Fix (APAR): PH26842 Status: Fix Release: 9.0.5.4 Operating System: AIX,HP-UX,IBM i,Linux,Solaris,Windows,z/OS Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 261465 Date: 2020-06-30 Abstract: saml web SSO classnotfoundexception for trustassociationutil in 9.0.5.4 Description/symptom of problem: PH26842 resolves the following problem: ERROR DESCRIPTION: When running WebSphere Application Server fixpack 9.0.5.4, when a URL is invoked that is protected by the SAML Web SSO TAI, during the processing of the request a classloader error occurs. java.lang.NoClassDefFoundError: com.ibm.ws.security.web.TrustAssociationUtil at com.ibm.ws.secu rity.web.saml.util.SAMLTaiState.saveReqURL(SAMLTaiState.java:289 ) at com.ibm.ws.security.web.saml.ACSTrustAssociationIntercepto r.invokeTAIafterSSO(ACSTrustAssociationInterceptor.java:663) ... Caused by: java.lang.ClassNotFoundException: com.ibm.ws.security.web.TrustAssociationUtil cannot be found by com.ibm.wsfp.main_8.5.5 at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal( BundleLoader.java:501) ... LOCAL FIX: N/A PROBLEM SUMMARY: USERS AFFECTED: All users of IBM WebSphere Application Server and SAML Web SSO PROBLEM DESCRIPTION: A ClassNotFoundException error occurs for TrustAssociationUtil in SAML Web SSO on fixpack 9.0.5.4. RECOMMENDATION: Install a fix pack or interim fix that includes this APAR. After upgrading to 9.0.5.4, the SAML Web SSO trust association interceptor (TAI) will no longer function. The TAI will emit the following error: java.lang.NoClassDefFoundError: com.ibm.ws.security.web.TrustAssociationUtil at com.ibm.ws.secu rity.web.saml.util.SAMLTaiState.saveReqURL(SAMLTaiState.java:289 ) at com.ibm.ws.security.web.saml.ACSTrustAssociationIntercepto r.invokeTAIafterSSO(ACSTrustAssociationInterceptor.java:663) ... Caused by: java.lang.ClassNotFoundException: com.ibm.ws.security.web.TrustAssociationUtil cannot be found by com.ibm.wsfp.main_8.5.5 PROBLEM CONCLUSION: The com.ibm.ws.security.web package is added to the imports list in the MANIFEST.MF file in the com.ibm.wsfp.main.jar file, preventing the ClassNotFoundException error for the com.ibm.ws.security.web.TrustAssociationUtil class. The fix for this APAR is targeted for inclusion in fix pack 9.0.5.5 For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553 Directions to apply fix: Install Fix to all WebSphere installations unless special instructions are included below. Special Instructions: None NOTE: The user must: * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V1.8.5 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required. The IBM Information Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes. http://www.ibm.com/support/knowledgecenter/SSDV2W_1.8.5/com.ibm.cic.agent.ui.doc/helpindex_imic.html. Shutdown WebSphere Application Server before applying the iFixes. Restart WebSphere Application Server after applying the iFixes. Directions to remove fix: The IBM Information Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes. http://www.ibm.com/support/knowledgecenter/SSDV2W_1.8.5/com.ibm.cic.agent.ui.doc/helpindex_imic.html. Shutdown WebSphere Application Server before removing the iFixes. Restart WebSphere Application Server after removing the iFixes. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere Application Server. Additional Information: