APAR status
Closed as program error.
Error description
Periodically, the following java.lang.IllegalArgumentException error occurs when attempting to refresh an access token with the com.ibm.websphere.security.oidc.util.OidcClientHelper.getValidAc cessToken API: [5/4/22 11:37:51:024 CDT] 000000da OidcHelper 3 java.lang.IllegalArgumentException: The cache id is not found in the cache's mapping table when adding alias at com.ibm.ws.cache.Cache.addAlias(Cache.java:2944) at com.ibm.ws.cache.DistributedObjectCacheAdapter.common_addAlias(D istributedObjectCacheAdapter.java:951) at com.ibm.ws.cache.DistributedMapImpl.addAlias(DistributedMapImpl. java:186) at com.ibm.ws.security.oidc.client.SessionData.cacheAsAccessToken(S essionData.java:1683) at com.ibm.ws.security.oidc.client.SessionData.setAccessToken(Sessi onData.java:1494) at com.ibm.ws.security.oidc.client.SessionData.processJSON(SessionD ata.java:328) at com.ibm.ws.security.oidc.client.SessionData.processJSON(SessionD ata.java:293) at com.ibm.ws.security.oidc.client.SessionData.update(SessionData.j ava:277) at com.ibm.ws.security.oidc.client.SessionData.refreshAccessToken(S essionData.java:2291) at com.ibm.ws.security.oidc.util.OidcHelper$1.run(OidcHelper.java:2 47) at java.security.AccessController.doPrivileged(AccessController.jav a:734) at com.ibm.ws.security.oidc.util.OidcHelper.getValidAccessToken(Oid cHelper.java:244) at com.ibm.ws.security.oidc.util.OidcHelper.getValidAccessToken(Oid cHelper.java:211) at com.ibm.ws.security.oidc.util.OidcHelper.getValidAccessToken(Oid cHelper.java:199) at com.ibm.websphere.security.oidc.util.OidcClientHelper.getValidAc cessToken(OidcClientHelper.java:259)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * and the OIDC TAI * **************************************************************** * PROBLEM DESCRIPTION: The OIDC getValidAccessToken API might * * fail with an IllegalArgumentException * * error. * **************************************************************** * RECOMMENDATION: Install a fix pack or interim fix that * * contains this APAR. * **************************************************************** The com.ibm.websphere.security.oidc.util.OidcClientHelper.getValidAc ce ssToken API might fail with the following error: java.lang.IllegalArgumentException: The cache id is not found in the cache's mapping table when adding alias
Problem conclusion
The OIDC getValidAccessToken API appears to encounter this error in the following scenario: 1. the session data object for the access token is retrieved from the cache 2. the access token is expired and a refresh action starts 3. before the access token is refreshed and the session data is re-written to the cache, the session data object is removed from the cache by DynaCache. The OIDC TAI is updated to check for the session data object in the cache before rewriting it after a token refresh. If the session data is no longer in the cache, a null value is returned from the API instead of the refreshed token. The fix for this APAR is targeted for inclusion in fix pack 8.5.5.23 and 9.0.5.13. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH46408
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-05-13
Closed date
2022-06-17
Last modified date
2022-06-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]
Document Information
Modified date:
18 June 2022