Patch-ID# 120955-12


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: access manager security
Synopsis: AM 7.0_x86: Sun Java System Access Manager 2005Q4
Date: Nov/03/2010


Install Requirements: NA

Solaris Release: 9_x86 10_x86

SunOS Release: 5.9_x86 5.10_x86

Unbundled Product: Sun Java System Access Manager

Unbundled Release: 7.0

Xref: This patch available for sparc as patch 120954-12, for Linux as patch Patch-ID# 120956-12

Topic: Sun Java System Access Manager

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
508814412091564
620213512103844
620467912104503
621501612106779
622864812109502
623689212111254
624457812112765
624690512113255
626985312119220
626985812119222
627314812120084
628135812122177
628277712122561
628358212122869
628638812123684
628958912124636
629128712125079
629261612125463
629283812125572
629367312125793
629372012125809
629444012126106
629461812126179
629507512126344
629507812126345
629508112126347
629552412126476
629583412126592
629610812126661
629843312127277
629846212127281
629962112127580
630391712128804
630397512128823
630526812129199
630660512129585
630683312129636
630792012129943
630848812130120
630898212130272
630983012130532
630990712130550
631035612130697
631198512131067
631311712131367
631434212131689
631829612132892
631902812133087
632004612133406
632047512133537
632112812133678
632161612133804
632336712134369
632336812134370
632360812134425
632434912134733
632484112134890
632533312135058
632534312135063
632605012135284
632663412135469
632769112135859
632780212135915
632783612135930
632801812136035
632836212136155
632839612136162
633030612136790
633067812136944
633067912136945
633068512136946
633068712136947
633074712136961
633101612137056
633387012137916
633463312138161
633513712138304
633690412138801
633706312138855
633710612138868
633716012138883
633770112139052
633780612139095
633841812139253
633858212139304
633902512139456
634041812139851
634062512139908
634091812139992
634168612140182
634173712140190
634209712140306
634222312140338
634231312140354
634272512140494
634353112140710
634518912141043
634536212141067
634690412141444
634690812141445
634691812141449
634756812141605
634888812141984
634924412142106
634925312142110
634995912142307
634996212142308
635012612142343
635043812142464
635057312142491
635152412142742
635194812142841
635200812142852
635207612142855
635407312143359
635612712144061
635647312144182
635667012144230
635671512144237
635687912144285
635762512144526
635926612144993
636063112145460
636119112145677
636223212146008
636229712146025
636230012146027
636315712146324
636339912146389
636621512147176
636621912147177
636705812147437
636821812147821
636922712148104
636934112148134
636941412148150
636974512148264
637025212148438
637035012148460
637036012148462
637036312148464
637158412148838
637176212148896
637330212149423
637332812149427
637345812149451
637359912149486
637466912149791
637484612149838
637665012150407
637791512150764
637796212150789
637932512151146
638068012151623
638165512151966
638263312152227
638433912152726
638437912152741
638449212152777
638501912152902
638518412152945
638518512152946
638569612153107
638571012153110
638572912153112
638627712153276
638637812153297
638771212153677
638832712153911
638854912153961
638901912154087
638919612154125
638956412154233
639037912154387
639047212154405
639194312154928
639546312156090
639640912156339
639649412156358
639691312156502
639710212156532
639860412156941
639916812157099
640081412157620
640249012158145
640662112159239
640672912159266
640691912159333
640799512159626
640872712159839
640917612160015
640958412160120
640960012160129
641000712160255
641031212160390
641106012160630
641303012161228
641310812161246
641358912161410
641359712161412
641601212162173
641854512162951
641929512163234
641983812163411
642132812163854
642287512164290
642287612164291
642287712164292
642287812164293
642287912164294
642290112164300
642354712164501
642378112164535
642538312165033
642604412165184
642605012165186
642605512165189
642605612165190
642650512165334
642650812165336
642651512165338
642651712165339
642690012165462
642829612165787
642923612166010
642936812166056
642961012166102
642993212166201
643012612166234
643179812166774
643289312167130
643296912167140
643363712167307
643488112167671
643588912167913
643598312167941
643615212168002
643648212168056
643691012168158
643691312168159
643704212168195
643742312168295
644069112169190
644069712169194
644196112169583
644252012169765
644281812169888
644375812170217
644403012170325
644454112170470
644567812170840
644753212171545
644907912171982
644956312172085
644957312172086
644961112172090
644961812172092
645056512172296
645263012172720
645275812172749
645379512172998
645650412173477
645713812173655
645804112173895
645890512174120
646000212174392
646107912174665
646148112174772
646231012175027
646373012175535
646377912175545
646379612175551
646427112175679
646565712176195
646683512176613
646756212176861
647257412178496
647319912178717
647647012179749
647793812180190
647817512180253
647825512180272
647836112180288
647924812180571
647954012180635
648001912180749
648288612181608
648315012181674
648494712182179
648524012182221
648559712182317
648672412182572
648684312182591
648843212183018
648951412183333
648951812183335
648951912183336
649102112183765
649137112183876
649430412184782
649464312184927
649578112185200
649615512185323
649840512186152
649890212186305
649926412186444
649926812186445
650228512187185
650371012187535
650383112187561
650389112187574
650730312188421
650751012188486
650756812188511
651187612189669
651364212190168
651365312190175
651365512190177
651369712190183
651435512190371
651550212190720
651776012191275
651852112191413
651891912191497
652156512192150
652217912192308
652272012192447
652386612192773
652388812192783
652492612193082
652644012193453
652920512194150
653231112194876
653231512194878
653663512195933
653860612196498
653909012196633
653919512196676
653989412196860
654169512197356
654252212197592
654517612198336
654706112198827
654737612198921
654834112199168
655322912200263
655350512200332
655462112200582
655777812201214
656223212202214
656460412202771
656487712202813
656694812203366
656774612203558
656955712203942
657040912204203
658063012206594
658132412206705
658481612207468
659288412209417
660061812211210
660313712211774
660587012212385
660789212212872
661260912213833
661587912214611
662074612215675
662489512216689
662519112216752
662678612217156
662723012217278
662911012217781
663427612219391
663760012220285
664738712223073
664892512223511
665382712224864
665736712225758
665739312225765
665935612226361
667681612231264
667744012231467
668536812233544
669110612235167
669315212235797
669635412236732
669691012236831
669726012236894
669796612237061
669824712237153
670342912238210
670977112239977
670988912240005
671171112240532
671299312240869
671402312241076
671469312241201
672160612242701
672520612243581
672822712244196
673084312244654
673870312246211
674085212246641
674535312247453
674663412247659
674965612248330
675305012249153
675419512249417
675580112249697
675607912249726
676636312252160
677023112253057
677788912255007
678587712257568
678661012257708
679530812259817
679889012260757
680439112262016
680882112262995
681333912264071
681842312265180
682238812266022
683479112268928
684219012270495
684348712270791
684449012270964
686794412276163
687116312276839
687271812277168
688877812280339
688878312280341
688878412280342
688882012280349
689407712281523
690217412283250
690231012283262
690761812284542
690769912284560
691673312286336
692083912287146
692581712288181
692620312288252
693710412290723
693799912290920
693816212290977
695932512296252
696011212296407
696406212297197
697077012298603
697109512298682


