APAR status
Closed as program error.
Error description
When the OpenID Connect (OIDC) Trust Association Interceptor (TAI) is configured with multiple providers that use the same discovery endpoint URL, the TAI will send a request to the discovery endpoint multiple times.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server and OIDC * * * **************************************************************** * PROBLEM DESCRIPTION: The OIDC TAI may invoke a discovery * * endpoint multiple times and slow down * * server startup * **************************************************************** * RECOMMENDATION: Install a fix pack or interim fix that * * contains this APAR. * **************************************************************** When the OIDC TAI is configured to use the same discovery endpoint URL for more than one provider entry, the TAI is sending a request to the discovery endpoint multiple times. If there are many provider entries that use the same discovery URL, the time for the server to start up can be negatively affected.
Problem conclusion
During server startup, the OIDC TAI reads configuration data and populates its configuration objects in memory so that it is ready when the application server starts receiving requests. When an OP discovery endpoint URL is specified for a provider entry in the OIDC TAI configuration, the TAI will send a request to the URL to obtain discovery information. If the same discovery endpoint URL is specified for more than one provider entry, a request to that URL will be made for each provider entry. The OIDC TAI is updated so that it invokes each configured discovery endpoint URL once, then caches the data for use by all provider entries that are configured to use it. The fix for this APAR is targeted for inclusion in fix packs 8.5.5.22 and 9.0.5.12. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH30118
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-10-01
Closed date
2022-02-07
Last modified date
2022-02-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0"}]
Document Information
Modified date:
08 February 2022