Patch-ID# 119465-17
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: identity server security
Synopsis: Sun Java(TM) System Access Manager 6 2005Q1
Date: Jun/29/2009
Install Requirements: NA
Solaris Release: 8 8_x86 9 9_x86 10 10_x86
SunOS Release: 5.8 5.8_x86 5.9 5.9_x86 5.10 5.10_x86
Unbundled Product: Sun Java System Access Manager 6
Unbundled Release: 2005Q1
Xref:
Topic: Access Manager
Relevant Architectures: all
Bugs fixed with this patch:
Changes incorporated in this version:
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 117585-13 (or greater)
Obsoleted by:
Files included with this patch:
/etc/opt/SUNWam/config/AMConfig.properties.template
/etc/opt/SUNWam/config/ldif/index.ldif.template
/etc/opt/SUNWam/config/ldif/install.ldif.template
/etc/opt/SUNWam/config/ldif/installExisting.ldif.template
/etc/opt/SUNWam/config/ldif/plugin.ldif
/etc/opt/SUNWam/config/serverconfig.xml.template
/etc/opt/SUNWam/config/ums/amserveradmin.template
/etc/opt/SUNWam/config/ums/ums.xml.template
/etc/opt/SUNWam/config/ums/umsExisting.xml.template
/etc/opt/SUNWam/config/xml/template/amAdminConsole.xml
/etc/opt/SUNWam/config/xml/template/amAgent.xml
/etc/opt/SUNWam/config/xml/template/amAuth.xml
/etc/opt/SUNWam/config/xml/template/amAuthAD.xml
/etc/opt/SUNWam/config/xml/template/amAuthAnonymous.xml
/etc/opt/SUNWam/config/xml/template/amAuthCert.xml
/etc/opt/SUNWam/config/xml/template/amAuthConfig.xml
/etc/opt/SUNWam/config/xml/template/amAuthHTTPBasic.xml
/etc/opt/SUNWam/config/xml/template/amAuthJDBC.xml
/etc/opt/SUNWam/config/xml/template/amAuthLDAP.xml
/etc/opt/SUNWam/config/xml/template/amAuthMSISDN.xml
/etc/opt/SUNWam/config/xml/template/amAuthMembership.xml
/etc/opt/SUNWam/config/xml/template/amAuthNT.xml
/etc/opt/SUNWam/config/xml/template/amAuthRadius.xml
/etc/opt/SUNWam/config/xml/template/amAuthSAML.xml
/etc/opt/SUNWam/config/xml/template/amAuthSafeWord.xml
/etc/opt/SUNWam/config/xml/template/amAuthSecurID.xml
/etc/opt/SUNWam/config/xml/template/amAuthUnix.xml
/etc/opt/SUNWam/config/xml/template/amAuthWindowsDesktopSSO.xml
/etc/opt/SUNWam/config/xml/template/amAuthenticationDomainConfig.xml
/etc/opt/SUNWam/config/xml/template/amAuthnSvc.xml
/etc/opt/SUNWam/config/xml/template/amClientData.xml
/etc/opt/SUNWam/config/xml/template/amClientDetection.xml
/etc/opt/SUNWam/config/xml/template/amDisco.xml
/etc/opt/SUNWam/config/xml/template/amEntrySpecific.xml
/etc/opt/SUNWam/config/xml/template/amG11NSettings.xml
/etc/opt/SUNWam/config/xml/template/amLibertyPersonalProfile.xml
/etc/opt/SUNWam/config/xml/template/amLogging.xml
/etc/opt/SUNWam/config/xml/template/amNaming.xml
/etc/opt/SUNWam/config/xml/template/amPasswordReset.xml
/etc/opt/SUNWam/config/xml/template/amPlatform.xml
/etc/opt/SUNWam/config/xml/template/amPolicy.xml
/etc/opt/SUNWam/config/xml/template/amPolicyConfig.xml
/etc/opt/SUNWam/config/xml/template/amProviderConfig.xml
/etc/opt/SUNWam/config/xml/template/amSAML.xml
/etc/opt/SUNWam/config/xml/template/amSOAPBinding.xml
/etc/opt/SUNWam/config/xml/template/amSession.xml
/etc/opt/SUNWam/config/xml/template/amUser.xml
/etc/opt/SUNWam/config/xml/template/amWebAgent.xml
/etc/opt/SUNWam/config/xml/template/identityLocaleService.xml
/opt/SUNWam/amclient.war
/opt/SUNWam/bin/am2bak.template
/opt/SUNWam/bin/amadmin.template
/opt/SUNWam/bin/ampassword.template
/opt/SUNWam/bin/amserver.template
