IBM Support

PH29099: OIDC v1.3.1; OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap

Download


Downloadable File

Abstract

OIDC TAI Version v1.3.1; PH29099: OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap

Download Description

OIDC TAI Version: 1.3.1
 
THE FOLLOWING FIXES ARE PROVIDED:
Interim fix file
Readme
Fix pack range
Editions
Readme v8.5
8.5.5.3 through
8.5.5.17
WASProd
8.5.5.18-WS-WASProd-IFPH29099.zip Readme v8.5 8.5.5.18 WASProd
9.0.0.0-WS-WASProd-IFPH29099.zip Readme v9.0 9.0.0.0 through
9.0.5.5
WASProd


You can install these fixes from the IBM live service repository instead of downloading them. For more information and step-by-step instructions, see the LIVE SERVICE REPOSITORY INSTALLATION section of this document.

AVOID TROUBLE:

When you are administering a cluster, the fix for this APAR must be applied to each cluster member. Failure to update all cluster members will produce unpredictable results on both the updated and non-updated cluster members.


PH29099 resolves the following problem:

ERROR DESCRIPTION:

In a cluster environment, the OpenID Connect (OIDC) TAI may redirect back to the OpenID provider (OP) after successful login.

You can see this error in SystemOut.log:

CWTAI2009I: The OpenID Connect relying party (RP) did not find an entry for session cookie OIDCSESSIONID_client1

In an OIDC trace, you will see:

[9/1/20 10:04:25:153 UTC] 000000ce DynaCacheUtil 3 getCache() returns [not null]
[9/1/20 10:04:25:156 UTC] 000000ce SystemErr R
java.lang.ClassNotFoundException:
org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap
 
PROBLEM CONCLUSION:

The OIDC TAI is updated to ensure that the SessionData object that is stored in DynaCache does not include any org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap objects; they are converted to java.util.LinkHashMap objects.

  • Detailed Conclusion

    The OIDC TAI stores the data for a user login in a SessionData object in DynaCache. This SessionData object contains a Map of the claims in the idToken that was returned from the OP after login.

    The Map that is stored in the SessionData object is obtained from a jose4j JwtClaims object. If the Map contains embedded Maps, the jos4j code creates them as org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap objects.

    The DynaCache component can serialize the DupeKeyDisallowingLinkedHashMap object, but since the OIDC runtime does not expose the jose4j classes, the DynaCache component cannot deserialize the DupeKeyDisallowingLinkedHashMap object.

    The DynaCache component will only attempt to serialize/deserialize entries in the cache when running in a cluster and more than one cluster member is active.


The fix for this APAR is targeted for inclusion in fix pack 8.5.5.19 and 9.0.5.6. Refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

 
CUSTOM PROPERTIES AND JAVADOC:
To see a complete list of the custom properties supported in this version of the OIDC TAI, see the technote WebSphere OpenID Connect, Full Profile Custom Properties.
  • image 1237  NEW CUSTOM PROPERTIES

    The table includes a selection of the new OIDC TAI custom properties that are included in this version:

    Property Values Description
    provider_<id>.discoveryEndpointUrl When useDiscovery is true, the default value is (issuerIdentifier)/.well-known/openid-configuration. Specifies the OpenID Connect Provider's discovery endpoint URL.

    When this property is specified, the following properties will be obtained from the discovery result:
    • authorizeEndpointUrl
    • tokenEndpointUrl
    • introspectEndpointUrl
    • userinfoEndpointUrl
    • revokeEndpointUrl
    • endSessionEndpoint
    • jwkEndpointUrl
    • tokenEndpointAuthMethod
    • issuerIdentifier
    • signatureAlgorithm
    When the discoveryEndpointUrl property is included in the OIDC TAI configuration, if any of these properties are also included in the configuration, their settings will be ignored.

    A request is sent to the discovery endpoint and the data that is returned is processed when the OIDC TAI is initialized. If the discovery endpoint is not accessible at the time that the TAI is initialized, then the OIDC TAI configuration entries associated with the discovery endpoint will not be active and its requests will not be intercepted.

    The OIDC TAI does not refresh the data received from the discovery endpoint. If the OP changes information in its discovery, then the application server must be restarted.

