Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
PH29099: OIDC RP: ClassNotFoundException for JsonUtil$DupeKeyDisallowingLinkedHashMap
Download Description
THIS FIX IS SUPERSEDED BY THE A LATER INTERIM FIX
This fix is superseded by a fix for another APAR. To see how to obtain the most recent OpenID Connect runtime that includes this APAR, go to the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
ERROR DESCRIPTION:
In a cluster environment, the OpenID Connect (OIDC) TAI may redirect back to the OpenID provider (OP) after successful login.
You can see this error in SystemOut.log:
CWTAI2009I: The OpenID Connect relying party (RP) did not find an entry for session cookie OIDCSESSIONID_client1
In an OIDC trace, you will see:
[9/1/20 10:04:25:153 UTC] 000000ce DynaCacheUtil 3 getCache() returns [not null][9/1/20 10:04:25:156 UTC] 000000ce SystemErr R
java.lang.ClassNotFoundException:
org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap
The OIDC TAI is updated to ensure that the SessionData object that is stored in DynaCache does not include any org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap objects; they are converted to java.util.LinkHashMap objects.
- Detailed Conclusion
The OIDC TAI stores the data for a user login in a SessionData object in DynaCache. This SessionData object contains a Map of the claims in the idToken that was returned from the OP after login.
The Map that is stored in the SessionData object is obtained from a jose4j JwtClaims object. If the Map contains embedded Maps, the jos4j code creates them as org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap objects.
The DynaCache component can serialize the DupeKeyDisallowingLinkedHashMap object, but since the OIDC runtime does not expose the jose4j classes, the DynaCache component cannot deserialize the DupeKeyDisallowingLinkedHashMap object.
The DynaCache component only attempts to serialize or deserialize entries in the cache when it is running in a cluster and more than one cluster member is active.
The fix for this APAR is targeted for inclusion in fix pack 8.5.5.19 and 9.0.5.6. Refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
THIS FIX IS SUPERSEDED BY THE A LATER INTERIM FIX
This fix is superseded by a fix for another APAR. To see how to obtain the most recent OpenID Connect runtime that includes this APAR, see the technote Obtaining WebSphere OpenID Connect (OIDC) latest version.
Installation Instructions
Download Package
Problems Solved
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
09 November 2021
UID
ibm16334819