OBSOLETE Patch-ID# 126357-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: access manager, am7.1, jes5, java_es-5, security
Synopsis: Obsoleted by: 126357-04 Sun Java System Access Manager 7.1 Solaris_x86
Date: Jun/19/2009


Install Requirements: NA

Solaris Release: 8_x86 9_x86 10_x86

SunOS Release: 5.8_x86 5.9_x86 5.10_x86

Unbundled Product: Sun Java System Access Manager

Unbundled Release: 7.1

Xref: This patch available for sparc as patch 126356-03, for Linux as patch 126358-03

Topic:

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
635043812142464
638771212153677
640917612160015
640960012160129
643588912167913
644252012169765
645650412173477
646078012174576
647104612177973
647257412178496
647277412178536
647319912178717
647408912178976
647685212179879
647689912179887
648523712182220
648569512182332
648672412182572
648684312182591
648788012182870
648843212183018
649070312183655
649430412184782
649464312184927
649529312185063
649615512185323
649840512186152
649890212186305
649926412186444
649926812186445
650086812186844
650117812186891
650370612187534
650437712187709
650644812188199
650756812188511
651365512190177
651504312190611
651550212190720
652138912192121
652156512192150
652356512192712
652368112192736
652467812193007
652471312193010
652479612193021
652485412193049
652578312193271
652854912194013
653231112194876
653296712195067
653818112196406
653909012196633
654162212197344
654169512197356
654268612197615
654362012197961
654362312197963
654362512197965
654362612197966
654409212198075
654417712198099
654458512198218
654564512198464
654706112198827
654744012198940
654795812199094
654963912199521
655026112199664
655221812200099
655437212200551
655960312201576
656093112201888
656241412202236
656310412202426
656412112202656
656720012203430
656746912203496
656827812203686
656891112203794
656940312203908
656987012204059
657002112204099
657002212204100
657002512204102
657189712204576
657252512204707
657308012204822
657531212205419
657633912205671
657657112205742
657741412205968
657792912206068
658123012206694
658387712207282
658479412207466
658496012207484
658544412207577
658703812207990
658755312208104
658762712208119
659124512208990
659133012209013
659179112209153
659231112209282
659242612209297
659288412209417
659607812210119
660005712211047
660032512211126
660033112211131
660181912211475
660313712211774
660322812211806
660789212212872
660900312213123
660988612213264
661051912213392
661190912213657
661269112213853
661896112215292
661990612215506
662074612215675
662105312215787
662105512215788
662180212215956
662678612217156
662723012217278
662823512217490
662911012217781
663427612219391
663634112219960
663760012220285
663865212220570
664487912222080
664732412223062
665175712224384
665183212224396
665314412224651
665674412225552
665710212225710
665711212225712
665766712225899
665858612226123
666313512227451
666515512228025
666618712228319
666624412228328
666691212228474
666726712228582
666775612228694
666804612228774
667181512229825
667353812230328
667454412230643
667468812230663
667744012231467
668960112234812
669315212235797
669416212236124
669824712237153
669844712237174
669916612237362
670072212237697
670279712238087
670682112239049
670760412239256
670977112239977
671005812240071
671299312240869
671314712240896
671357912240998
672215612242874
672658312243864
672768712244089
672953512244423
673745912245934
674007112246474
674085212246641
674535312247453
674640612247629
674663412247659
674811712247993
674965612248330
675419512249417
675441912249443
675485212249503
675486312249506
675580112249697
675607912249726
676162712251048
676340112251485
676636312252160
676867812252700
676931612252832
677012012253040
677023112253057
677103812253223
677398612253917
677661312254566
678252912256685
678587712257568
679143712258942
679189812259027
679530812259817
679693912260296
679711212260324
680429412262009
681103612263513
681697312264877
681703712264894
681734412264967
681842312265180
683276312268441
683276512268443
683737212269470
684449012270964


