program error.

Error description

• When sending an indirect message to an OpenID partner (typically
  the
  response from an OP to an RP), if the URL that the message is to
  be sent to contains query string parameters we currently ALWAYS
  move these query-string parameters to FORM input parameters.
  
  This actually breaks interoperability with the DOTNET RP
  implementation.
  Section 11.1 of the OpenID 2.0 spec requires
  these parameters to remain as part of the URL.
  

Local fix

Problem summary

• In this defect we will check the size of the target URL, and if
  it's length
  is not too long, we will keep that URL intact in the POST,
  otherwise
  we will default to existing behaviour and move all the query
  string
  parameters to the POST body.
  
  CMVC Defect:
  IZ66908
  

Problem conclusion

• The fix for this APAR will be contained in the following
  maintenance packages:
  
  | fix pack | 6.2.0.3-TIV-TFIM-FP0003 |
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  TIV FED ID MGR

• Fixed component ID

  5724L7300

Applicable component levels

• R620 PSY

     UP