Changes incorporated in this version: 6964062 6971095 6770231 6926203 6920839 6937104 6902310 6970770 6871163 6894077 6808821 6916733 6907618 6888820 6959325 6907699 6822388 6960112 6888778 6888783 6888784 6938162 6937999 6925817

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/etc/opt/SUNWam/config/AMConfig.properties.template
/etc/opt/SUNWam/config/amProfile.conf
/etc/opt/SUNWam/config/serverconfig.xml.template
/etc/opt/SUNWam/config/xml/template/amAuth.xml
/etc/opt/SUNWam/config/xml/template/amAuthCert.xml
/etc/opt/SUNWam/config/xml/template/amDelegation.xml
/etc/opt/SUNWam/config/xml/template/amDisco.xml
/etc/opt/SUNWam/config/xml/template/amPlatform.xml
/etc/opt/SUNWam/config/xml/template/amPolicyConfig.xml
/etc/opt/SUNWam/config/xml/template/amSOAPBinding.xml
/etc/opt/SUNWam/config/xml/template/amSession.xml
/etc/opt/SUNWam/config/xml/template/idRepoService.xml
/opt/SUNWam/Makefile.clientsdk
/opt/SUNWam/Makefile.distAuthUI
/opt/SUNWam/README.clientsdk
/opt/SUNWam/README.distAuthUI
/opt/SUNWam/am_server.war
/opt/SUNWam/amauthdistui.war
/opt/SUNWam/amclient.war
/opt/SUNWam/bin/am2bak.template
/opt/SUNWam/bin/amadmin.template
/opt/SUNWam/bin/amas70config
/opt/SUNWam/bin/amas81config
/opt/SUNWam/bin/amconfig
/opt/SUNWam/bin/amhasetup
/opt/SUNWam/bin/ampassword.template
/opt/SUNWam/bin/amsamplesilent
/opt/SUNWam/bin/amserver.template
/opt/SUNWam/bin/amsessiondb
/opt/SUNWam/bin/amsfo
/opt/SUNWam/bin/amsfoconfig
/opt/SUNWam/bin/amsfopassword
/opt/SUNWam/bin/amsvcconfig
/opt/SUNWam/bin/amtune/amtune
/opt/SUNWam/bin/amtune/amtune-as7
/opt/SUNWam/bin/amtune/amtune-as8
/opt/SUNWam/bin/amtune/amtune-directory.template
/opt/SUNWam/bin/amtune/amtune-env
/opt/SUNWam/bin/amtune/amtune-identity
/opt/SUNWam/bin/amtune/amtune-os
/opt/SUNWam/bin/amtune/amtune-prepareDSTuner
/opt/SUNWam/bin/amtune/amtune-samplepasswordfile
/opt/SUNWam/bin/amtune/amtune-utils
/opt/SUNWam/bin/amtune/amtune-ws61
/opt/SUNWam/bin/amtune/remacis.ldif
/opt/SUNWam/bin/amutils
/opt/SUNWam/bin/amverifyarchive.template
/opt/SUNWam/bin/amwas51config
/opt/SUNWam/bin/amwl81config
/opt/SUNWam/bin/amws61config
/opt/SUNWam/bin/bak2am.template
/opt/SUNWam/console.war
/opt/SUNWam/docs/am_public_javadocs.jar
/opt/SUNWam/dtd/Auth_Module_Properties.dtd
/opt/SUNWam/dtd/remote-auth.dtd
/opt/SUNWam/include/am.h
/opt/SUNWam/include/am_log.h
/opt/SUNWam/include/am_map.h
/opt/SUNWam/include/am_policy.h
/opt/SUNWam/include/am_properties.h
/opt/SUNWam/include/am_sso.h
/opt/SUNWam/include/am_string_set.h
/opt/SUNWam/include/am_types.h
/opt/SUNWam/include/am_utils.h
/opt/SUNWam/include/am_web.h
/opt/SUNWam/introduction.war
/opt/SUNWam/lib/am_logging.jar
/opt/SUNWam/lib/am_sdk.jar
/opt/SUNWam/lib/am_services.jar
/opt/SUNWam/lib/am_sessiondb.jar
/opt/SUNWam/lib/am_sso_provider.jar
/opt/SUNWam/lib/amclientsdk.jar
/opt/SUNWam/lib/amsfo.conf
/opt/SUNWam/lib/libamsdk.so.2
/opt/SUNWam/lib/libamutils.so
/opt/SUNWam/lib/libxml2.so.2
/opt/SUNWam/lib/xmlsec.jar
/opt/SUNWam/locale/LC_MESSAGES/amsfoconfig.mo
/opt/SUNWam/locale/amAdminCLI.properties
/opt/SUNWam/locale/amAuth.properties
/opt/SUNWam/locale/amAuthCert.properties
/opt/SUNWam/locale/amAuthContext.properties
/opt/SUNWam/locale/amAuthLDAP.properties
/opt/SUNWam/locale/amAuthSecurID.properties
/opt/SUNWam/locale/amAuthUI.properties
/opt/SUNWam/locale/amConsole.properties
/opt/SUNWam/locale/amFederation.properties
/opt/SUNWam/locale/amIdRepoService.properties
/opt/SUNWam/locale/amInteraction.properties
/opt/SUNWam/locale/amPolicy.properties
/opt/SUNWam/locale/amPolicyConfig.properties
/opt/SUNWam/locale/amSAML.properties
/opt/SUNWam/locale/amSDK.properties
/opt/SUNWam/locale/amSOAPBinding.properties
/opt/SUNWam/locale/amSession.properties
/opt/SUNWam/locale/amSessionDB.properties
/opt/SUNWam/locale/getEncoding.class
/opt/SUNWam/migration/61to62/scripts/Upgrade61DitTo62
/opt/SUNWam/password.war
/opt/SUNWam/samples/authentication/api/Cert/Makefile
/opt/SUNWam/samples/authentication/api/LDAP/LDAPLogin.java
/opt/SUNWam/samples/authentication/api/LDAP/Makefile
/opt/SUNWam/samples/authentication/api/Readme_setup.html
/opt/SUNWam/samples/authentication/api/jcdi/Makefile
/opt/SUNWam/samples/authentication/spi/certmodule/CertModuleSample.java
/opt/SUNWam/samples/authentication/spi/certmodule/CertModuleSample.xml
/opt/SUNWam/samples/authentication/spi/certmodule/CertModuleSamplePrincipal.java
/opt/SUNWam/samples/authentication/spi/certmodule/Makefile
/opt/SUNWam/samples/authentication/spi/certmodule/Readme.html
/opt/SUNWam/samples/authentication/spi/certmodule/amAuthCertModuleSample.properties
/opt/SUNWam/samples/authentication/spi/certmodule/amAuthCertModuleSample.xml
/opt/SUNWam/samples/authentication/spi/genuid/Readme.html
/opt/SUNWam/samples/authentication/spi/jcdi/Readme.html
/opt/SUNWam/samples/authentication/spi/postprocess/ISAuthPostProcessSample.java
/opt/SUNWam/samples/authentication/spi/postprocess/Readme.html
/opt/SUNWam/samples/authentication/spi/providers/Readme.html
/opt/SUNWam/samples/authentication/spi/purejaas/Makefile
/opt/SUNWam/samples/authentication/spi/purejaas/Readme.html
/opt/SUNWam/samples/console/Readme.html
/opt/SUNWam/samples/console/Readme.txt
/opt/SUNWam/samples/csdk/README.TXT
/opt/SUNWam/samples/csdk/am_log_test.c
/opt/SUNWam/samples/csdk/am_sso_test.c
/opt/SUNWam/samples/logging/RunSample
/opt/SUNWam/samples/phase2/sis-ep/bin/load_ldif.sh
/opt/SUNWam/samples/phase2/wsc/index.jsp
/opt/SUNWam/samples/policy/Readme.html
/opt/SUNWam/samples/policy/Readme.txt
/opt/SUNWam/samples/saml/xmlsig/Readme.html
/opt/SUNWam/samples/saml/xmlsig/Readme.txt
/opt/SUNWam/samples/sso/TestHttpsClient.java
/opt/SUNWam/samples/sso/run
/opt/SUNWam/samples/um/Readme.html
/opt/SUNWam/samples/um/RunSamples
/opt/SUNWam/services.war
/opt/SUNWam/share/HARepo/amsessionconfig
/opt/SUNWam/share/bin/amunixd
/opt/SUNWam/share/bin/amwar
/opt/SUNWam/share/bin/checkport
/usr/share/lib/identity/console-war/WEB-INF/lib/am_console.jar
/opt/SUNWam/bin/amsdkconfig

