Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
PH49566: OIDC: CWTAI2047E when more than one key without alg claim in JWK
Download Description
THIS FIX HAS BEEN SUPERSEDED BY THE A LATER IFIX
This fix has been superseded by a fix for another APAR. For information on how to obtain the latest OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
This fix has been superseded by a fix for another APAR. For information on how to obtain the latest OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
PH49566 resolves the following problem:
ERROR DESCRIPTION:
ERROR DESCRIPTION:
When the OpenID Connect (OIDC) Trust Association Interceptor (TAI) attempts to process a JWK that contains more than one key that does not contain an alg claim, an error similar to the following error is found in the logs:
CWTAI2047E: No key was found to verify the signature. The signature algorithm is [RS256]. The JWT [kid] claim value is [YOURKID] and the [x5t] claim value is [YOURX5T]. The [jwkEndpointUrl] is [https://acme.com/jwk.jwks]. The [signVerifyAlias] property value is [ALIAS]. |
This issue happens after installing fix pack 9.0.5.13.
PROBLEM CONCLUSION:
The OIDC TAI is updated to allow for keys with no "sig" claim in a JWK.
The fix for this APAR is targeted for inclusion in fix pack 8.5.5.23 and 9.0.5.14. Refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
THIS FIX HAS BEEN SUPERSEDED BY THE A LATER IFIX
This fix has been superseded by a fix for another APAR. For information on how to obtain the latest OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
This fix has been superseded by a fix for another APAR. For information on how to obtain the latest OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
Off
Document Location
Worldwide
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdESAA0","label":"Security-\u003ESSO-\u003EOpenId Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.5;9.0.0;9.0.5"}]
Was this topic helpful?
Document Information
Modified date:
16 June 2023
UID
ibm16621159