IBM Support

PH32257: NOTSERIALIZABLEEXCEPTION WITH OIDC

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When a request is received with the OIDC RP and the
    provider_(id).accessTokenIsJwt OIDC property is set to true, an
    error like the following might occur:
    
    DYNA0052E: The cached object can not be replicated or saved to
    disk.  CacheID=88WozW3+8Rk4GbY29V4hFMM1hZVpFL8jN6q7wy5YVcI=
    ClassName=com.ibm.ws.security.oidc.client.SessionData
    Type=cache-value
    Exception=java.io.NotSerializableException:
    com.ibm.ws.security.oidc.client.jose4j.util.OidcTokenImplBase
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    *                  and OIDC.                                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: When using the OIDC RP and              *
    *                      accessTokenIsJwt=true, a                *
    *                      NotSerializableException might occur.   *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack or interim fix that      *
    *                  contains this APAR.                         *
    ****************************************************************
    When a request is received with the OpenID Connect (OIDC)
    relying
    party (RP) Trust Association Interceptor (TAI) and the
    provider_(id).accessTokenIsJwt OIDC property is set to true, a
    java.io.NotSerializableException error might occur.
    

Problem conclusion

  • The
    com.ibm.ws.security.oidc.client.jose4j.util.OidcTokenImplBase
    object is not serializable.
    
    When accessTokenIsJwt=true, an OidcTokenImplBase object is
    included in the SessionData object that is stored in DynaCache,
    but it is not needed.
    
    The OidcTokenImplBase object is removed from the SessionData
    object that is stored in DynaCache.
    
    The fix for this APAR is targeted for inclusion in fix pack
    8.5.5.20 and 9.0.5.7. For more information, see 'Recommended
    Updates for WebSphere Application Server':
    https://www.ibm.com/support/pages/node/715553
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH32257

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    900

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-12-02

  • Closed date

    2021-02-12

  • Last modified date

    2021-02-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"900"}]

Document Information

Modified date:
14 February 2021