Problem Description:

6964062 Unnecessary session requests repeatedly send from one server to another
6971095 Certificate based authentication does not work with Dist Auth
6770231 goto URL not validated
6926203 goto URL incorrect validation in distAuth
6920839 SAMLPostProfile Servlet issues
6937104 OpenSSO - Password Reset link issue
6902310 session-id issue upon successful authentication
6970770 Resource access issues across realms
6871163 Need to bundle in latest C-SDK (from WebAgents 2.2-05 bits bundled with NSS 3.12.5) into AM server
6894077 In Cookie hijacking mode, logout request hangs
6808821 ClientSDK : Cannot login and get profile as Portal user created in Active Directory through OpenSSO
6916733 updateschema.sh has issue with old version of ldapjdk.jar
6907618 Remote IdRepo calls does not work when special characters present
6888820 Need to add 7.0 AMSDK DistAuth support for 7.1 AM Server Windows Desktop SSO authentication
6959325 Access Manager Patch README needs to declare the required patch
6907699 LDAP+Radius Auth chain can't propagate Radius new pin or Next Token page
6822388 App session invalid message can not be handled by web agent
6960112 Null Pointer Exception during reauthentication of user
6888778 config/federation/default/Error.jsp problem
6888783 problem in SMProfileViewBean
6888784 Policy servlet output encoding
6938162 Session Token in URLs /opensso/federation /opensso/realm etc
6937999 Problem in /opensso/base/AMAdminFrame
6925817 IdRepo unwanted debug info 
 
(from 120955-11)
6867944 Method encodeUrlPath does not handle simple path properly
6698247 Access Manager Radius Authn Module lost uid between access_request and access challenge
6902174 SAML Assertion has incorrect character in the Assertion ID, causing failure in interaction service
6843487 Add a property to set flag HttpOnly when creating AM session cookie
6753050 Cannot Access Admin Console After applying patch8 on Websphere 5.1.1
6872718 Persistent XSS scripting issue in OpenSSO
 
(from 120955-10)
6804391 amsecuridd process crash and hang issues in AM Servers 6.3 and 7.0
6834791 updateschema.pl is not prompting for DS hostname and port in AM on Windows
6777889 amSecurIDD process crashing in AM 6.3 and AM 7.x servers frequently
6795308 CDCServlet can make advice available to the wrong client
6813339 notification URL is not re-registerd after restarting AM
6818423 severing LDAP connection cause spordic login failure afterwards
6785877 Cleanup debug files
6844490 Need to bundle in latest C-SDK into AM server
6842190 updateschema.sh throws ": integer expression expected[: 21 " on linux
6749656 Updating service schema for filtered role privileges
 
