Fix (APAR): PI80317 Status: Fix Release: 8.5.5.11,8.5.5.10,8.5.5.9,8.5.5.8,8.5.5.7,8.5.5.6,8.5.5.5,8.5.5.4,8.5.5.3 Operating System: AIX,HP-UX,IBM i,Inspur K-UX,Linux,Solaris,Windows,z/OS Supersedes Fixes: PI23430 PI25298 PI25681 PI33449 PI37687 PI47460 PI52604 PI55697 PI56331 PI59831 PI63906 PI64573 PI64924 PI65751 PI73318 PI74857 PI75095 PI78336 PI80543 PI80549 CMVC Defect: xxxxxx Byte size of APAR: 3122555 Date: 2017-05-22 Abstract: OpenID Connect (OIDC) Relying Party(RP) may store incorrect data in DynaCache Description/symptom of problem: PI80317 resolves the following problem: ERROR DESCRIPTION: When the OIDC RP is configured to use DynaCache, it is possible for incorrect data to be stored and replicated. LOCAL FIX: N/A PROBLEM SUMMARY USERS AFFECTED: IBM WebSphere Application Server users of OpenID Connect PROBLEM DESCRIPTION: The OpenID Connect TAI can cache incorrect data in DynaCache. RECOMMENDATION: Install a fix pack that includes this APAR. The OpenID Connect Relying Party Trust Association Interceptor can cause its session data in DynaCache to become inconsistent. PROBLEM CONCLUSION: The OpenID Connect Relying Party TAI creates a session cache entry using a default timeout before requesting tokens from the OP. After receiving the tokens from the OP, it will update the cache entry with the new timeouts, add the tokens and add an alias. If the DynaCache replicates between when the session cache entry is created and the entry is updated, unexpected behavior can occur. The OIDC TAI is updated to not create the session cache entry until after the tokens are received from the OP. The fix for this APAR is currently targeted for inclusion in fix pack 8.0.0.14, 8.5.5.12, and 9.0.0.5. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release 8.5 _x_ Application Server (Express or BASE) _x_ Network Deployment (ND) __ Liberty Core __ Edge Components __ Developer Install Fix to all WebSphere installations unless special instructions are included below. Special Instructions: None NOTE: The user must: * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required. The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before applying the iFixes. Restart WebSphere Application Server after applying the iFixes. Directions to remove fix: The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before removing the iFixes. Restart WebSphere Application Server after removing the iFixes. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere Application Server. Additional Information: