IBM Support

PH07433: THE AUTHORIZATION HEADER IN THE \AUTHORIZATION ENDPOINT REQUEST IS SENT EMPTY

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Product components impacted: Server
    Affected mobile development environments: iOS
    Mobile Devices Operating Systems impacted: iOS,
    User roles impacted: Developer, administrator
    Distribution: Fix Central, CocoaPods, DevCenter,, Fix Central
    Versions affected: 8.0
    The authorization header in the \authorization endpoint request
    is sent empty and it may causes security software to block it.
    You can see the request body in the Analytics platform logs.
    2018-12-11 12:15:49.620878+0300 [app-name][15228:5931635]
    [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:]
    in WLRequest.m:222 :: waiting for response...
    (Thread=<NSThread: 0x280203400>{number = 1, name = main})
    2018-12-11 12:15:49.627088+0300 [app-name][15228:5931635]
    [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE]
    -[WLAFHTTPSessionManagerWrapper start] in
    WLAFHTTPSessionManagerWrapper.m:390 :: Starting the request
    with URL
    https://[host][port]/mfp/api/az/v1/authorization?client_id=700-8
    356-b3096ee0c6fa&redirect_uri=https%3A//mfpredirecturi&response_
    type=code&scope=RegisteredClient
    2018-12-11 12:15:49.925161+0300 [app-name][15228:5931635]
    [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE]
    -[WLAFHTTPSessionManagerWrapper
    requestFinished:responseObject:] in
    WLAFHTTPSessionManagerWrapper.m:406 :: Request Success
    2018-12-11 12:15:49.939709+0300 [app-name][15228:5931635]
    [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE]
    -[WLAFHTTPSessionManagerWrapper
    requestFinished:responseObject:] in
    WLAFHTTPSessionManagerWrapper.m:409 :: Response Status Code :
    200
    2018-12-11 12:15:49.942966+0300 [app-name][15228:5931635]
    [DEBUG] [WL_AUTH] -[WLAuthorizationManager
    failResponseWithResponse:error:] in
    WLAuthorizationManager.m:1405 :: WLFailResponse type expected
    but WLResponse type recieved. Response status 200; Response
    text: <p>"Header Authorization is empty"</p>
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All MobileFirst iOS native app users .                       *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * The Authorization header in the \Authorization end point has *
    * an empty header value ,which might cause the security        *
    * softwares to block the authorization request .               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • We have removed the Authorization header from \Authorization
    request end point changes have been published .Now the client
    sdk ensures that Authorization request does not contain empty
    Authorization header .
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH07433

  • Reported component name

    MOBILE1ST PF EN

  • Reported component ID

    5725I4300

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-01-17

  • Closed date

    2019-02-05

  • Last modified date

    2019-02-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    MOBILE1ST PF EN

  • Fixed component ID

    5725I4300

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
05 February 2019