Patch-ID# 120091-15

6547061 Need to bundle in new xmlsec.jar due to incorporate fix for 6519471
 
(From 120091-14)
=================
6539991 Issue related to property, com.sun.identity.saml.escapeattributevalue
6539933 Blank value of  "Reference URI" in the Assertion of the saml
 
(From 120091-13)
=================
6463730 XSS vulnerability with the goto and gx-charset parameters
6422249 SAML assertions using excessive memory
6496775 Need to include ldapjdk.jar 4.19 in AM 6.2
 
(From 120091-12)
=================
6354057 ErrorCodes_ja.props in patch 115766-08 is broken
6398604 Profile is not created with userCreationAttributes from external LDAP if password has to be changed
6385019 Double clicking login button can crash WS if login module calls HttpServletResponse.addHeader
 
(From 120091-11)
=================
6381655 An enhanced pre61to62upgrade script with error checking is requested
6384492 Script Upgrade61DitTo62 does not validate passwords
6387712 Notification requests can cause a build up of close_wait connections
 
(From 120091-10)
=================
6308982 Need population of module specific customized error message and error template via Auth remote API
5094149 auth does not set error message/template in the xml message
6330306 Access Manager SDK HttpsURLConnection uses a plain socket when retrying a failed connection
6351524 LDAP search time during policy evaluation is too long when there are thousands users in a group
6350438 AM hang under peak load caused by LDAP access within synchronized block
6201986 AM SDK can not handle user credentials with '& ' and '<' characters 
 
(From 120091-09)
=================
6308771 Pluggable User Status Event Classes"  does not exist in the GUI, under core- authentication
6269826 Login password in debug mode shown in plain text in amAuth debug file
6245634 Too many invalid session requests could cause a server hang
6292616 AM sdk clients need restart after svc schema change
6237190 Need to escape the special characters in session xml messages
5064043 Identity Server running on two networks cannot distinguish between addresses
6320475 com.iplanet.am.session.client.polling.enable on server side must not be true 
6276972 Delay in AM6.3 failover to secondary ldap directory 
6331016 Logging out of a server using a remote session does not destroy the session
 
(From 120091-08)
=================
6297065 Improve AM6.2 patch building mechanism to keep patchID only in one place
6297076 Cleanup AM6.2 patch README file to eliminate manual steps
6228648 Attribute iplanet-am-role-managed-container-dn of a filtered role not read with fix for Bug 6217200
6265175 It is not possible to apply AM hotpatches on systems which has not installed a comlete AccessManager
6292838 iplanet-am-role-display-options not processed correctly for Filtered Roles
6293833 Exception thrown when removing members from static group
6294440 LDAP authentication module can prompt user to change their password prematurely
 
(From 120091-07)
=================
6221330 API getFilteredRoleDNs and getAllRoleDNs of AMUser/AMUserImpl does not check whether the roleDN's of a user have objectclass "iplanet-am-managed-role" and "iplanet-am-managed-filtered-role".
6251148 Authenticator ID is being stransmission of Radius client request.
6260601 AM 6.2 patch does not run on x86 platforms
5083387 amadmin cli cannot add subconfiguration if subConfigName contains "/"
6254917 Minor Version in the SAML REsponse and Assertion part are mismatched
6232251 Auth UI does not always honor gotoOnFail parameter
6267130 AM 6.2 patches failed to apply on a system with only AM SDK installed
6260941 AM does not work correctly from behind a proxy server
6274185 AM 6.2 patch6 breaks soft link of AMConfig.properties
5056660 Changing password user ldap does not work when password getting expired
6277864 AM6.2 patch6 included wrong xercesImpl.jar and xml-apis.jar
 
(From 120091-06)
=================
6226769 Makefiles need to be changed to pick up fix of 6221011 on ldapjdk.jar 4.16.1
5079696 Searching for another ldap subject after selecting one subject throws error 
5048378 Inconsistent usage of com.iplanet.am.smtpport property 
6236892 Image/Text place holder while CDCServlet is processing the AuthNResponse after Login 
6185928 AM 6.2HP2 - Default "LoginURL" not work, when SSL terminated externaly 
6218242 Access Manager does not handle List types in group selection 
6237056 AM 6.2 patch 4 should redeploy services.war to update Login.jsp for a bug fix 
6241717 6.2patch4 fails to update classpath for xml jars 
6243214 Issues when installing AM6.2 patches
6254890 ApprovalCallback has to have a property which makes AM server to trust only servers listed in AMConfig.properties
 
(From 120091-05)
=================
6214677 Policy API not extracting policy correctly in certain circumstances
6235384 AM 6.2 backout issue
 