/opt/SUNWam/bin/amsessiondb
/opt/SUNWam/bin/amsfo
/opt/SUNWam/bin/amverifyarchive.template
/opt/SUNWam/bin/bak2am.template
/opt/SUNWam/console.war
/opt/SUNWam/docs/am_public_javadocs.jar
/opt/SUNWam/include/am.h
/opt/SUNWam/include/am_log.h
/opt/SUNWam/include/am_map.h
/opt/SUNWam/include/am_policy.h
/opt/SUNWam/include/am_properties.h
/opt/SUNWam/include/am_sso.h
/opt/SUNWam/include/am_string_set.h
/opt/SUNWam/include/am_types.h
/opt/SUNWam/include/am_utils.h
/opt/SUNWam/include/am_web.h
/opt/SUNWam/introduction.war
/opt/SUNWam/lib/am_logging.jar
/opt/SUNWam/lib/am_sdk.jar
/opt/SUNWam/lib/am_services.jar
/opt/SUNWam/lib/am_sessiondb.jar
/opt/SUNWam/lib/amclientsdk.jar
/opt/SUNWam/lib/xalan.jar
/opt/SUNWam/lib/xercesImpl.jar
/opt/SUNWam/lib/xmlsec.jar
/opt/SUNWam/locale/amAdminConsole.properties
/opt/SUNWam/locale/amAdminModuleMsgs.properties
/opt/SUNWam/locale/amAuth.properties
/opt/SUNWam/locale/amAuthLDAP.properties
/opt/SUNWam/locale/amAuthUI.properties
/opt/SUNWam/locale/amSAML.properties
/opt/SUNWam/locale/amSDK.properties
/opt/SUNWam/locale/amSessionDB.properties
/opt/SUNWam/password.war
/opt/SUNWam/samples/appserver/amsamples.war
/opt/SUNWam/samples/console/MoveUser/jsp/UMRelocateUser.jsp
/opt/SUNWam/samples/console/NewTab/jsp/UMNewTabData.jsp
/opt/SUNWam/samples/console/NewTab/jsp/UMNewTabNav.jsp
/opt/SUNWam/samples/console/TabComponent/jsp/TabOne.jsp
/opt/SUNWam/samples/console/TabComponent/jsp/TabThree.jsp
/opt/SUNWam/samples/console/TabComponent/jsp/TabTwo.jsp
/opt/SUNWam/samples/console/UserProfile/jsp/UserProfile.jsp
/opt/SUNWam/samples/csdk/Makefile
/opt/SUNWam/samples/csdk/README.TXT
/opt/SUNWam/samples/csdk/am_log_test.c
/opt/SUNWam/samples/csdk/am_sso_test.c
/opt/SUNWam/services.war
/usr/share/lib/identity/console-war/WEB-INF/ias-web.xml.template
/usr/share/lib/identity/console-war/WEB-INF/lib/am_console.jar
/usr/share/lib/identity/console-war/WEB-INF/sun-web.xml.template
/usr/share/lib/identity/console-war/WEB-INF/web.xml.template
/usr/share/lib/identity/console-war/console/base/AMAdminFrame.jsp
/usr/share/lib/identity/console-war/console/base/AMBase.jsp
/usr/share/lib/identity/console-war/console/base/AMBlank.jsp
/usr/share/lib/identity/console-war/console/base/AMEndUserFrame.jsp
/usr/share/lib/identity/console-war/console/base/AMHeader.jsp
/usr/share/lib/identity/console-war/console/base/AMHelpFrame.jsp
/usr/share/lib/identity/console-war/console/base/AMHelpMasthead.jsp
/usr/share/lib/identity/console-war/console/base/AMInvalidURL.jsp
/usr/share/lib/identity/console-war/console/base/AMLogin.jsp
/usr/share/lib/identity/console-war/console/base/AMMessage.jsp
/usr/share/lib/identity/console-war/console/base/AMNameValue.jsp
/usr/share/lib/identity/console-war/console/base/AMPost.jsp
/usr/share/lib/identity/console-war/console/base/AMQuickSearch.jsp
/usr/share/lib/identity/console-war/console/base/AMUncaughtException.jsp
/usr/share/lib/identity/console-war/console/service/SMCreateSubConfig.jsp
/usr/share/lib/identity/console-war/console/service/SMCreateSubConfigWizard.jsp
/usr/share/lib/identity/console-war/console/service/SMData.jsp
/usr/share/lib/identity/console-war/console/service/SMSubConfigProfile.jsp
/usr/share/lib/identity/console-war/console/user/UMCreateSvcTemplate.jsp
/usr/share/lib/identity/console-war/console/user/UMServiceData.jsp
/etc/opt/SUNWam/config/amsfo.conf