    When useDiscovery is set to true, the default value for this property is (issuerIdentifier)/.well-known/openid-configuration. When the useDiscovery property is set to false, the value for this property will be ignored.
    provider_<id>.useDiscovery This property defaults to true when a value is specified for the discoveryEndpointUrl property, otherwise, it defaults to false.

    When this property is set to true, but a value is not specified for the discoveryEndpointUrl property, the default value for the discoveryEndpointUrl property will be used. When this property is set to false, the value for the discoveryEndpointUrl property will be ignored.

    provider_<id>.userinfoEndpointEnabled default: true

    Set this property to false when you want to ignore the setting for the userinfoEndpointUrl property. This applies when the endpoint was obtained either from a TAI property or discovery. When a userinfoEndpointUrl is available and the userinfoEndpointEnabled property is set to false, you can still use the OidcClientHelper.getUserInfoFromServer() method to obtain the userinfo from the server in an application.

    provider_<id>.responseType default: code
    values: code, id_token, id_token token, id_token+token

    This property defines the value for the response_type parameter that will be sent to the OpenID Connect provider on authentication requests. When code is specified, the OpenID connect code login flow is used.

    When the value is set to anything other than code:

    • The RP will run in implicit mode.
    • The OP server must support the response_mode=form_post parameter.
    • The OP will respond with an HTTP POST instead of an HTTP GET.
    provider_<id>.nonceEnabled default: false

    When this property is set to true, a nonce parameter is sent to the OpenID Connect provider on the authentication request. When the responseType property is set to code, this parameter defaults to false. When the responseType property set to anything other than code, this property will be set to true and cannot be altered.

    provider_<id>.useJavaScript default: true

    Set this property to false when you do not want to use JavaScript when redirecting to the OP for the initial authentication request. When you do not use JavaScript, any fragments that are present on the original inbound request will be lost.

    provider_<id>.useRealm

    This property specifies a realm name and is used to override the realm name specified in the ID token. This property also overrides the defaultRealmName property.

    provider_<id>.accessTokenIsJwt default: false

    Set this property to true if the access token that is returned from the OP is a JWT and you want the RP to validate the JWT.

    provider_<id>.endSessionEndpoint

    Set this property to the value for the OPs end session endpoint so that it can be accessed via API. The value for this property is overridden if the discoveryEndpointUrl property is specified.

    provider_<id>.introspectClientId default: value for provider_<id>.clientId

    Specifies the clientId to include in the requests to the OP's introspection endpoint.

    provider_<id>.introspectClientSecret default: value for provider_<id>clientSecret

    Specifies the clientSecret to include in the requests to the OP's introspection endpoint.

    provider_<id>.jwkClientId

    Specifies the client identifier to include in the basic authentication scheme of the JWK request.

    provider_<id>.jwkClientSecret

    Specifies the client password to include in the basic authentication scheme of the JWK request.

  • image 1237  NEW METHODS IN OIDCCLIENTHELPER API

    The following methods are added to the com.ibm.websphere.security.oidc.util.OidcClientHelper API:

