PH08485: JWT SSO USABILITY ENHANCEMENTS FOR LIBERTY 18.0.0.3

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Several enhancements to Liberty are required to improve the
  usability of the jwtSso-1.0 feature.
  .
  If a JWT SSO cookie is expired or invalid, Liberty emits error
  messages which can fill up the log.  These messages include
  CWWKS5523E, CWWKS5524E, CWWKS6031E, and CWWKS6025E.  Where
  possible these messages should be suppressed to mirror the
  behavior of LTPA cookies.
  .
  The property "useAuthenticationDataForUnprotectedResource" does
  not currently apply to the JWT SSO cookie.  It should have the
  same behavior as the LTAP cookie.
  .
  There is no API available to get the JWT SSO cookie name.  An
  equivalent function is provided to get the LTPA cookie name.
  .
  The JsonWebToken class is not available when the jwtSso-1.0
  feature is enabled.  This class is used to represent the JWT
  used by the jwtSso-1.0 feature and is required in order for
  applications to be able to parse the JWT.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of IBM WebSphere Application       *
  *                 Server Liberty                               *
  ****************************************************************
  * PROBLEM DESCRIPTION: JWT usability improvements for Liberty  *
  *                      Embedded z/OS                           *
  *                                                              *
  *                      This PTF delivers service for the IBM   *
  *                      z/OS Liberty Embedded product (HWLPEM0) *
  *                      18.0.0.3 fix pack stream.               *
  ****************************************************************
  Several usability issues in the JWT support for Liberty are
  described in GitHub issues 6034, 6241, 6246, 6248, 6663 and
  6833. More information can be found at the following link:
    http://github.com/openliberty/Open-Liberty
  
  This PTF delivers service for the IBM z/OS Liberty Embedded
  product (HWLPEM0) 18.0.0.3 fix pack stream.
  

Problem conclusion

• Code was added to address the JWT usability issues described in
  GitHub issues 6034, 6241, 6246, 6248, 6663 and 6833.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• BBL18003 BBLS1803
  

Fix information

• Fixed component name

  LIBERTY PROF -

• Fixed component ID

  5655W6514

Applicable component levels

• REM0 PSY UI62369

     UP19/04/12 P F904

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.