Patch-ID# 117586-22

4993276 Could not locate Assertion message for a valid artifact returned.
6547061 Need to bundle in new xmlsec.jar due to incorporate fix for 6519471
 
(from 117586-21)
=============
6463730 XSS vulnerability with the goto and gx-charset parameters
 
(from 117586-20)
=============
6387712 Notification requests can cause a build up of close_wait connections
 
(from 117586-19)
=============
6283582 Num of login failures are not shared across AMs
 
(from 117586-18)
=============
6363157 allow to disable individual persistent search
 
(from 117586-17)
=============
6347178 Restarting AM disallows SSO to work unless a user login directly
6272812 Login failure attempts-count is not reset upon a successful login
 
(from 117586-16)
=============
6331016 Logging out of a server using a remote session does not destroy the session
 
(from 117586-15)
=============
6308604 Unable to get to login  page from session expired page
5094149 auth does not set error message/template in the xml message
6306878 SDK install calls are Logged failed
6306871 Create of users and reading the attributes throws NoSuchUser exception
6306874 Out Of Memory/NoClassDefFound Error
4875492 RFE: Support for primary and failover jdbc urls with per-server config
 
(from 117586-14)
=============
6276972 Delay when failover to secondary LDAP instance
6281059 Event service does not work when polling is enabled
6282777 Implementing TTL on UM cache
6276094 During patch installation, the console.war is not redeployed or expanded explicitly.
 
(from 117586-13)
=============
6175172 Access Manager does not work correctly from behind a proxy server
5035446 Policy subject search is displaying incorrect values from SDK Cache
6260941 AM6.1&6.2 postpatch script should modify iplanet-am-auth-login-success-url with relative URL
6251848 AMSDK does not work with AM behind loadbalancer
 
(from 117586-10)
=============
6244578 AM should warn user that the browser cookie support is disabled/not available
6236892 Image/Text place holder while CDCServlet is processing the AuthNResponse after Login
6226769 Include ldapjdk.jar 4.16.1 into am_services.jar
6202135 Auth taglib emits quotes in the incorrect locations when generating URL
6246367 Due to a deadlock in EventService initializing, Identity Server hangs when restart
5021818 amLog file is reporting Filehandler errors
6229799 L10N part of amconsole webapp is gone after installing patch
6255526 performance issues when 'cookie.check' is 'true' in AMConfig
 
(from 117586-09)
=============
6231834 Application of AM6.1 patch6 resulted in NullPointerExceptions
5093089 Identity Server doesn't close socket properly
 
(from 117586-08)
=============
6221018 name field of new container does not show up on amconsole when running AM6.1 with JDK 1.4.2
 
(from 117586-07 and lower)
======================
4957403 Identity Server hangs due to a deadlock in NamingService
6201438 EventService should not run into a tight loop when it does not get Persistent Search Connection
6202837 No responding/crash Identity Server
6202838 Back button breaks Goto URL
6202840 Session history keeping Goto URL's around
5105263 Reauth with invalid credential should show error if enter the login page by back
5107637 Already logged in - an incorrect wording
4958700 Identity Server with Referrals auth fails
5037201 Recipient attribute should be able to set to null
6201204 HTTPS redirect in CDSSO - redirets to default http PORT 80

--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/117586-22
 
The following example removes a patch from a standalone system:
 
       example# patchrm 117586-22
 
For additional examples please see the appropriate man pages.

-----------------------------
 
For bug #5037201:
The following new properties have been added to AMConfig.properties.
1> The property 'com.sun.identity.saml.nameidentifier.format' will
be read by AssertionManager to get Format attribute value of
NameIdentifier. The value of this property can be any URI string
or empty string.
com.sun.identity.saml.nameidentifier.format=
 
2> The property 'com.sun.identity.saml.response.nullrecipient' will
be read by SAMLSOAPReceiver to determine if Recepient attribute should
be removed. The value of this property can be true or false. If true,
the 'Recipient' attribute of Response will not be set.
com.sun.identity.saml.response.nullrecipient=false
 
For bug #6201438:
The eventservice restart fix needs two new properties to be added to
AMConfig.properties.
The property 'com.sun.am.event.connection.idle.timeout' specifies
timeout value in minutes after which the persistent searches will be
restarted. Ideally, this value should be lower than the Load Balancer/
Firewall TCP timeout, to make sure that the persistent searches are
restarted before the connections are dropped. A value of '0' indicates
that these searches will no be restarted.
com.sun.am.event.connection.idle.timeout=0
 
For bug #4957403:
The jvm option '-Dcom.iplanet.am.serverMode=true' should be added to
the webcontainer's configuration descriptor server.xml file.
on IAS7.0
<jvm-options>-Dcom.iplanet.am.serverMode=true</jvm-options>
on IWS6.1
<JVMOPTIONS>-Dcom.iplanet.am.serverMode=true</JVMOPTIONS>
 
For bug #6244578:
New property 'com.sun.identity.am.cookie.check' needs to be set to
"true" in AMConfig.properties, in order to determine whether the cookie
support is enabled on the broswers. The default value is "false".
com.sun.identity.am.cookie.check=true.
 
For bug #6236892:
The following new properties, which will be read by the CDC servlet,
have been added to AMConfig.properties.
1> The property 'com.iplanet.services.cdc.WaitImage.display' needs
to be set to true to have an image displayed in the browser while
waiting for the protected page in a CDSSO scenario (default is false).
 
2> The property 'com.iplanet.services.cdc.WaitImage.name' defines the
name of the image file. The default value is waitImage.gif. The file
must be copied in the login_images directory.
 
3> The property 'com.iplanet.services.cdc.WaitImage.width' defines
the width of the image. The default value is 420.
 
4> The property 'com.iplanet.services.cdc.WaitImage.height' defines
the height of the image. The default value is 120.
 
For bug #6282777:
The following 3 new properties have been introduced for incorporating
TTL mechanism to UM cache. By default the TTL is disabled. 
    com.iplanet.am.sdk.cache.entry.expire.enabled=false
    com.iplanet.am.sdk.cache.entry.user.expire.time=
    com.iplanet.am.sdk.cache.entry.default.expire.time=
The first one is to enable TTL based expiration. By default it is false.
To enable TTL, change it to true. The other two properties are to 
allocate different expiration times for user entries and all the other
type of cache entries. The time unit is minute.
 
For bug #6363157:
The new property 'com.sun.am.event.connection.disable.list', which 
specifies which event connection (persistent search) to be disabled. 
There are three valid values - aci, sm and um (case insensitive). 
Multiple values should be separated with ",".
 
 
Since the patch install script redeploys Access Manager application
war files, you might have to reapply your customizations on the jsp
files after the patch installation.
 
If you have multiple Identity Server installations, you need to do the
above on each Identity Server installation for each bug fix.
 
Once you make any changes to AMConfig.properties or server.xml, you
need to restart the Identity Server.