    • getJwtClaimsAsString(String)
    • getJwtClaimsAsMap(String)
    • json2map(String)
    • getJwtFromSubject()
    • getJwtFromSubject(Subject)
    • getEndSessionEndpoint()
    • getEndSessionEndpoint(Subject)
      /**   * Get the JWT claims from a JWT as a JSON String.   *   * For example:   * {"sub":"1234567890","name":"John Doe", "admin": true,   * "exp":1588806453}   *   * @return The JWT claims JSON String   * @throws Exception if an error occurs decoding the JWT   */  public static String getJwtClaimsAsString(String jwtString)  throws Exception    /**   * Get the JWT claims from a JWT as a Map.   *   * The Map will have value types that correspond to the   * values in the claims string.  For instance,   * the following claims string:   * {"sub":"1234567890","name":"John Doe", "admin": true,   * "exp":1588806453}   *   * will produce the map entries with the value types:   * String, String, Boolean, Long   *   * @return The JWT claims JSON represented as a Map   * @throws Exception if an error occurs decoding the JWT   */  public static Map<String,Object> getJwtClaimsAsMap(String  jwtString) throws Exception    /**   * Convert a JSON String to a Map.   *   * The Map will have value types that correspond to the   * values in the JSON string.  For instance,   * the following JSON string:   * {"sub":"1234567890","name":"John Doe", "admin": true,   * "exp":1588806453}   *   * will produce the map entries with the value types:   * String, String, Boolean, Long   *   * @return A Map created from the JSON String   * @throws Exception if an error occurs creating the Map   */  public static Map<String,Object> json2map(String jsonString)  throws Exception    /**   * Retrieve the JWT Authentication token from the current   * runAs Subject.   *   * @return The JWT Authentication token String or null if   * there is no JWT Authentication token on the Subject   * @throws Exception if an error occurs either while   * obtaining the runAs Subject or accessing the private   * credentials.   */  public static String getJwtFromSubject() throws Exception    /**   * Retrieve the JWT Authentication token from the input   * Subject.   *   * @return The JWT Authentication token String or null if   * there is no JWT Authentication token on the Subject   * @throws Exception if an error occurs when accessing the   * private credentials in the Subject.   */  public static String getJwtFromSubject(Subject subj) throws  Exception    /**   * Retrieve the end session endpoint associated with the access   * token on the current runAs Subject.   *    * @return The end session endpoint associated with the access   * token on the runAs Subject   * @throws Exception if an error occurs either while obtaining the    * runAs Subject or accessing the private credentials.   */  public static String getEndSessionEndpoint() throws Exception    /**   * Retrieve the end session endpoint associated with the access   * token on the from the input Subject   *   * @return The end session endpoint associated with the access   * token on the input Subject   * @throws Exception if an error occurs either while obtaining   * the accessing the private credentials from the input Subject.   */  public static String getEndSessionEndpoint(Subject subj) throws Exception   	

APARS INCLUDED IN THIS VERSION:
This fix is for the OpenID Connect (OIDC) Relying Party and JWT authentication features in WebSphere Application Server traditional, both of which are delivered in the OIDC trust association interceptor (TAI) JAR file. This fix is cumulative and contains all fixes that were in the code repository at the time the fix was created.

