APAR status
Closed as program error.
Error description
When using an OIDC user registry, and "Use IBM APIC token expiration setting from cloud" is enabled in the user registry settings. The apic token returned does not have the correct expiry. It has the expiry of the third party token, but our logs indicate it has the correct TTL. To reproduce: In cloud manager, create an OIDC e.g. Google, with "Use IBM APIC token expiration setting from cloud" enabled. (Tokens returned from Google OIDC has an expiry of 1hr) In the Cloud manager settings, under Onboarding, set "Access token time to live" to a different time other that whats returned from the OIDC token, default is 8hr so for Google can leave it as is. Login using the OIDC user registry, and check token expiry.
Local fix
Problem summary
If using OIDC user registries for user login and if attempting to do that via toolkit, the access_token generated by IBM API Connect will always have expiration set to the third party provider's ttl even when the override_provider_ttl option is enabled on the user registry configuration.
Problem conclusion
Issue fixed in API Connect versions 10.0.5.9, 10.0.8.1 and 10.0.9
Temporary fix
Comments
APAR Information
APAR number
LI83231
Reported component name
API CONNECT ENT
Reported component ID
5725Z2201
Reported release
A0X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-08-29
Closed date
2024-11-09
Last modified date
2024-11-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
API CONNECT ENT
Fixed component ID
5725Z2201
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
10 November 2024