Changes incorporated in this version: 6791898 6791437 6748117 6770120 6754419 6387712 6515502 6768678 6782529 6637600 6521565 6607892 6456504 6496155 6763401 6797112 6773986 6620746 6677440 6471046 6698247 6754852 6700722 6771038 6785877 6653144 6486724 6702797 6770231 6722156 6756079 6776613 6746634 6749656 6754195 6709771 6796939 6811036 6350438 6804294 6795308 6754863 6817037 6844490 6816973 6769316 6817344 6832763 6832765 6435889 6837372 6818423 6755801

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/etc/opt/SUNWam/config/AMConfig.properties.template
/etc/opt/SUNWam/config/com.sun.cmm.am.xml.template
/etc/opt/SUNWam/config/ldif/am_remote_ad_schema.ldif
/etc/opt/SUNWam/config/xml/template/amAuth.xml
/etc/opt/SUNWam/config/xml/template/amAuthCert.xml
/etc/opt/SUNWam/config/xml/template/amDelegation.xml
/etc/opt/SUNWam/config/xml/template/amDisco.xml
/etc/opt/SUNWam/config/xml/template/amSession.xml
/opt/SUNWam/bin/amadmin.template
/opt/SUNWam/bin/amas70config
/opt/SUNWam/bin/amas81config
/opt/SUNWam/bin/amconfig
/opt/SUNWam/bin/amsamplesilent
/opt/SUNWam/bin/amsdkconfig
/opt/SUNWam/bin/amstaging
/opt/SUNWam/bin/amsvcconfig
/opt/SUNWam/bin/amtune/amtune-directory.template
/opt/SUNWam/bin/amtune/amtune-env
/opt/SUNWam/bin/amtune/amtune-identity
/opt/SUNWam/bin/amtune/amtune-os
/opt/SUNWam/bin/amtune/amtune-prepareDSTuner
/opt/SUNWam/bin/amtune/amtune-utils
/opt/SUNWam/bin/amutils
/opt/SUNWam/bin/amwas51config
/opt/SUNWam/bin/amwl81config
/opt/SUNWam/bin/amws61config
/opt/SUNWam/bin/amws70config
/opt/SUNWam/dmy
/opt/SUNWam/docs/am_public_javadocs.jar
/opt/SUNWam/dtd/remote-auth.dtd
/opt/SUNWam/include/am.h
/opt/SUNWam/include/am_log.h
/opt/SUNWam/include/am_map.h
/opt/SUNWam/include/am_types.h
/opt/SUNWam/include/am_utils.h
/opt/SUNWam/include/am_web.h
/opt/SUNWam/lib/am_logging.jar
/opt/SUNWam/lib/am_sdk.jar
/opt/SUNWam/lib/am_services.jar
/opt/SUNWam/lib/am_sessiondb.jar
/opt/SUNWam/lib/am_sso_provider.jar
/opt/SUNWam/lib/amclientsdk.jar
/opt/SUNWam/lib/authapi.jar
/opt/SUNWam/lib/identity/console-war/WEB-INF/lib/am_console.jar
/opt/SUNWam/lib/libamsdk.so.2
/opt/SUNWam/lib/libxml2.so.2
/opt/SUNWam/lib/log4j-1.2.8.jar
/opt/SUNWam/lib/xmlsec.jar
/opt/SUNWam/locale/amAuth.properties
/opt/SUNWam/locale/amAuthCert.properties
/opt/SUNWam/locale/amAuthLDAP.properties
/opt/SUNWam/locale/amConfigurator.properties
/opt/SUNWam/locale/amConsole.properties
/opt/SUNWam/locale/amDisco.properties
/opt/SUNWam/locale/amSession.properties
/opt/SUNWam/locale/amSessionDB.properties
/opt/SUNWam/locale/amWSSecurity.properties
/opt/SUNWam/locale/serviceDefaultValues.properties
/opt/SUNWam/share/bin/amwar
/opt/SUNWam/war/Makefile.distAuthUI
/opt/SUNWam/war/README.distAuthUI
/opt/SUNWam/war/amauthdistui.war
/opt/SUNWam/war/amclient.war
/opt/SUNWam/war/console.war
/opt/SUNWam/war/services.war
/opt/ace/data/rsa_api.properties
/opt/ace/data/log4j.properties

