IBM Support

PH02361: WEBSPHERE LIBERTY OIDC CLIENT IMPLEMENTATION IS PROXY-UNAWARE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The OpenID Connect (OIDC) client is not able to use the
    https.proxyHost and https.proxyPort settings in the JVM when
    communicating with the OpenID Connect provider.  Each URL in
    the OIDC configuration must route to the proxy host/port,
    then the team that manages the proxy, must set up a routing
    rule for the endpoints that need to go through the proxy to
    the OP.
    
    This requirement can present an administrative problem for
    customers.
    

Local fix

  • L3 is building test fix.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Liberty    *
    *                  administrators of OpenID Connect            *
    ****************************************************************
    * PROBLEM DESCRIPTION: The OpenID Connect client does not      *
    *                      honor the https.proxyHost and           *
    *                      https.proxyPort JVM properties          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The OpenID Connect client does not allow an administrator to use
    the http(s).proxyHost and http(s).proxyPort JVM properties to
    route HTTP requests that it makes through a proxy.
    

Problem conclusion

  • The OpenID Connect client runtime is updated to allow an
    administrator to use the http(s).proxyHost and http(s).proxyPort
    settings in the JVM to route HTTP requests that it makes through
    a proxy.  To use the proxy settings, set the following attribute
    on your openidConnectClient configuration:
    
    useSystemPropertiesForHttpClientConnections=true
    
    This attribute is added to the following component
    configurations:
    openidConnectClient
    jwtConsumer
    mpJwt
    googleLogin
    twitterLogin
    facebookLogin
    githubLogin
    linkedinLogin
    oauth2Login
    oidcLogin
    
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 18.0.0.4.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH02361

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-08-30

  • Closed date

    2019-01-11

  • Last modified date

    2019-01-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 October 2021