(from 120955-09)
6754195 LDAP servers not correctly closing sockets can cause AM server to hang
6677440 Probable XSS vulnerability in the cdcservlet on AM7.0p5
6564604 WindowDesktop SSO is not working with IBM Websphere
6755801 AMSDK does not failover to secondary DS if primary DS is down in legacy mode
6798890 7.0patch8 double encodes query string in CDCServlet
6738703 Attributes in http header are never updated
6745353 AM SDK does not failover to secondary DS properly
6766363 Re-establishing ldap conn pool under load has problems/race conditions
6786610 Application based idle timeout feature broken when security hole was plugged
6714023 SECURID messages for SAFEWORD Authentication does not translate one particular message correctly
6756079 Randomly some users cannot log in Access Manager despite their login and password being correct
6746634 Policy is created but ineffective until AM restarted
6728227 Policy evaluation fails when the policy definition's subject include Chinese characters
 
(from 120955-08)
6377962 Additional SAML logging is required for authentication logging
6486843 Delegation Privileges cannot be defined for a filtered role
6712993 information issue in access manager login
6740852 Configuration Items in console can show information
6503710 AM login sporadically fails when LDAPv3 people container is set to empty
6538606 IDWSF need to enhance to work with SAML2
6600618 Appending a string matching a wildcard policy to a URL can result in unexpected authenticated access
6637600 psearch connections to directory server not terminating resulting in resouce crunch and even crash
6647387 Logging Reducing the Logging overhead from internal users logged when communicating from PA to AM Server
6653827 SOAP client is entering an infinite loop after the AM server becomes unavailable
6657367 CDSSO: CDCServlet has JS dependency, enhancement to remove this dependency
6657393 %U in user id causes infinite loop
6659356 New bug with the interaction process in a balanced scenario
6676816 Passing http parameters ending in % causes thread to spin when running on IBM or BEA appserver
6685368 DistAuth state lost at login page after com.iplanet.am.session.invalidate timeout and goto param
6691106 Multiple SiteMonitor threads could be running for checking the same site
6693152 amsdk jar files should include version number in the manifest file
6696354 CDC servlet does not encode special characters in the destination URL
6696910 AM 7.0 patch 5 memory leak (hashmap/string objects)
6697260 Add option to allow agent application session to idle timeout
6697966 Upgrade JES2 to JES4 : Access Manager amupgrade script hangs
6703429 "Accept-Language" property not inherited when request are exchange between AM servers in a LB env
6709771 Federation session map is not cleaned up if sessions are timed out
6709889 User can login to amconsole using uid with wildcards such as "amadmi*" or "amadm*" or "amad*"
6711711 Profile attributes map not forwarded in HTTP_HEADER
6714693 In an AM LB environment, PA return inconsistent HTTP_HEADER values for entrydn
6721606 Return incorrect cookie domain for method getCookieDomainsForReq
6725206 Memory leak on ServiceConfigImpl object
6730843 "goto" is missed in the "Authentication failied" page, if LB is not sticky
 
(from 120955-07)
6286388 Not able to dymanically create user profile with LDAPv3 data store
6511876 SAML request fails if LB does SSL termination
6449079 ServiceConfigImpl synchronization block causes hang when client/server are on the same host
6620746 Memory leak causing heap growth in AM 6.3 Policy Evaluation tests
6409600 ConcurrentModificationException in AMObjectImpl prevents AMEvents from being delivered
6458041 Patches should add properties to the AMConfig.properties files for all instances
6566948 NT users fail to authenticate against AM if user's password contain an accent character
6567746 AM7 patch5 reports errorCode=null instead of 107 when passwordretrycount is exceeded
6570409 Interaction Service behind the load balancer does not work as expected.
6581324 Portal Server doesn't reconnect to Access Manager if access manager is started after the PS
6605870 StackOverflowError when evaluating the delegation
6607892 Access Manager will not follow goto URL from logout page when session has expired
6612609 Session failover does not work if network cable is pulled off from MQ box
6615879 AM patching script should notify what properties and config files get overwritten by the patch
6624895 Connection to ldaps hangs when used with access manager 7.0 p6
6625191 AM 7.0 Patch 6 amconfig script overwrites serverconfig.xml
6626786 Internal sessions created for application auth module do not get cleaned
6627230 AM7.0 does not set session property UserId to the uid for Cert module
6629110 Under load testing stress the amconsole experience memory leak
6634276 ExceedRetryLimit message doesnot show correctly on AM7 with JA locale
6648925 Incorrect title bar is shown when an invalid realm is provided at login
6653827 SOAP client is entering an infinite loop after the AM server becomes unavailable
 