(From 120091-04)
=================
5076037 locale parameter not set correctly in non JAAS Thread model
6198000 Back button on invalid session breaks goto
6202838 Back button breaks goto URL
6202840 Session history keeping Goto URL's around
5107637 Already logged in - an incorrect wording
6206629 WebLogic J2EE Agents have persistent LDAP connections closed by load balancer due to idle
6204178 there is no way to terminate a session created by application auth module
6222704 Pre/Post processing doesn't work for password changes
6217200 Users in filtered admin roles are not redirected to the admin console
 
(From 120091-03)
=================
5046174 Non-JAAS thread implementation to 6.2 in auth framework in order to prevent DOS attack
5086581 Non JAAS Thread Mode - Cert Auth Module Sample not working
6185149 AddDefaultValues doesnt add default value for an existing service
5087540 Error "modification of profile fail" when adding a user to a group.
6197111 AM6.2 HP2 does not seem to be patching the WAR staging area, instead it is patching the exploded areas
4847369 Logs getting inconsistent values for IP address
6215016 Module parameter in url cannot be carried into new org login page
 
(From 120091-02)
=================
5107381 Recursive user-profile look-up in Certificate Authentication
5102680 CRLValidation doesnot work on AM6.2 due to GeneralNamesException class being drop in JDK 1.4.2 and above
5085363 Identity Server running on two networks cannot distinguish between addresses
5093089 TCP sessions builds up to a point where the machine runs out of file descriptor.
5083405 Authentication failed page leads to "AuthnRequest is not Valid"
6178909 Can not install AM6.2HP1 when SSL is enabled on DS
5105263 AM 6.2 - Reauth with invalid credential should show error
5099037 Need to make AuthenticationLocality configurable
5083368 Threading and performance problem in federation and de-federation scenario
5102536 Unable to modify trusted provider list after a provider had been deleted
4987109 Possible bug in preserving referential integrity of objects [ subs & policies ]
 
(From 120091-01)
=================
4872249 Subject eval should be outside of the policy
5052696 Session and Auth Objects dont get cleaned up completely a fter a login/timeout
5031902 Policy Cache not cleaned up correctly
5040055 readACL - search ACL in the search engine does not work with filtered roles
5060050 iPlanet Portal Server 6.3 Service definitions do not pop up
5015054 There should be a way to configure the redirect url on identity server
6285085 Revision number changes for SMS.dtd
5072454 pre61to62upgrade script hangs, using wrong Directory Server instance path
5097909 Web Server crashes in liberty when accessed by multiple clients
5055145 Identity Server preupgrade script removes the locale directory but not the localization package.
5060560 Not refreshing cache
5013729 Policy state is made inconsistent after the Policy Service is deleted
5013718 Safeword connections are not closed by Identity server
5090018 LDAP Auth fails when authenticating against OpenLDAP
5109607 Xalan2.6 upgrade
5095724 Logout action leads to 'ServerError'
5097235 XML configuration for authentication modules does not work as expected
5051401 Login error message rendered with "null\n"
5063149 SSO tokens created by internal auth api fails on policy evaluation.

--------------------------------
 
Backup following files:
 
amamAdminConsole.xml
amAuth.xml
amAuthSafeWord.xml
amProviderConfig.xml
amAdminCLI.properties
amAdminModuleMsgs.properties
amAuth.properties
amAuthSafeWord.properties
amAuthUI.properties
amProviderConfig.properties
AMConfig.properties
Login.jsp
membership.jsp
new_org.jsp
 
For Solaris 8 and 9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/120091-15
 
When postpatch script is executed, it will ask one to three questions about
the server instance path. In case Identity Server is running on web server,
you will be asked with this question:
 
What is the path of the WS 6.1 instance [/opt/SUNWwbsvr/https-hostname.domainname] ?
 
For Identity Server running on application server, the following question 
will be asked:
 
What is the path of Application Server instance [/var/opt/SUNWappserver7/domains/domain1/server1]
 
When Identity Server is running on application server, if the Identity
Server applications are redeployed multiple times, the application root
path can vary. In this case, you will be asked to input the correct path
to the deployment directory of application /amserver and /amconsole
 
What is the path of the deployment directory of /amserver [/var/opt/SUNWappserver7/domains/domain1/server1/applications/j2ee-modules/amserver_1] ?
 
What is the path of the deployment directory of /amconsole [/var/opt/SUNWappserver7/domains/domain1/server1/applications/j2ee-modules/amconsole_1] ?
 
Besides the above, there are two more questions to be asked:
 
What is the dn of the Directory Manager [cn=Directory Manager] 
What is the password for the Directory Manager [] 
 
Restart Sun ONE Identity Server once the patch is installed successful.
 
The following example removes a patch from a standalone system:
 
       example# patchrm 120091-15
 
For additional examples please see the appropriate man pages.

---------------------------------------
 
For Access Manager Server specific patch information and patch installation 
instructions, refer to the included patch release notes file, rel_notes.html,
located inside of the patchID directory once the file has been unzipped.
 
The patch release notes include must read information including installation
information, redeployment instructions, instructions on how to deal with
customized auth jsp files and workarounds for known issues and limitations.