APAR status
Closed as program error.
Error description
Product components impacted: Server Affected mobile development environments: iOS Mobile Devices Operating Systems impacted: iOS, User roles impacted: Developer, administrator Distribution: Fix Central, CocoaPods, DevCenter,, Fix Central Versions affected: 8.0 The authorization header in the \authorization endpoint request is sent empty and it may causes security software to block it. You can see the request body in the Analytics platform logs. 2018-12-11 12:15:49.620878+0300 [app-name][15228:5931635] [DEBUG] [WL_REQUEST] -[WLRequest sendRequest:path:withOptions:] in WLRequest.m:222 :: waiting for response... (Thread=<NSThread: 0x280203400>{number = 1, name = main}) 2018-12-11 12:15:49.627088+0300 [app-name][15228:5931635] [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE] -[WLAFHTTPSessionManagerWrapper start] in WLAFHTTPSessionManagerWrapper.m:390 :: Starting the request with URL https://[host][port]/mfp/api/az/v1/authorization?client_id=700-8 356-b3096ee0c6fa&redirect_uri=https%3A//mfpredirecturi&response_ type=code&scope=RegisteredClient 2018-12-11 12:15:49.925161+0300 [app-name][15228:5931635] [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE] -[WLAFHTTPSessionManagerWrapper requestFinished:responseObject:] in WLAFHTTPSessionManagerWrapper.m:406 :: Request Success 2018-12-11 12:15:49.939709+0300 [app-name][15228:5931635] [DEBUG] [WL_AFHTTPSessionManagerWrapper_PACKAGE] -[WLAFHTTPSessionManagerWrapper requestFinished:responseObject:] in WLAFHTTPSessionManagerWrapper.m:409 :: Response Status Code : 200 2018-12-11 12:15:49.942966+0300 [app-name][15228:5931635] [DEBUG] [WL_AUTH] -[WLAuthorizationManager failResponseWithResponse:error:] in WLAuthorizationManager.m:1405 :: WLFailResponse type expected but WLResponse type recieved. Response status 200; Response text: <p>"Header Authorization is empty"</p>
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All MobileFirst iOS native app users . * **************************************************************** * PROBLEM DESCRIPTION: * * The Authorization header in the \Authorization end point has * * an empty header value ,which might cause the security * * softwares to block the authorization request . * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
We have removed the Authorization header from \Authorization request end point changes have been published .Now the client sdk ensures that Authorization request does not contain empty Authorization header .
Temporary fix
Comments
APAR Information
APAR number
PH07433
Reported component name
MOBILE1ST PF EN
Reported component ID
5725I4300
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-01-17
Closed date
2019-02-05
Last modified date
2019-02-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MOBILE1ST PF EN
Fixed component ID
5725I4300
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
05 February 2019