(from 120955-06)
6292838 iplanet-am-role-display-options not processed correctly for Filtered Roles
6228648 Attribute iplanet-am-role-managed-container-dn of a filtered role not read
6324841 LDAPConnections not being reset periodically
6350438 AM hang under peak load caused by LDAP access within synchronized block
6413108 amsdk doesn't fallback to primary directory server once primary comes up
6522179 Policy evals for subjects with multiple groups time out because LDAP search time limit exceeded
6536635 AM needs to support the new setReadTimeout API introduced in JDK1.5
6539090 User Based Authentication shows incorrect profile post authentication
6466835 Synchronization issue in JAXRPCUtil.java for getValidURL method
6337806 Errors while redeploying to multiple instances on app server 8.1
6449611 amclientsdk: Changes in data store are not propagated to the clientsdk
6449618 amclientsdk: AMConfig.properties created by Makefile.clientsdk is unusable
6461481 AM7 instances should log to separate directories/log files for the /var/opt/SUNWam/logs
6472574 Policy subject result cache is not cleaned up when receiving session notifications
6486724 Secure cookie flag should be set in CDSSO/cookie hijacking scenario
6496155 Use a restriction token other than the IP address in cookie hijacking feature
6502285 AM 7.0, new line char in the Policy Description throws message that is misleading
6503891 Need to provide AM protected namespace for protected properties
6507303 Programatic login cannot be localized
6507510 Patch add fails when Access Manager is installed with Configure Later option on Solaris
6507568 LDAP AuthModule does not return correct error when password validation fails
6514355 session quota constraints blocking user access when session db/jmq is down and session failover
6518521 bak2am.bat fails with "ERROR: Operation failed: Could not get running services."
6521565 Agent fails if agentRootURL list has a non dns hostname
6522720 On the AM Console, performing search in help doesnot work if keyword is enter as Japanese character
6523866 Alternate Boot Environment support required for AM 7.0
6523888 Config later support is required in 7.0 for Linux
6526440 XML Entity References cause problems in Remote Auth API Callbacks
6532311 Authentication validation rules should prompt user password and not deny user
6532315 Dead lock in SM while getting list of polcies from policy manager
6539195 AM 7.0: Server memory leak
6539894 AM 7.0 Multiple cookies domain does not work after applying patch 5
6541695 Post-auth plug-in changes to support Sharepoint
6542522 "Select Action" drop down menu should not have certain options when results return via membership
6545176 SAML2 plugin corrupting the amserver.war file
6547061 Need to bundle in new xmlsec.jar due to incorporate fix for 6519471
6547376 Errors when connecting to the ldapv3 plugin
6548341 AM 7.0P5:Protected resource is not displayed if the hostname and domain name are in mixed case
6553229 AM7 Console on Linux does not correctly display Action items
6553505 RSA auth module logs pin & token in debug mode
6554621 Needs to support com.iplanet.am.jssproxy.SSLTrustHostList
6557778 AM7.0 timed out sessions didn't clean up due to session notification looping
6562232 Realm login via distAuth is not working in AM7.0Patch5
6564877 AM 7.0 Patch upgradation or installation overwrites the SAML V2 setup without warning
6569557 ServiceSchema.setAttributeDefaults() fails with amclientsdk
6580630 Addition of IE 7 browser support to Access Manager 7.0
6584816 Server error using AM7.0 patch 5 when user tried to assigned role
6592884 Session stickyness not working with multisite configuration with WebAgents
6603137 Cannot create policy with time condition
 
(from 120955-05)
6390472 AM API does not authenticate if the password contains a leading or a trailing space
6398604 Profile is not created with userCreationAttributes from external LDAP if password has to be changed
6385019 Double clicking login button can crash WS if login module calls HttpServletResponse.addHeader
6409176 AM authentication issue when Account loockout enabled in Directory Server
6377915 SAMLAwareServlet does not work in a Load Balanced environment
6391943 Can't find resource for bundle java.util.PropertyResourceBundle, key wrongSOAPEnvtag
6453795 Authentication Context section of hosted providers is not localized.
6461079 Service schema allows to have duplicated AttributesSchemas
6308488 Error message logged on web container for every remote auth request
6452630 AM SecurID helper hard coded 7500 ms timeout for connection
6444541 Post authentication processing of logouts can fail in multi server environment
6478175 amsfo scripts fail when a non-default installation directory is used
6478361 amsessiondb script hardcodes AM_HOME to /opt/SUNWam(solaris)  and /opt/sun/identity(Linux)
6479248 maxSessions.jsp forwarded to users even though stats report active session below max limit
6479540 AccessManager sends incorrect PolicyResponse when ChineseCharacters are used in the URL as Query.
6480019 amconsole: Error is shown during remove member from group created on new console
6484947 Critical ACIs are removed from Directory Server by amtune scripts thereby opening up a security hole
6386378 Kerberos auth error using Windows Desktop SSO in Access Manager 2005Q1
6491021 Creating users starting with '#' creates two uids
6407995 Auth/Session : IP address checking in session does not work under certain conditions
6482886 perftune/amtune do not work in zones install
6406919 AM /amconsole: Password is visible in logs, in URL
6399168 LDAPRoles membership evaluation throws NullPointerException if the user does not have any role
6441961 Sub-realms not created with the proper set of services
6442520 Session upgrade does not work in case of remote Authentication
6447532 AM7 clientsdk javadoc missing doc for package com.sun.identity.idm
6449573 LDAPv3Repo: All attributes available are pulled from the datastore
6452758 When switching orgs with auth, Authentication Exception is thrown due to incorrect handler
6456504 Cannot start server if an entry in server or site list does not have port number or has trailing /
6457138 Setting ignoring profile no longer has effect
6458905 Authentication chains: JAAS state sharing were incorrect executed; Sharing works for up to two
6460002 SAML should support name identifier spi
6462310 Site Monitor assume -1 for default port number, if not specified
6464271 CCEditableList not working properly when trying to customize AM policy condition
6465657 Interaction Service request fails if the user does not allows one attribute
6467562 Filtered role name missing an "ou=service" in the container JASS Subject
6473199 Method onLoginFailure instead of onLogout of postprocess is not executed when user logs out
6476470 With 61 cookie domains, uwc fails with IE, with 121 cookie domains amserver/amconsole fails with IE
6477938 CDCServlet redirects to auth module base on auth URL cookie blindly if unique SSO token is enabled
6478255 Service Failover is working only for one direction
6483150 LDAPFilterCondition does not pick the policy config data defined at the realm where defined.
6485240 Need to specify realm when cdcservlet redirects to AM login
6485597 amadmin removeSubConfig fails if the subConfigName has /
6488432 Policy response to include issueInstant
6489514 CertAuth has problem in getting CRL if distPoint does not support post
6489518 CertAuth needs to use UPN value to map user profile
6489519 Thread based SiteMonitor impl needs to be ported as oob feature
6491371 Cert AuthModule sample missing
6494304 authschemecondition should support application idle timeout and force authn
6494643 7.0patch4 creates compatibility issue among agent, sdk client and server
6495781 wsc sample cannot write bootstrapping info therefore sample failure
6498405 Some Chinese Characters are not allowed when creating AM managed groups
6498902 policy client sdk should clear policy decision with advice on first use
6499264 Need AuthInstant for every authenticated module Instance
6499268 Support for "ForcedAuth" using Composite Advice and URL parameter
6503831 Distributed Authentication UI to support Composite Advices
6513642 amtune creates a /tmp/dspasswd file which is world readable
6513655 Profile attribute set to "Ignore" doesnt give access to console to TopLevelAdmin Roles
6513697 Enabling Basic Authentication in IIS6 agent
6517760 Installation/Configuration  of multiple J2EE Agents in Web Logic Server
6518919 Client Authentication is broken and unknown "a109" attribute notices in CertAuth Module Config
6524926 ldapsearch command is failing while executing updateschema.pl
6410312 Excessive directory server calls made by idrepo during policy evaluation
6442818 Change in filtered roles does not affect policy cache - old decisions are used until cache expiry
6513653 Issue with value modified for com.iplanet.am.session.purgedelay
6515502 LDAPv3 Repo plugin does not handle "Alias Search Attribute" correctly
6529205 Endusers not able to access the profile thru console  in legacy mode with a filter role
 