Problem Description:
6814047 AM6.3p15: Logout with "goto=" causes internal server
6677440 Probable XSS vulnerability in the cdcservlet
6363157 Need to disable unnecessary persistent searches to improve performance
6785877 Clear text passwords in debug files when using message level debugging
6808428 AM 6.3 SAML sample application not working properly after applying Patch15
(from 119465-15)
6712993 Information disclosure vulnerability in login
6702797 problem with new line chars in authContext during authentication2
(from 119465-14)
6650442 AM 6.3 Patch 13 install deletes files
6654435 Policy client code does not work when primary DS is down
6672326 ssotoken of dsameuser cached in the client causing policy eval to fail
(from 119465-13)
6620746 Memory leak in policy evaluation APIs causing heap growth in AM 6.3
6393197 Concurrent modification exception while creating policy using policy.store
6382633 Policy Client does not create APPSSOToken when APPSSOToken is invalid
6574258 amsecurid helper class receiving authentication return code of -1
6640706 SessionPoller thread needs to be created as a daemon thread in AM6.3.
6650439 Patch install incorrectly updates AMConfig.properties
6632418 Installing 6.3 patches on Solaris 10 gets "Cannot open pkginfo file" error
6632409 patchadd of 6.3 patches gets errors "cp:cannot access /etc/opt/SUNWam/config/ldif/installExisting.ldif"
6629978 AMSDK Client fails to do simple ldap authentication when AM is deployed on WS 6.1 SP 8
6547061 Bundling in new xmlsec.jar due to incorporate fix for 6519471
6558279 Certain Java Classes growing with time - Memory leak
6561459 amsessiondb creates new connections to AMBroker without dropping the old ones
6560993 Need to get remoteclientIPaddress from within custom loginmodule: authenticate using AuthContext API
(from 119465-11)
6387712 Notification requests can cause a build up of close_wait connections
6437993 If a user's password contains a % character at the end of the string the system loops indefinitely
6471046 AuthLoginException message not meaningful when authenticating user is locked
6511876 SAML request fails if LB does SSL termination
6522179 Policy evals for subjects with multiple groups time out because LDAP search time limit exceeded
6522458 Alternate Boot Environment support not present in 119466-08
6529480 amadmin / amverifyarchive / ampassword missing 3 variables after adding patch 10
6536635 AM needs to support the new setReadTimeout API introduced in JDK 1.5
(from 119465-10)
6479540 AccessManager sends incorrect PolicyResponse when ChineseCharacters are used in the URL as Query
6385019 Double clicking login button can crash WS if login module calls HttpServletResponse.addHeader
6271005 policy client sdk does not create new app sso token if the server is restarted
6421511 Access Manager patches do not install for ABE and with configure later option for packages
6444541 Post authentication processing of logouts can fail in multi server environment
6452630 AM SecurID helper hard coded 7500 ms timeout for connection
6463100 AM 6.3 Patch 9: amconfig displays exceptions for SJS Application Server
6479248 maxSessions.jsp forwarded to users even though stats report active session below max limit
6479476 Not receiving SAML assertion in return
6491021 Creating users starting with '#' creates two uids
(from 119465-09)
