SOAP Web Services Fail in Integrated Web Services with Prefix Error After Applying Oct 2022 IBM i HTTP Group PTF Level

Content

• Affecting all platforms including the IBM i OS.  
  • IBM i HTTP Group PTF level introducing the issue:
    7.5 - SF99952 level 4
    7.4 - SF99662 level 22
    7.3 - SF99722 level 41
    7.2 - 5770SS1-SI80975
• Causing all SOAP web service requests specifying unqualified SOAP elements in the client SOAP envelope to fail at 22.0.0.8 and later Liberty fix pack levels.
  • Affects only SOAP web services deployed to IBM i IWS v2.6 or IAS v8.5 instances after October 2022 IBM i HTTP Group PTF is applied.
  • REST web services are not affected.
• Preventing installation of IBM WebSphere Application Server Liberty security fixes. 
  • To avoid the issue, the IBM i OS WebSphere Application Server Liberty fix pack cannot be updated to 22.0.0.8 or later.

Current Workaround Options:

• Rollback the IBM WebSphere Application Server Liberty product from the 22.0.0.8 fix pack to 22.0.0.7 or earlier.
  • IMPORTANT!!! - Rolling back the IBM WebSphere Application Server Liberty fix pack level will remove critical Liberty product and security fixes, including fixes to remediate CVE-2022-22476 and CVE-2019-11777 as discussed in the IBM Security Bulletin, https://www.ibm.com/support/pages/node/6619843.
  • For the IBM i OS, this involves the removal a 5770SS1 PTF (if temporarily applied).  This will rollback the IBM i OS WebSphere Application Server Liberty runtime from 22.0.0.9 to the 22.0.0.6 fix pack level.
    NOTE:  The QHTTPSVR subsystem must be ended before removing the PTF and its dependencies.  ENDTCPSVR *HTTP HTTPSVR(*ALL)
    
    • 7.5 – SI80972
      • RMVPTF LICPGM(5770SS1) SELECT(SI80972) RMV(*PERM)
    • 7.4 – SI80973
      • RMVPTF LICPGM(5770SS1) SELECT(SI80973) RMV(*PERM)
    • 7.3 - SI80974
      • RMVPTF LICPGM(5770SS1) SELECT(SI80974) RMV(*PERM)
    • 7.2 – SI80975
      • RMVPTF LICPGM(5770SS1) SELECT(SI80975) RMV(*PERM)
    • Removal of a PTF can only be done when it is temporarily applied.  If IBM i development were to release a new Liberty fix pack version, the new PTF would supersede the existing PTF and permanently apply the PTF that installs 22.0.0.9 and introduces the issue.  Clients would not be able to remove the 22.0.0.9 Liberty fix pack once the associated PTF is permanently applied.
    • NOTE: If you are installing the IBM i HTTP Group PTF for the first time and do not have a previous HTTP Group PTF level applied, you will need to download and temporarily apply the appropriate 22.0.0.6 Liberty IBM i PTF after removing the 22.0.0.9 Liberty IBM i PTF discussed above.
      • 22.0.0.6 Liberty IBM i 5770SS1 PTF
        • IBM i 7.5 - SI79987
        • IBM i 7.4 - SI79988
        • IBM i 7.3 - SI79990
        • IBM i 7.2 - SI79991
• Modify the client SOAP envelope to fully-qualify SOAP namespace elements (i.e. soap:Envelope & soap:Body, etc.)
  • Might be an option for some that only have one or two SOAP web service clients to update, but if you have numerous (hundreds or thousands) of SOAP web service clients to update; this option may be difficult.
  • If you would like to try changing your client SOAP envelope, here is an example of a working client SOAP envelope format with the fully-qualified SOAP namespace elements.