IBM Support

PH11684: OIDC: FAILED TO VALIDATE ID TOKEN, EXCEPTION THROWN DURING VERIFY [UNSUPPORTEDOPERATIONEXCEPTION: ]

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The OpenID Connect Relying Party may emit the following
    error when a JWT received from an OpenID provider contains a
    nested JSON array:
    
    SECJ0126E: Trust Association failed during validation. The
    exception is
    com.ibm.websphere.security.WebTrustAssociationFailedException :
    CWTAI2007E: The OpenID Connect relying party (RP) encountered a
    failure during the login. The exception is
    [com.ibm.ws.security.oidc.client.RelyingPartyException: Failed
    to validate id token, exception thrown during verify
    [JsonObject]]. Check the logs for details that lead to this
    exception.
    at
    com.ibm.ws.security.oidc.client.RelyingParty.handleSigninCall
    bac k(RelyingParty.java:532)
    at
    com.ibm.ws.security.oidc.client.RelyingParty.negotiateValidatean
    dEstablishTrust(RelyingParty.java:301)
    at
    com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablish
    edTrust(TAIWrapper.java:103)
    at
    com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(
    WebAuthenticator.java:438)
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server users of   *
    *                  OpenID Connect                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: The OIDC TAI cannot process JWTs that   *
    *                      contain nested JSON arrays              *
    ****************************************************************
    * RECOMMENDATION:  Installl a fix pack or interim fix that     *
    *                  contains this APAR.                         *
    ****************************************************************
    The OpenID Connect (OIDC) Relying Party (RP) Trust Association
    Interceptor (TAI) is unable to process JWTs that contain
    nested JSON arrays.  If JWT with a nested JSON array is
    received, the following error will be emitted:
    ECJ0126E: Trust Association failed during validation. The
    exception is
    com.ibm.websphere.security.WebTrustAssociationFailedException :
    CWTAI2007E: The OpenID Connect relying party (RP) encountered a
    failure during the login. The exception is
    [com.ibm.ws.security.oidc.client.RelyingPartyException: Failed
    to validate id token, exception thrown during verify
    [JsonObject]]
    

Problem conclusion

  • The OIDC TAI is updated so that it can process JWTs that
    contain nested JSON arrays.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.16 and 9.0.5.1.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH11684

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-05-02

  • Closed date

    2019-06-19

  • Last modified date

    2019-06-19

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"900","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
14 October 2021