IBM Support

PI85213: FEDERATED REPOSITORY MAY NOT USE UNIQUEGROUPIDMAPPING OUTPUTPROPERTY WHEN CALLING USERREGISTRY.GETUNIQUEGROU

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Federated Repository was using uniqueUserIdMapping
    outputProperty instead of the uniqueGroupIdMapping
    outputProperty for one code path when
    UserRegistry.getUniqueGroupId() was called. The error occurs
    in
    calls to WIMUserRegistry.getUniqueGroupId() which can can be
    made when using Federated Repositories by directly calling
    the
    UserRegistry API or during the normal flow of authentication
    and authorization.
    
    The result is that UserRegistry implementations (including
    the
    basic registry, and custom user registries) may return an
    unexpected unique group ID. By default, both the
    outputProperty
    for uniqueUserIdMapping and uniqueGroupIdMapping is
    "uniqueName", so the errant behavior is limited to
    configurations where the customer has overridden one of the
    two
    properties.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty- Virtual Member Manager      *
    *                  (VMM)                                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: Federated Repository may not use        *
    *                      uniqueGroupidMapping outputProperty     *
    *                      when calling                            *
    *                      UserRegistry.getUniqueGroupId().        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Federated Repository was using uniqueUserIdMapping
    outputProperty instead of the uniqueGroupIdMapping
    outputProperty for one code path when
    UserRegistry.getUniqueGroupId() was called. The error occurs in
    calls to WIMUserRegistry.getUniqueGroupId() which can be made
    when using Federated Repositories by directly calling the
    UserRegistry API or during the normal flow of authentication and
    authorization.
    
    The result is that UserRegistry implementations (including the
    basic registry, and custom user registries) may return an
    unexpected unique group ID. By default, both the outputProperty
    for uniqueUserIdMapping and uniqueGroupIdMapping is
    "uniqueName", so the errant behavior is limited to
    configurations where the customer has overridden one of the two
    properties.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI85213

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-07-28

  • Closed date

    2017-09-25

  • Last modified date

    2017-09-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
14 December 2020