PI23430: Security Integrity fix for OpenID and OpenID connect
PI25298: OIDC on full profile can't authenticate with Liberty profile OP using access token
PI25681: Remove export packages of the org.apache.commons.codec from com.ibm.ws.security.client.jar
PI33449: Full profile OpenID connect RP does not work with google OP
PI37687: IBM embedded WebSphere Application Server is missing the jar files for OpenID and OpenID connect
PI47460: Add multi-provider support to OpenID connect relying party in the full profile
PI52604: OpenID connect SSO with active directory fails with 403 forbidden
PI55697: OpenID connect relying party: no entry in cache for stateid
PI56331: User might not be able to access web page that is protected with OIDC after initial login
PI59831: Support for using local x.509 public certificate for signature verification in OIDC
PI63906: OIDC: Allow config of contentType
PI64573: OIDC: A 403 error might occur if OP URL encodes the state parameter
PI64924: OpenID connect RP cannot locate key in JWK set
PI65751: The interceptedPathFilter OIDC custom property should not be required
PI73318: OIDC: Unique cookie names can accumulate on the browser
PI74857: Privilege escalation in full profile OIDC RP (CVE-2017-1151)
PI75095: OIDC: ClassCastException java.util.ArrayList
PI78336: OIDC jndiCacheName property does not work
PI80317: OIDC RP might store incorrect data in DynaCache
PI80543: OIDC RP cannot dynamically build callback URL
PI80549: OIDC RP does not support POST introspection endpoints
PI82308: OIDC RP loses URL fragments during the login process
PI84244: OIDC RP does not restore single-quote characters in POST data
PI86752: OIDC RP is requiring optional iat claim in introspected access token
PI87354: OIDC RP cannot perform logout when OIDC session cookie is not present
PI88253: OIDC RP secure flag not set on the oidcrequrl cookie
PI88896: OIDC RP refreshed access_token is not put into subject
PI90373: OIDC RP authorizationEndpointURL does not handle query parameters correctly
PI92210: OIDC RP configuration of location of sign verify certificate is not customizable
PI92332: OIDC RP does not support op UserInfo endpoint
PI94538: OIDC RP does not support not invoke the revocation endpoint on the OP on logout
PI96508: OIDC RP might not connect to token endpoint due to SSL handshake failure
PI96403: OIDC RP: support implicit login flow for initial requests
PH00569: OIDC RP handling of id_token expiry is not configurable
PH02192: OIDC RP extra <br/> tag added in saved post body
PH03525: OIDC RP might not intercept requests to http:// endpoints
PH07297: Denial of Service vulnerability in Guava (CVE-2018-10237)
PH08804: OIDC RP default identifiers are not available when customs are configured
PH10503: OIDC RP: sessionCacheTimeoutMinutes is in seconds instead of minutes
PH10892: OIDC RP: There is no API for obtaining tokens or manually triggering access token refresh
PH11107: OIDC RP: port number is always included on redirect_uri parameter
PH11684: OIDC RP: failed to validate ID token, exception that is thrown during verify [UnsupportedOperationException]
PH12520: OIDC TAI: Enable JWT authentication
PH13175: OIDC RP: Tokens are not revoked when sessions are evicted from the cache
PH14676: OIDC RP: omit client_secret OAuth 2.0 parameter when the client_secret is an empty string
PH15248: OidcClientHelper methods may return null unexpectedly
PH15626: OIDC RP: enable configuration of a login error url
PH17304: OIDC RP: cannot send a Content-Security-Policy header to the OpenID Connect provider
PH18150: OIDC RP: does not check the idtoken for an acr value when auth endpoint includes "acr_values"
PH19189: OIDC RP: cannot send a nonce parameter to an OP
PH19333: OIDC RP: unable to override the realm name in an idtoken
PH19907: OIDC RP: login fails when createSession=true and http sessions are exhausted
PH20118: OIDC RP: should not require scope claim on response from OP
PH21008: the TAI is completely disabled when any provider config fails to initialize
PH21178: OIDC RP: access token refresh may be attempted when it should not
PH21611: OIDC RP: may attempt to refresh access tokens that are not expired
PH21827: OIDC RP: NotSerializableException for JwtClaims error might occur
PH22038: OIDC RP: session cookie name should be related to provider_<id>.identifier but related to provider_<id>.clientId
PH22195: OIDC RP: enable use OpenID provider's well known configuration url (discovery)
PH22621: OIDC RP: add programmatic support for grant_type = client_credentials
PH23572: OIDC RP: code flow cannot be used when JavaScript is not enabled
PH23697: OIDC RP: add rs512 signature algorithm
PH24737: OIDC RP: make the introspection response available with an API
PH25547: OIDC RP: incorrect behavior when opaque token is in authorization header and useJwtFromRequest=ifPresent
PH25697: OIDC RP: sessionCacheTimeoutMinutes=0 is not overriding idtoken exp claim
PH25774: OIDC RP: session cookie value is too short
PH26523: OIDC RP: allow call to userinfo endpoint to be disabled
PH26925: OIDC RP: generates JavaScript with extra 'end-script' to send to OP
PH27173: OIDC RP: login may file when nonce is enabled
PH27213: OIDC RP: provide an option to not write an LTPA cookie in the OIDC path
PH27514: OIDC RP: add basic auth support for the jwk endpoint
PH27827: OIDC RP: support unique clientId and clientSecret for introspection endpoint
PH27971: OIDC RP: expose end session endpoint with an API
PH28253: OIDC RP: intercept callback from OP without special filter config
PH28386: OIDC RP: provide an option to validate a JWT access token
PH28534: OIDC RP: do not load config entry if no filter is defined
PH29099: OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap
 
  • JAVA™ 7 OR LATER IS REQUIRED

    The OIDC v1.3.1 runtime on this page requires the use of Java version 7 or later:

    • The PH29099 interim fix for WebSphere traditional v8.5.5 installs on any fix pack to which it applies.
    • When an application server is running Java 6 or earlier:
      • The OpenID Connect (OIDC) Relying Party (RP) TAI will not initialize when the server is started.
      • When the OIDC TAI was configured to intercept requests previous to installing PH29099, after installing PH29099, your previously intercepted requests will be redirected to the default form login.

  • PREREQ APAR FIXES
    The v8.5.5 interim fix that is provided on this page prereqs the PI57465 enablement fix. For convenience, the interim fix files for PI57465 were packaged into v8.5.5 interim fix for APAR PH29099.