Problem Description:

6791898 "No such Organization found" shown when primary LDAP is stopped
6791437 Sun Java SAM 7.1 Distributed Auth UI session timeout re-login URL incorrect
6748117 AM71 losing the realm context when using the return login link
6770120 AM 7.1sp1 console bug can lock out amadmin account permanently
6754419 AM server does not send password expired error to remote client
6387712 Notification requests can cause a build up of close_wait connections
6515502 LDAPv3 Repo plugin does not handle "Alias Search Attribute" correctly
6768678 Can not access user profile of users not in the default people container
6782529 updateschema.sh script is required to make schema changes after applying a patch
6637600 psearch connections to directory server not terminating resulting in resouce crunch and even crash
6521565 Agent fails if agentRootURL list has a non dns hostname
6607892 Access Manager will not follow goto URL from logout page when session has expired
6456504 Can not start server if an entry in server or site list does not have port number
6496155 Use a restriction token other than the IP address in cookie hijacking feature
6763401 Updating "primary ldap server" of policy configuration on amconsole causes two MOD operations in ldap
6797112 A user is not locked after password reset failure attempts
6773986 Warning message not displayed on login failure before the user lockout
6620746 Memory leak causing heap growth in Policy Evaluation tests
6677440 Probable XSS vulnerability in the cdcservlet
6471046 AuthLoginException message not meaningful when authenticating user is locked
6698247 Access Manager Radius Authentication Module lost uid between access_request and access challenge
6754852 AM7.1 DAUI does not work with basic auth
6700722 Don't kill old session during session upgrade
6771038 JESMF auth module integration does not recognise custom modules
6785877 Clear text passwords in debug files when using message level debugging
6653144 Exception handling around LdapSPValidator and DNOrIPAddressListTokenRestriction is poor
6486724 secure cookie flag should be set in CDSSO/cookie hijacking scenario
6702797 Problem with new line chars in authContext during authentication
6770231 goto URLnot validated
6722156 NullPointerException in post auth plugin
6756079 Randomly, some users cannot log in Access Manager despite their login and passwd being correct
6776613 As session timed-out, session time out page is not displayed
6746634 Policy is created but ineffective until AM restarted
6749656 Updating service schema for filtered role privileges
6754195 LDAP servers not correctly closing sockets can cause AM server to hang
6709771 federation session map is not cleaned up if sessions are timed out
6796939 Application based session time out is not working via Dist. Auth
6811036 After upgrade from JES4 cannot login as amadmin in coexistence mode - authentication module is denied
6350438 AM hang under peak load caused by LDAP access within synchronized block
6804294 AM7.1 console does not function correctly if the LB host name resolves to an unreachable IP address
6795308 CDCServlet can make advice available to the wrong client
6754863 amclientsdk bundled with agent 2.2hp5 and 7 has backward compatibility issues
6817037 AM 7.1 cert auth module is not able to use "X509v3 Subject Alternative Name"
6844490 Need to bundle in latest C-SDK into AM server
6816973 User matching is not checked in Session Upgrade case
6769316 Zero page login does not work with distributed authentication
6817344 DA could inadvertently make a connection to an untrusted host
6832763 updateschema.sh script does not take inputted DS host and port
6832765 amconfig after patch install (7.1patch2) gives cryptic error related to Cacao/JMF
6435889 Method Session.getSession fails because RestrictedTokenContext is not set
6837372 "No such Organization found" page shown when primary LDAP is stopped, in legacy mode
6818423 Severing LDAP connection causes sporadic login failure
6755801 AMSDK does not failover to secondary DS if primary DS is down in legacy mode 
 