6245226 In Session Failover timed out Session requests does not respond untill the read time out expires.
6271002 amclientsdk.jar missing some classes
6306722 Remote Client SDK error (NoClassDefFoundError SessionBundle)
6409600 ConcurrentModificationException in AMObjectImpl prevents AMEvents from being delivered
6461079 service schema allows to have duplicated AttributesSchemas
6462789 "Base DN to Start Search" field for groups should not be editable from Add Users page
6462802 The "Base DN to Start Search" field for groups should take People Container DN too.
6463730 XSS vulnerability with the goto and gx-charset parameters
(from 119465-08)
6331016 logging out of a server using a remote session does not destroy the session
6385177 Session Expiry is not checked by the SAMLAware Servlet
6285511 Auth displays " String index out of range: -1" for Logout in multi-insts setup
6373671 Console logout on WebLogic results in Error 500 and exceptions
6386378 Kerberos auth error using Windows Desktop SSO in Access Manager 2005Q1
6387543 CDC servlet: In CDSSO mode "?sunwMethod=GET" is added to the URL
6388327 AMEvent objects created without the sourceDN
6388606 Fatal error message (and exception in debug log) instantiating PolicyEvaluator
6390472 AM API does not authenticate if the password contains a leading or a trailing space
6391943 Can't find resource for bundle java.util.PropertyResourceBundle, key wrongSOAPEnvtag
6409176 AM authentication issue when Account loockout enabled in Directory Server
6385281 Need command line script to start/stop Session Failover mechanism
6222704 Pre/Post processing doesn't work for password changes
6339025 UserID & Password validation plugin is not fully functionning when defined at the organization level
6377962 The log does not show up at all unless the site is both SAML source and destination.
6254917 Minor Version in the SAML REsponse and Assertion part are mismatched
6377915 Adding load balance cookie support in SAML auth
6388761 Assign any users to any ldap group using AM 6.3 Console
6396494 Deletion of Users in a Group through amadmin CLI does not work
6409584 Multiple AMObjectImpl are not registered in the AMEvent mechanism
(from 119465-07)
6323639 Instances of AM across timezones timeout user sessions
6232251 Auth UI does not always honor gotoOnFail parameter
6332589 API's responsible for creating agent sessions
6349253 PostProcessor and a custom policy condition classes, set attibutes to the SSOToken, they are lost
6361140 C/C++ am policy APIs seem incorrect
6368958 Operation failure of amadmin command after abnormal termination by Ctrl+C
(from 119465-06)
6330306 Access Manager SDK HttpsURLConnection uses a plain socket when retrying a failed connection
6352076 WL8.1 SP4: Access denied while accessing any resource first time in cdsso setup
6308982 Need population of module specific customized error message and error template via Auth remote API
6255603 Turn on strict session timeout handling in server log
6287546 EnforceStrictSessionTimeout is misisng in old console/password web applications
5094149 Auth does not set error message/template in the xml message
6290949 Modify the default value for iplanet-am-session-store-cpl-max-wait-time
6342097 When Cert CRL is enabed, too many LDAPConnections open and never get closed, this causes memory leak
6343535 SOAP implementation of BEA is incompatible with amclientdsk
6351524 LDAP search time during policy evaluation is too long when there are thousands users in a group
6352008 SOAP object does not set the SOAPAction header when transported over HTTP(s) in the SAML request
6360631 Session not terminated through session management
6278928 isValidToken(token) for an invalid token returns true even after refreshing session
(from 119465-05)