(from 120955-04)
6463730 XSS vulnerability with the goto and gx-charset parameters
6463779 DistAuth's amProfile_Client and AM Server's amProfile_Server get filled with harmless exceptions
6435889 Method Session.getSession fails because RestrictedTokenContext is not set
6463796 Disabling iPlanetAMClientDetection service for genericHTML prevents access to any AM HTML page
 
(from 120955-03)
6327802 Policy does not support Active Directory group as policy subject
6406729 Mixed-case static role from ldapv3 datastore causes duplicate JAAS Principals on agent container
6406621 amsfo script always starts the default instance instead of the JMQ instance in the amsfo.conf
6408727 amsfo should have an option to include amsessiondb arguments
6413030 LDAP Auth module creates new thread for each request if primary LDAP server is down
6416012 SAML2 auth module is wrongly treated as pure JASS module
6351948 .version file not showing the correct product name
6400814 Erroneous caching of a condition evaluation
6419295 Connections to LDAP server not disconnected after bind(amldap) user auth failure
6381655 An enhanced upgrade script with error checking is requested
6384492 Upgrade script does not validate passwords
6215016 module parameter in url cannot be carried into new org login page
6331016 Logging out of a server using a remote session does not destroy the session
6323368 AMUser.addEventListener does not notify and throws Exception
6388327 AMEvent objects created without the sourceDN
6389196 LDAP connectionpool should be indexed with DS root suffix
6422901 Auth NPE  when user/passwd is null
6339025 UserID & Password validation plugin is not fully functionning when defined at the organization level
6409584 Multiple AMObjectImpl are not registered in the AMEvent mechanism
6422875 Auth should  always set the lbcookie value with the server ID
6422877 Policy client are not sticky to the Server
6422878 Session Client does not replay the amlbcookie in the requests
6422879 Client sdk does not replay the amlbcookie
6389564 Repetitious successive queries on role memberships of user in an ldapv3 data store, during AM login
6418545 IdRepo cache is not getting updated after modifying the agent configuration
6379325 Accessing console during session-failover throws NullPointerException
6426044 Naming url fail-over issue with J2EE Agent
6426050 Delay in Detecting Site Failure - SiteMonitor URL Connection Issue
6426055 User getting 403 error in case of site failure instead of automatic redirection to Login page
6426056 Jaxrpc URL is not failing over to the other site, when primary site goes down
6422876 Dist auth does not set the amlbcookie from the server, it sets its own amlbcookie
6429368 Session contraint not enforced when top-level admins exempt in Session configuration in Console
6373599 Need to modify session code to migrate AM SDK apis to IDRepo interfaces
6321616 AuthnContext Not Correctly Handled in AuthnRequest and AuthnResponse
6389019 Authlevel/authentication context class ref is lost if no fedCookie present
6413597 Session Failover is not working when ignore user profile is turned on
5088144 amadmin can`t remove an Entity Descriptor of a Provider
6362300 Need to make it easy to create dual hosted entity (both SP & IDP)
6411060 Profile attributes, dn and entrydn, are not returned to the Agent with amSDK repo plugin
6390379 Normal user console login emits warning message with exception in amIdm debug file
6430126 Logout displays "Auththentication Exception" if user session is recovered in SFO mode
6445678 Cannot set Liberty ID-FF version with amadmin when creating a provider
6349244 Misconfiguration in Realm Data store or authentication repository causes console to become inaccessible
6374669 Change of bind DN in the LDAPauth does not take effect until server restart
6382633 Policy Client does not create APPSSOToken when APPSSOToken is invalid
6386277 Dist-Auth not capable of destroying http-session on logout/timeout of session on AM server
6395463 SSOToken.getPrincipal().getName() does not return an user DN
6410007 Duplicate searches made by IDRepo
6413589 7.0 patch2 - Authentication fails in session upgrade case with NPE
6419838 jaxrpc failover not working properly with multisite failover
6421328 Session Polling does not work as expected
6423547 Call to SSOToken.getPrincipal().getName() does not return valid DN
6423781 samlp:Responder code is not processed correctly in single logout service
6425383 amadmin input user shouldn't be case sensitive
6426505 User account unusable after two SP users federate with same IDP user
6426508 Need to detect case when federation information does not exist on SP side
6426515 Need to return correct error code to caller in case of account lockout
6426517 Need to return special status code in case account lockout in SP side 
6426900 Setting up CDSSO configuration with Policy Agent 2.2 on Web Logic 8.1 SP4
6428296 SAML artifact profile doesn't pass all the parameters in TARGET url
6429236 Click on user level services throws ERROR Processing the request
6429610 Unable to create SSO token in ID-FF single sign-on use case
6429932 Problems with Password Reset Service for users under OU in 7.0 Legacy Mode
6431798 Permission to perform the service operation denied
6432893 Single Logout causes preLogin process if no session exists
6432969 Support for ID-WSF1.1
6433637 Site Monitor has to check all server down case
6434881 Get LDAP error when loading accountLockoutData.xml
6435983 J2EE Policy Filter mode stops working with AM 7.0 Patch 3
6436152 (legacy mode) amconsole: error on next page select for agents
6436482 LDAP module failover hangs when primary server is down
6436910 Distribted authentication UI web application makes 2 calls to AM server when invoked as 0 page login
6436913 User profile set to "Ignored" causes problem to Distributed Auth and J2EE agents
6437042 Patch add replcaes amsfo and amsfo.conf replaces the original file
6437423 ID-FF Name Registration failed using HTTP Redirect profile
6440691 DistAuth configuration required explict JAXRPC url end point in case of multisite configuration
6443758 Persistence Cookie functionality broken after applying patch 120954-02 on AM 7 with 120954-01
6444030 DistAuth has to support CertAuth
6440697 Dist Auth running as non-amAdmin user - remote SM read exception
6385184 Re-direct from within a custom auth module when SSOToken is still in INVALID STATE
6385185 PostAuthModule must be able to override the "goto" URL and specify a different URL
6370363 IDFF : RelayState with > 1 query parameters fails SSO
6450565 Console does not display People Containers with non default naming attribute
6449563 LDAP authentication: Header Replacement does not work
 