    When you are installing on 8.5.5.9 or earlier, if you do not already have an interim fix for PI57465 installed, you will be required to install the interim fix for PI57465:

    • When you are using the IBM Installation Manager GUI to install the fixes, the fix for PI57465 appears as a separate line-item that you must select. For instance, here is an example of what you might see when you attempt to install on WebSphere 8.5.5.4:
    • If the fix for PI57465 doesn't display, clear 'Show recommended only'
    • If you are using the Installation Manager imcl command to install the fix, you must specify the fix name for the appropriate PI57465 fix.
      • To see example imcl commands and the names of the PI57465 fixes included in the PH29099 interim fixes, see the COMMAND LINE INSTALLATION section of this document.

    You do not need to install an interim fix for the prereq APAR PI57465 on v9.0 or 8.5.5.10 or later because PI57465 is included in those fix packs.
     

  • LIVE SERVICE REPOSITORY INSTALLATION
    If you are installing by using the IBM Installation Manager GUI, you can install an interim fix for PH29099 from the IBM live service repository instead of downloading it.  Perform the following actions in the Installation Manager:

    1. Select File > Preferences
    2. Click 'Repositories' from the list on the left
    3. Make sure that ' Search service repositories during installation and updates' is selected:
    4. Click OK
    5. Click Update
    6. Make sure that 'Update all packages with recommended updates and recommended fixes' is not selected:
    7. Choose the WebSphere instance that you want to update.
    8. Click Next
      • Enter your IBM ID and password if you are prompted for them.
      • If you are not at the latest fix pack level, the Update Packages window displays with the latest fix pack preselected, for example:
    9. Perform the following steps:
      • If you are at the latest fix pack level, do the following:
        1. Select 'Show recommended only'.
        2. Clear any recommended update that you do not want to install.
          • Make sure that you do not clear the update for PH29099.
        3. Click Next
        4. Click Update
      • If you are not at the latest fix pack level, do the following:
        1. Clear 'Show recommended only'.
        2. Scan through the list to find the entry for PI57465 and select it, for example:

          For a list of the fix names for PI57465, see the COMMAND LINE INSTALLATION section.
        1. Perform the following actions based on whether or not you want to also update your fix pack level:
          • If you want to update to the latest fix pack level, do the following:
            1. Click Next
            2. Go back and complete the previous steps as if you were at the latest fix pack level.
          • If you want to update your fix pack to a level that is not the latest, do the following:
            1. Clear 'Show recommended only'.
            2. Select the fix pack level that you want to install.
            3. Click Next
          • If you do not want to update your fix pack level, do the following:
            1. Clear 'Show recommended only'.
            2. Select 'Only fixes for version x.x.x.x', where x.x.x.x is your version and fix pack, for example:
            3. Click Next
            4. Clear any recommended update that you do not want to install.
              • Make sure that you do not clear the update for PH29099, for example.
        2. If you are installing on fix packs 8.5.5.3 through 8.5.5.9 and you do not have interim fix for the prerequisite APAR PI57465 installed, you will see an error that says 'APAR PI57465 is required by x.x.x.x-WS-WASProd-IFPH29099', for example:

          If you see this error, do the following:
        3. Click Next
        4. Click Update
  • COMMAND LINE INSTALLATION
    The fixes for PH29099 are installed by using the IBM Installation Manager. You can use the Installation Manager imcl command to install an interim fix from the command prompt.

    When you install an interim fix from the command prompt, you need to know the name of the fix that is contained within the interim fix file. The following table lists the fixes that are contained in each interim fix file for PH29099. For convenience, the fixes for the prerequisite APAR PI57465 are packaged into the interim fix file v8.5.5.

    Interim fix file
    Fix names
    Fix packs
    8.5.5.3-WS-WASProd-IFPH29099.zip 8.5.5.3-WS-WASProd-IFPH29099_8.5.5003.20200918_1807 8.5.5.3 through
    8.5.5.17
    8.5.5.3-WS-WASProd-IFPI57465_8.5.5003.20160623_1218 8.5.5.3 only
    8.5.5.4-WS-WASProd-IFPI57465_8.5.5004.20160623_1211 8.5.5.4 through
    8.5.5.5
    8.5.5.6-WS-WASProd-IFPI57465_8.5.5006.20160623_1208 8.5.5.6 only
    8.5.5.7-WS-WASProd-IFPI57465_8.5.5007.20160623_1202 8.5.5.7 through
    8.5.5.9
    8.5.5.18-WS-WASProd-IFPH29099.zip 8.5.5.18-WS-WASProd-IFPH29099_8.5.5018.20200929_0815 8.5.5.18
    9.0.0.0-WS-WASProd-IFPH29099.zip 9.0.0.0-WS-WASProd-IFPH29099_9.0.0.20200918_2019 9.0.0.0 through
    9.0.5.5
      Example commands:
    • Installation of PH29099 only:
      The following example shows how you can install on an 8.5.5 fix pack that includes PI57465 (8.5.5.10 or later). You can also use this command on 8.5.5.3 through 8.5.5.9 if you previously installed an interim fix for PI57465:
       