6323368 AMUser.addEventListener does not notify and throws Exception
6321421 Wrong versions of xalan.jar & xercesImpl.jar in /opt/SUNWam/lib
6261110 User gets "Redirect limit for this URL exceeded".
6319028 clientsdk does not handle exceptions in the SOAP message
6325343 amclientsdk.jar doesn't handle localized content in utf-8 properly
6325233 Policy notifications not working for amclientsdk.jar in 63 RTM bits
6269853 Logged User id is null when an invalid uid is used.
6323358 remote policy api failing to create application SSO token for amclientsdk from 63 RTM
6293833 Exception thrown when removing members from static group
6276972 Delay in AM6.3 failover to secondary ldap directory
(from 119465-03)
6292838 iplanet-am-role-display-options not processed correctly for Filtered Roles
6201204 HTTPS redirect in CDSSO - redirets to default http PORT 80
6244578 AM should warn user that the browser cookie support is disabled/not available
6236892 Image/Text place holder while CDCServlet is processing the AuthNResponse after Login
5021818 amLog file is reporting Filehandler errors
6255526 Cookieless fix - performance issues (objects leak, etc.) when 'cookie.check' is 'true' in AMConfig
6272812 login failure attempts-count is not reset upon a successful login
6281059 AM6.1 event service does not work when polling is enabled
6282777 implementing TTL on amsdk cache
6240262 Agent is not working with cookiesless mode unable to read ssotoken from URL querystring
6246367 AM hangs due a deadlock in initializing EventService/SM/UM are all waiting for each others init
6250467 SOAPClient doesn't support http basic auth
(from 119465-02)
6202840 Session history keeping Goto URL's around
5085524 Session object are not cleared up when they are destroyed
6293866 amconsole navigate to next page fail
6201986 AM SDK can not handle user credentials with >'& ' and '<' characters
6251848 AMSDK does not work with AM behind loadbalancer
6277475 Patch application on SDK nulls out amadmin and ampassword on linux
6244499 Console logout on WebLogic results in Error 500 and exceptions
6254890 ApprovalCallback has to have a property makes AM server trust only listed in AMConfig.properties
6277119 Error is shown when amconsole is accessed after installing ampatch in weblogic install on linux
6189388 Identity ACI's causing performance degredation
6219822 Admin console online help gives 404 error on WebSphere 5.1
6301199 Gateway configuration fails in 7.0 build8
6269826 login password in debug mode shown in plain text in amAuth debug file
6298312 WebServer fails to start after patchadd
6298973 amconfig scripts fail to reconfig AM after following patch README
6292616 AM sdk clients need restart after svc schema change
(from 119465-01)
6215206 SUNWxrpcrt package does not work with Access ManagerSOAPClient/JAXRPC servlet
6203563 Get Exception error when select Affiliate option of an affiliate Entity.
6202574 fedCookie status does not change
6205443 EventService should not run into a tight loop when it does not get Persistent Search Connection
6220837 Deleting a service assigned to user makes system unusable
5029256 Typo in argument to referencial integrity plugin + more attribute indxes needed user makes system unusable
6228389 Perf changes for Session Failover (making session blob encryption configurable)
6207888 Accessing Admin Console Online Help on WebLogic results in 404 Error
4948368 IS sdk does not get app session for SRA gateway in bea cluster configuration
6198000 Back button on invalid session breaks goto
6202840 Session history keeping Goto URL's around unexpectedly
5107637 Already logged in - an incorrect wording
6259627 Issues related to 'cookie hijack enabled' cookie maintenance
Revision History:
119465-01 119465-02 119465-03 119465-05 119465-06 119465-07 119465-08 119465-09 119465-10 119465-11 119465-13 119465-14 119465-15 119465-16 119465-17
Patch Installation Instructions:
--------------------------------
For Solaris 8-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/119465-17
The following example removes a patch from a standalone system:
example# patchrm 119465-17
For additional examples please see the appropriate man pages.
Special Install Instructions:
0
README -- Last modified date: Saturday, November 10, 2012