Fixes are available
APAR status
Closed as program error.
Error description
OIDC session cookie name supposed to be related to the provider_<id>.identifier but related to provider_<id>.clientID instead.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server and OpenID Connect * **************************************************************** * PROBLEM DESCRIPTION: OIDC RP session cookies might be * * overwritten if more than one TAI * * config entry uses the same clientId. * **************************************************************** * RECOMMENDATION: Install a fix pack or interim fix that * * contains this APAR. * **************************************************************** OpenID Connect (OIDC) Relying Party (RP) Trust Association Interceptor (TAI) session cookies might be overwritten if two provider entries use the same clientId on the same or different OpenID providers (OPs).
Problem conclusion
The OIDC RP is using the value for the provier.<id>.clientId property to qualify each session cookie name for a provider configuration entry. Therefore, if more than one provider entry used the same value for clientId, the cookie names would be the same. The OIDC RP TAI is updated to use the provier.<id>.providerId property to qualify the session cookie name. The fix for this APAR is targeted for inclusion in fix packs 8.5.5.18 and 9.0.5.4. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH22038
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-11
Closed date
2020-04-09
Last modified date
2020-04-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
06 December 2021