      ./imcl install 8.5.5.3-WS-WASProd-IFPH29099_8.5.5003.20200918_1807 -installationDirectory /opt/IBM/WebSphere/AppServer -repositories /tmp/ifixes/8.5.5.3-WS-WASProd-IFPH29099.zip
    • Installation of PH29099 and PI57465:
      The following example shows how you can install on 8.5.5.7 through 8.5.5.9 using imcl if you do not already have an interim fix for the prereq APAR PI57465 installed:
       
      ./imcl install 8.5.5.7-WS-WASProd-IFPI57465_8.5.5007.20160623_1202 8.5.5.3-WS-WASProd-IFPH29099_8.5.5003.20200918_1807 -installationDirectory /opt/IBM/WebSphere/AppServer -repositories /tmp/ifixes/8.5.5.3-WS-WASProd-IFPH29099.zip

    IBM Knowledge Center references:
    Installing interim fixes on distributed operating systems using the command line
    Command line arguments for the imcl command

     
  • SUPERSEDED APAR FIXES
    The fixes for PH29099 on this page supersede the fixes published for PI47460, PI55697, PI64573, PI65751, PI74857, PI80317, PI82308PI96508PI82308PH08804PH13175,  and PH21827. Those fixes will be removed from their pages and are replaced by these fixes for PH29099.

    Since the fixes for PH29099 included on this page supersede the fixes for PI47460, PI55697, PI64573, PI65751, PI74857, PI80317, PI82308, PI96508, PH08804, PH13175, and PH21827, the Installation Manager allows it to be installed on top of any of those fixes. It is up to you if you want to uninstall or any or all of those fixes before installing a fix for PH29099.
  • APPLICABLE FIX PACKS
    The OpenID Connect feature of WebSphere Application Server v855 is supported starting in fix pack 8.5.5.3, therefore this APAR does not apply to, nor are interim fixes available for fix packs 8.5.5.0 through 8.5.5.2.

     

Keywords: IBMWL3WSS, OIDC, INTERIMFIX

Prerequisites

PI57465 (only for 8.5.5.9 or earlier)

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V85 Readme 12189
V90 Readme 12044
.

Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

8.5.5.3-WS-WASProd-IFPH29099 09-22-2020 4391075 FC
8.5.5.18-WS-WASProd-IFPH29099 09-29-2020 3923050 FC
9.0.0.0-WS-WASProd-IFPH29099 09-22-2020 3951539 FC
.

Problems Solved

PH29099

Off

Document Location

Worldwide

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdESAA0","label":"Security-\u003ESSO-\u003EOpenId Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.5;9.0.0;9.0.5"}]

Problems (APARS) fixed
PI23430;PI25298;PI25681;PI33449;PI37687;PI47460;PI52604;PI55697;PI56331;PI59831;PI63906;PI64573;PI64924;PI65751;PI73318;PI74857;PI75095;PI78336;PI80317;PI80543;PI80549;PI82308;PI84244;PI86752;PI87354;PI88253;PI88896;PI90373;PI92210;PI92332;PI94538;PI96508;PH00569;PH02192;PH03525;PH07297;PH08804;PH10503;PH10892;PH11107;PH11684;PH12520;PH13175;PH13175;PH14676;PH15248;PH15626;PH17304;PH18150;PH18189;PH19189;PH19333;PH19907;PH20118;PH21008;PH21178;PH21611;PH21827;PH22038;PH22195;PH22621;PH23572;PH23697;PH24737;PH25547;PH25697;PH25774;PH26523;PH26925;PH27173;PH27213;PH27827;PH27971;PH28253;PH28386;PH28534

Document Information

Modified date:
16 September 2021

UID

ibm16334819