(from 120955-02)
6330306 Access Manager SDK HttpsURLConnection uses a plain socket when retrying a failed connection
6342097 When Cert CRL is enabed, too many LDAPConnections open and never get closed, this causes memory leak
6345189 Web agent has to get right naming table even when it is configured with multiple LBs
6351524 LDAP search time during policy evaluation is too long when there are thousands users in a group
6244578 AM should warn user that the browser cookie support is disabled/not available
6360631 Session not terminated through session management
6319028 Clientsdk does not handle exceptions in the SOAP message
6282777 Implementing TTL on amsdk cache
6337063 Adding a sub-organistation using Access Manager 7.0 in JES4 breaks the gateway and Access Manager
6293673 Need to retain the original session information when sending out session timeout notification
6369414 Not able to get session property in token listener callback after timeout
6357625 ID-FF 1.1 AuthContext includes AuthContextComparison
6299621 Legacy mode:Get Invalid user's location when login as an admin user that created from newconsole
6349253 PostProcessor and a custom policy condition classes, set attibutes to the SSOToken, they are lost
6352008 SOAP object does not set the SOAPAction header when transported over HTTP(s) in the SAML request
6269858 AM SDK Cache/ID Repo Cache - Cache size grew substantailly b.w 6.3 and 7.0
6328018 Authentication instance still displayed after being deleted
6340918 Dynamic group/Membership Filter is not updated after saving the changes
6348888 SDK does not check if the IDRepo Plugin supports role memberships
6349962 After removing "AMSDK" plugin in root realm, "amadmin" cannot view the administration page
6356127 Remote Auth does not work if Access Manager instances are running behind a non-sticky load balancer
6359266 DistAuth Fails in the session upgrade scenario
6361191 Trouble to deploy the war of Distributed Authentication on BEA WebLogic
6362232 AM 7.0 patch 1: Client SDK installations cannot be patched
6362297 Wrong entity ID is sent in case of failed single logout
6366219 Policy Evaluation failure with cn as search attribute
6369341 Need to set Attributes passed down from IDP in Assertion as properties on SSO token on SP side
6370252 Distributed Auth after patch1: Click to relogin after logout gives 500 error
6370350 Dist Auth Not working after failed auth - unable to clear authContext /unable to invalidate session
6370360 Attribute based authZ - add LDAPFilterCondition support to AccessManager
6371584 Distributed Auth after patch 1 cannot loadbalance across dist-auth servers
6371762 AM7 console exception for user with multiple roles, user cannot use console
6373328 Provide correct notification URL in the Makefile.distAuthUI
6373458 Unable to modify "iplanet-am-session-quota-limit" for user in ldapv3 data store
6374846 AM 7.0 Group Members filter only works with *
6376650 New authentication services are displayed in the the global (config) section
6373302 Unable to load /portal web application after AMSDK upgrade
6368218 Login fails since Auth throws Null Pointer Exception
6369745 Auth framework needs to append suffix to user principal in case of ignore profile
6350126 Add "User profile" core authn parameter to session
6380680 Destroy Session is not working in LB setup for AM7.0
6269853 User id is null when user id or password is null
6354073 Certificate Mapping authentication module is not flexible
6320046 User name is displaying as 'null' in the Lockout notification mail
6385729 NPE in 7.0 if Federated Identity where in IDP and SP act simultaneously
6340625 JVM option java.util.logging.manager=com.sun.identity.log.LogManager being set in Websphere's xml
6384339 Policy decision returning more than expected ldap attributes 
6384379 LDAP atttribute names returned from AM are in lower case 
6385696 Existing and new IDP's and SP's are not visible
6367058 UWC SSO fails after applying 7.0patch1
6388549 Server hangs forever when one of the LDAPv3 plugin config is incorrect
6369227 Cert auth module maps full cert subject DN to LDAP attribute value
6385710 Single Logout Request causes Server Error
6396409 LDAPv3 datastore against sun DS keeps looping the psearch connections
6396913 ldapv3 getAttributes call fails if naming attribute is multivalued, resulting in login failure
6397102 LDAP Connections abandoned by LDAPv3 plugin if wrong user password is specified for datastore 
6396494 Removing users from static groups with amadmin fails
6387712 Notification requests can cause a build up of close_wait connections
6202135 Auth taglib target attribute incorrectly quoted
6236892 Image/Text place holder while CDCServlet is processing the AuthNResponse after Login
6283582 Num of login failures are not shared across AM instances
6363157 Need to disable unnecessary persistent searches which affect performance
6402490 DSTModify Operation throws exception 
 