(from 126357-02)
6619906 AM 7.1 REALM mode: authentication with Unix/SecurID does not pull user profile
6539090 User Based Authentication shows incorrect profile post authentication
6740852 Configuration Items in console can show information
6689601 SAML errors while parsing Assertions "verify AssertionAndGetGSSMap : missing or extra
6665155 AM 7.1 has issues if sub-realm has 2 Active Directory datastores
6712993 Information issue in access manager login
6740071 Zero Page authentication is putting the cookie in the URL
6644879 User can login with empty password in AD module in special case
6636341 AM 7.1 Password Reset Service not showing errors
6603228 Access Manager KeyProvider needs option to use types other than JKS format
6600331 Make composite advice available to underlying authentication modules
6600325 Persistent cookie support
6707604 AMSDK API search control issues with the creation of new instance of search in AM 7.1
6710058 AM 7.1 User can login to amconsole using uid with wildcards such as "amadmi*" or "amad*"
6713147 NPE appears in agent debug log when CDSSO is enabled in J2EE Agent 2.2-01
6713579 ClientTypeManager is not initiated if client detection is disabled
6726583 WebtopNaming.getPlatformServerList() returns empty Vector sometimes during saml2 perforance testing
6727687 Method getPrimaryConnection stops retry and returns a null
6729535 Remote logging fails if incoming request has empty recMsg
6737459 CDC servlet looses subrealm
6666244 Share persistence searches if host,orgdn and search filter are same
6667267 NPE if search attribute does not include amsdkdn
6667756 AMLoginModule should provide access to Account Lockout count
6671815 ProxyPolicyEvaluator doesn't work as expected in Sun Realms in AM 7.1
6674544 Thread lock in LDAPv3Repo
6674688 Need to support force auth
6694162 Sharing psearch can deadlock
6699166 AM 7.1 U1 - Session failover testing throws java.lang.ClassCastException error
6706821 Password reset policy in auth chain module(LDAP) causes authentication failure
6409600 ConcurrentModificationException in AMObjectImpl prevents AMEvents from being delivered
6651832 In Remote auth previous AuthContext is not set even if the request is a session upgrade
6657102 NameCallbacks defaultNames are not available in the dist auth UI
6657112 RedirectCallback not supported in the Remote Auth API
6657667 DistAuth UI cannot process more than 2 callbacks during one page only login
6485237 Need to be able to deploy CDCServlet on the Dist-Auth server
6663135 Remote auth API cannot handle special XML characters in callback values
6666187 CRL validation is not working in war deployment under appserver9.1
6647324 Login page localization does not work with DAUI for AM7.1
6621802 SecurID authentication support on Solaris/x86 platform
6627230 AM7.0 does not set session property UserId to the uid for Cert module
6629110 Under load testing, amconsole experiences memory leak
6745353 AM SDK does not failover to secondary DS properly
6746406 AD data store: Groups from sub branches of a DIT are not visible under Subjects
6761627 Subream admin can login as amadmin at root realm by creating user amadmin in sub-realm
6766363 Re-establishing ldap conn pool under load has problems/race conditions
6638652 amconsole breaks while managing custom attributes added to organizationAttributeSchema
6651757 MAP libraries missing from DAS application
6658586 AMStoreConnection.daysSinceModified() got incorrect days
6666912 DistAuth URI by default does not take you to Login page
6668046 SAMLv2 needs to support failover on Artifact SSO and SLO
6673538 Security permission is missing for CRL validation
6693152 amsdk jar files should include version number in the manifest file
6634276 ExceedRetryLimit message does not show correctly on AM7 with JA locale
6486843 Privileges cannot be defined for a filtered role
6409176 AM authentication issue when Account lockout is enabled in Directory Server
6538181 SMS layer does not update SMS cache when policy schema of a service is changed
6698447 Unnecessary debug error msg when safeword auth fails
6656744 Collection object is not synchronized
 
