Troubleshooting
Problem
This document contains information about and a link to the latest version of the WebSphere® Application Server OpenID Connect (OIDC) Trust Association Interceptor (TAI). If you are having any issues with your OIDC TAI, ensure that you are running the latest version of the TAI before you start to troubleshoot the problem.
Resolving The Problem
Component: Topic:
LATEST VERSION: 1.3.1
The latest version of the OIDC TAI can be found here:
PH29099: OIDC v1.3.1; OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap
The latest version of the OIDC TAI is 1.3.1. Instructions for how to determine the version of your OIDC TAI are included later in this document.
The following WebSphere Application Server fix packs contain the latest version of the OIDC TAI:
WebSphere Application Server Release | Earliest fix pack containing latest OIDC version |
8.5.5 | n/a |
9.0 | 9.0.5.6 |
WHAT IT IS:
The OIDC TAI implementation is encapsulated in a single JAR file and can be replaced in its entirety to update to the latest version of the code. The OIDC TAI code is updated frequently, so IBM support regularly publishes new versions of the OIDC TAI outside of the fix pack cycles.
That APAR interim fix link that is provided in this document includes the following information:
|
WHAT TO DO:
When you are not running the latest version of the OIDC TAI, you can do one of the following to update your OIDC TAI to the latest version:
|
OBTAINING THE OIDC TAI VERSION FROM YOUR JAR:
To determine the version of the OIDC TAI that you have, you can do the following in a command window:
cd (was_home)/plugins java -cp ./com.ibm.ws.security.oidc.client.jar com.ibm.ws.security.oidc.util.Version com.ibm.ws.security.oidc.client.jar 1.05 |
When the JAR file was installed with an APAR interim fix, the version that is displayed will be in numeric form, for example: 1.05. When the JAR file was installed with a fix pack, the version will be displayed with fix pack information, for example: 8.5.5 cf091605.01.
When when you run this command, you get the following error, then you are running an outdated version of the OIDC TAI and you must install the latest version:
Exception in thread "main" java.lang.NoClassDefFoundError: com.ibm.ws.security.oidc.util.Version |
OBTAINING THE OIDC TAI VERSION FROM A TRACE:
To find the version of the OIDC TAI from a trace, search for getVersion:
[8/04/20 11:39:54:156 CST] 00000001 RelyingParty < getVersion returns [1.3.1] Exit |
If the version is 1.0, then you are running an outdated version of the OIDC TAI and you must install the latest version.
This information is only emitted one time when base security initializes the interceptors. If your trace is not gathered from application server startup, you will not see it.
SUPPORTED FIX PACKS:
The OpenID Connect feature of WebSphere Application Server is supported starting in the following fix packs:
|
You cannot install the OIDC TAI feature on a fix pack that is earlier than one of these fix packs. If you want to use the OIDC TAI, you must upgrade to one of these fix packs or later, then install the latest OIDC TAI.
Note:
This document uses the term WebSphere traditional to refer to WebSphere Application Server v9.0 traditional, WebSphere Application Server v8.5 full profile, WebSphere Application Server v8.0 and earlier, WebSphere classic, traditional WebSphere, traditional WAS, and tWAS.
Related Information
Document Information
Modified date:
02 December 2020
UID
swg21997883