(from 120955-01)
6289589 Incorrect ldap server info is causing the UI not to display the LDAP related subjects in console
6295075 legacy: Reset button does not work for Client Detection/edit page
6204679 amadmin failed with no specific error message for a valid xml file but with uppercase suffix
6273148 Could not add/delete/modify discovery service resource offerings
6246905 Wrong error msg for Single Sign-On Failure Redirect URL
6291287 Policy UI for condition by auth level displays wrong values for auth level
6310356 amwas51config incorrectly using WL8_PROTOCOL when setting values for naming and notification URL's
6298462 amsfoconfig fails on linux 2.1 server
6298433 amsfoconfig has incorrect permissions on linux 2.1
6292616 AM sdk clients need restart after svc schema change
6305268 Problem with idrepo ldapv3 plugin and openldap
6308982 Need population of module specific customized error message and error template via Auth remote API
6309830 Adding more amadmin properties in the console is changing the amadmin user password
6296108 realm: Exception error when selecting a user from a new Realm contains the default v3 info
6313117 Client SDK (amclientsdk.jar) throws error messages that permission denied for reading config data
6294440 LDAP authentication module can prompt user to change their password prematurely
6320475 com.iplanet.am.session.client.polling.enable on server side must not be true
6306605 AM does not deploy on WebSphere with non-default URI's
6318296 Can't remove Session Service configuration for a subrealm
6311985 CDC: CDC Servlet redirecting to the invalid login page when Policy condition is specified
6325343 amclientsdk.jar doesn't handle localized content in utf-8 properly
6325333 Request to add InternalSession.getObject/InternalSession.setObject() methods
6309907 postprocess plugin defined for a Named config does not execute for role based auth
6328396 IDrepo Gives exception while storing new attribute with LDAPV3 plugin
6324349 JAXRPC classcast exceptions cause initialization failure for portal webapp
6295524 amwl81config: typo prevents wireless_rendering.jar and wireless_rendering_util.jar from being used
6306833 Modification notification mail is sent when other attribute is changed
6303975 Memory leak in distributed Auth
6330678 IdRepo doesn't cache sub entries of ou=users,ou=default,ou=globalconfig,ou=1.0,ou=sunidentityreposit
6330687 There are 4 directory searchs for each authentication
6314342 Unnecessary object creation of Notification/NotificationSet in session service cause perf. problem
6281358 AM legacy mode: Deletion Notification does not work
6293720 legacy: Created groups is not placed under Groups container
6294618 After first click on Directory Management tab, sub-tabs do not appear
6295081 legacy: Should prevent Orgs, Containers, People Con, user,roles to be created under grp Container
6295834 Changing password via console with debug 'message' logs changed password in amProfile
6303917 Deprecating SiteAttributeMapper overwrites new PartnerSiteAttributeMapper in SAML
6321128 Special characters (&) in SAML statements should be encoded
6323367 AM70 does not allow customers to get the uuid through command line or console
6323608 AuthContext object instances/bytes linger/leak even after user logouts and session/idle timeouts
6326050 Session event should be sent when the pre-authentication session times out
6326634 SAML: Duplicate Trusted Partner console edit errors
6327691 UrlAccessAgent SSOToken is expiring as the Application module does not return the special user DN
6327836 Distributed Authentication service to be not required to stick to one server for LB deployments
6328362 Federation performance is slow campared to 6.3
6330679 Auth model cannot be created during to lack of page session data
6330685 Include AM Server healthcheck JSP within services.war
6330747 Unable to assign Named Config(created in sub-realm) to a role
6333870 Adding a DNS/Aliases name to an organization from the Access Management will give LDAP error
6335137 Session notification is unnecessarily being sent to AM server itself
6337106 Ability to disable DNS Lookup
6337701 Realm/Subjects/Role doesnot contains a General page
6338418 Universal ID disappeard when Save button is pressed
6338582 SSO fails for federation
6340418 Logout fails after federation termination
6341737 AMSDK call to AMUser.getAttributesByteArray() returns empty if called after AMUser.getAttributes()
6342313 Login as an org admin user when click on Directory Manager link will get user page
6349959 Adding "role=read,create,edit,delete" to LDAPv3 IdRepo plugin causes IdRepo to fail
6343531 Deleting service leaves amconsole unusable and service partially deleted
6352076 WL8.1 SP4: Access denied while accessing any resource first time in cdsso setup
6356879 amadmin gives access to AM even with invalid user/password
6350573 Distributed Authentication Does not work when deployed in Production mode in Bea WebLogic Server
6334633 Inconsistent AM-SDK Global Schema Cache behaviour
6346904 Session Polling could hang the server under high load
6346908 Session Destroy or logout on the client sdk does not work properly
6342223 Session cache has no way to cleanup client cache when notifications are missed
6341686 Adding all groups to a user get error " Error [Ljava.lang.Object;@1d8be60"
6336904 Authentication service should not be required to stick to one server for LB deployments
6295078 legacy:Cannot delete an organization that created under a container
6307920 Special characters (&) in SAML statements should be encoded
6345362 Server failed to start if com.sun.am.event.connection.idle.timeout is set to a non zero value
6366215 IDRepo unable to search based on "cn" - LDAPv3Repo unable to search with respect to naming attribute
6363399 Policy evaluation fails for LDAPV3 filtered role
6342725 idrepo cache not updated
6356473 Gateway does not come up on a separate node after installation
6346918 cookie name property is missing in AMClient.properties since AMClientSDK is not working
6347568 amclientsdk webapp is not working the amclientsdk.jar file is missing in the war file built.
6356670 java.lang.NullPointerException in amSecurity debug logs
6356715 Auth Remote API gives error due to failure in retrieval of internal session from session ID on server
6337160 IdRepo calls SMS for every operation, leading to performance issues


Patch Installation Instructions:
--------------------------------
 
Backup following files:
 
For Solaris 8 and 9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
        example# patchadd /var/spool/patch/120955-12
 
The following example removes a patch from a standalone system:
 
        example# patchrm 120955-12
 
For additional examples please see the appropriate man pages.
 
After the patch is installed or removed, AM applications need to be
redeployed. Please refer to release notes rel_notes.html for more
details.


Special Install Instructions:
-----------------------------
For Access Manager 7.0 patch 9 and higher, there is a dependency on the 
following LDAP JDK patch, which needs to be installed prior to installing 
AM patch
 
platform                patchid
----------             --------------------------
solaris sparc, x86      119725-06 or higher
Linux                   120834-04 or higher
windows                 138905-01 or higher
 
 
For Access Manager Server specific patch information and patch installation
instructions, refer to the included patch release notes file, rel_notes.html,
located inside the patchID directory once the file has been unzipped.
 
The patch release notes include must read information including installation
information, redeployment instructions, instructions on how to deal with
customized auth jsp files and workarounds for known issues and limitations.


README -- Last modified date: Saturday, November 10, 2012