(from 126357-01)
6473199  Method onLoginFailure instead of onLogout of postprocess is not executed when user logs out
6488432  Policy response to include issueInstant
6494643  Compatibility issue among agent, sdk client and server
6494304  Authschemecondition should support application idle timeout and force authn
6442520  Session upgrade does not work in case
6498405  Some Chinese Characters are not allowed when creating AM managed groups
6513655  Profile attribute set to Ignore doesn't give access to console to TopLevelAdmin Roles
6460780  authN throughput improvements
6532311  Authentication validation rules should prompt user password and not deny user
6541695  Post-auth plug-in changes to support Sharepoint
6507568  LDAP AuthModule does not return correct error when password validation fails
6547061  Need to bundle in new xmlsec.jar due to incorporate fix for 6519471
6499264  Need AuthInstant for every authenticated module Instance
6499268  Support for ForcedAuth using Composite Advice and URL parameter
6498902  Policy client sdk should clear policy decision with advice on first use
6472774  Access manger console user/password does not match sdk installer
6474089  AMUserPasswordValidation class should not be invoked during initial authentication
6476852  Server runs out of PermGen space with several deploy/redeploys
6476899  Bundled AccessManager startup times are huge with JavaEE SDK B08
6485695  In realm mode creating a group creates an administrative role with set of ACIs which never get used
6487880  Authentication type field needs more explanation in online help
6490703  Missing document: Multi instance AM setup on top of DS in MMR without LB
6495293  Service not assigned to users properly using AD plugin
6500868  Exception thrown when debug mode is set to message on client side
6501178  Exception in thread AMTimer
6503706  ClassCastException when trying to get binary attribute
6504377  New user created with AD plugin is inactive
6506448  NPE when doing AMIdentity.modifyService
6515043  The AM and portal server auto configuration failed when installing on zh_TW and es locales.
6521389  Appclient projects require sun-acc.xml to include the AMClientProvider provider-config element.
6523565  Server sample fails to run
6523681  Using an empty username for UserNameToken profile exposes a security hole
6524678  Readme.txt in the SDK install/addons has to be updated.
6524713  Impossible to login to AS Adm. GUI after the execution of java -jar am-configurator.jar
6524796  Deletion of subconfiguration fails when the config name has special characters.
6524854  Document install procedure for application server multiple instances
6525783  AM security doesn't work when using custom keystore
6528549  Need a getBinaryServiceAttribtues api for AMIdentity
6532967  com.iplanet.am.sdk.caching.enabled default value is documented incorrectly
6541622  Auth should not make call to DS for user search when username contains NOT allowed pattern
6542686  Unable retrieve schema info from AD
6543620  Access Manager Policy Agent profiles should be able to apply a digital signature to the service req
6543623  AM Policy Agent profiles should be able to encrypt SOAP request body and SOAP response body
6543625  UserName token authentication should be able to authenticate against a configured LDAP module.
6543626  SOAPRequestHandler should return SSOToken set in the Subject, in addition to X509
6544092  Service schema file for AD
6544177  When using X509 token with an invalid certificate AM always accepts the cert even without root ca
6544585  Unable to login with agent
6545645  New AMIdentity constructor does not work when token has no uuid.
6547440  Verification of unsigned response is passed
6547958  AMSDK doesn't fallback to primary directory server once primary comes up
6549639  Typo in Postinstallation Guide for Single War Deployment
6550261  Additional jar file is required for war generated by config later option
6552218  Restricted token (anti-hijack prevention mode) doesn't work in federated environment
6554372  Dist Auth broken in Websphere and Weblogic
6559603  Need to add boolean configuration flag for request signing
6560931  The provider-id for the Anonymous security mechanism in the provider-config is incorrect
6562414  Incorrect dynamic attr value returned by AD plugin
6563104  AM security fails when running against jdk1.5 on Solaris, Linux and MacOS
