Direct link to fix
APAR status
Closed as program error.
Error description
After you upgrade to IBM Business Automation Workflow V18.0.0.2 or later, invoking an external REST service might fail with an HTTP 401 error if the OpenAPI definition doesn't specify a security definition of basic authentication for the respective operation; however, the REST service does require basic authentication.
Local fix
Correct the incomplete OpenAPI definition of the external REST service by specifying basic authentication in the OpenAPI definition for the respective operation. Then, rediscover the external REST service, create a new snapshot of your process application, and install it into the runtime environment. Note: This approach is not a workaround but rather the required action in any case. The property is meant only as a temporary mitigation until the process application is corrected, such that it contains external REST services that are based on valid and complete OpenAPI specifications.
Problem summary
For a REST service invocation, Business Automation Workflow requires a valid and fully specified OpenAPI definition, including respective security definitions for the operations of that REST service, as documented in "Invoking a REST service" (https://www.ibm.com/support/knowledgecenter/SS8JB4_20.x/com.i bm.wbpm.wle.editor.doc/topics/textsrvrest.html). If an OpenAPI specification doesn't contain security definitions for an operation that means the operation doesn't require that any security-related headers to be sent. And, correspondingly, if an OpenAPI definition comprises any security requirements, the runtime environment handles them accordingly. In 18.0.0.2, the handling of some scenarios had to be fixed. PRODUCTS AFFECTED IBM Business Automation Workflow
Problem conclusion
A circumvention is available or will be available to temporarily restore the behavior that existed before 18.0.0.2 until you corrected the OpenAPI definition, and rediscovered your external REST service, as explained in the Local Fix section of this APAR. You can temporarily restore the behavior that existed before 18.0.0.2 by adding the following lines to the 100Custom.xml file: <server> <external-service-rest-invocation> <enforce-pre18002-basic-auth-header-handling merge="replace">true</enforce-pre18002-basic-auth-header-handlin g> </external-service-rest-invocation> </server> By setting enforce-basic-auth-header to true, a basic authentication header is added to the request if basic authentication credentials are specified on the REST server or in the Script task even though the call operation doesn't specify a basic authentication security definition in the OpenAPI definition. By setting enforce-basic-auth-header to false, a basic authentication header is added only to the request if basic authentication security definition is specified for the operation in the OpenAPI definition. This behavior is the default and correct behavior. Use this property only temporarily.
Temporary fix
Comments
APAR Information
APAR number
JR62806
Reported component name
BUS AUTO WORKFL
Reported component ID
5737H4100
Reported release
J00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-09-15
Closed date
2020-11-11
Last modified date
2020-11-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BUS AUTO WORKFL
Fixed component ID
5737H4100
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"19.0.0.1"}]
Document Information
Modified date:
14 December 2020