6564121  AM 7.1 legacy mode with AS 9.0 J2EE Agent 2.2 doesn't return the requested roles.
6567469  AM can`t be configured properly using old installation contract
6568278  NPE in amclientsdk
6568911  Access Manager Username Token Profile OASIS standard mismatch
6569403  Request with no encryption is not validated
6569870  Addition Fields to Web Service Security Provider and Client Profile Page
6570021  Encryption support for SOAP messages with extra spaces or newline characters
6570022  Error in soapHandler.validateRequest during load testing
6570025  Need help with troubleshooting authorization based on X509 tokens.
6572525  Auto creation of WSS agents do not specify Agent type as WSC or WSP
6573080  System hangs under heavy load in the LdapConnectionPool
6575312  Auth configuration corruption in multi threaded scenario
6576339  Compiler error while deploying identity webservices samples
6576571  Issue with AM 7.1  timeout with(Distributed Auth module)
6577414  UserNameToken-Plain profile does not have a corresponding provider-config entry in domain.xml
6577929  Username Token Created element uses incompatible namespace
6581230  Console can not set response encrypt / decrypt flag value for WSC and WSP
6584794  Authentication Exception due to incorrect handler. 
6584960  Configurator.jsp fails to install on a DS suffix such as 'o=company'
6585444  Anoymous User in AM 7.1 when configured with Distributed Authentication throws server error
6587038  Datastore authentication does not enumerate through all datastore
6587553  DistAuth does not work with subrealms; displays 'Organization not found'.
6587627  FDQN is stripped to just the host name, needs to be preserved
6591245  Stalled Cookie Problem in Distributed Auth User Interface
6591330  Incorrect Lockout Handling
6592311  Auth makes three sms calls to config data store which is causing performance degradation
6571897  After PS installation was able to start AS, reach AS Admin GUI without passwords
6567200  AM7.1 cdcservlet is preserving the policy advice if the Web Server is reusing the same servlet
6592426  SessionServic.getSessionService call always enters the synchronized block even though not required.
6591791  amtune files for WS7 and utils are missing from the patch1 nightly ZIP file
6592884  Session stickyness not working with multisite configuration with WebAgents
6472574  Policy subject result cache is not cleaned up when receiving session notifications
6600057  AM does not report Session notification queue size in the stats.
6601819  Single war needs to support BEA WL 9.2 
6596078  Can not login to AM 7.1 with data store auth module if DS running on non-default port
6583877  IE7: The "continue" button doesn't work when registering a new user without inputting info. 
6603137  Can not create policy with time condition
6609886  AM hangs if Session notification queue is full
6495293  Service not assigned to users properly using AD plugin
6610519  When purge delay is set to 0 we still send two notifications timeout and destroy.
6609003  The usage is not displayed when using the syntax provided. amtune help
6612691  Missing functionalities in distAuth
6611909  realmqualified authscheme perapp timeout is not giving the access to the resource for valid auth
6618961  amadmin CLI sends 5 session validations req/sec for the same session handle
6626786  Server memory leak with repeated application SSOtoken creation and destroy
6621053  Client Certificate authentication broken on WebSphere
6621055  Client Certificate authentication failed on WebLogic
6628235  Single WAR web application cannot be configured with a root suffix with '&' char


Patch Installation Instructions:
--------------------------------
 
For Solaris 8, 9 and 10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/126357-03
 
The following example removes a patch from a standalone system:
 
       example# patchrm 126357-03
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
For Access Manager specific patch information and patch installation
instructions, refer to the AM 7.1 patch release notes that is available online.
http://docs.sun.com/doc/819-4683/gfotd?a=view
 
The patch release notes include important information including installation
information, redeployment instructions and workarounds for known issues and limitations.


README -- Last modified date: Saturday, November 10, 2012