OBSOLETE Patch-ID# 126357-03
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: access manager, am7.1, jes5, java_es-5, security
Synopsis: Obsoleted by: 126357-04 Sun Java System Access Manager 7.1 Solaris_x86
Date: Jun/19/2009
Install Requirements: NA
Solaris Release: 8_x86 9_x86 10_x86
SunOS Release: 5.8_x86 5.9_x86 5.10_x86
Unbundled Product: Sun Java System Access Manager
Unbundled Release: 7.1
Xref: This patch available for sparc as patch 126356-03, for Linux as patch 126358-03
Topic:
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6791898 6791437 6748117 6770120 6754419 6387712 6515502 6768678 6782529 6637600 6521565 6607892 6456504 6496155 6763401 6797112 6773986 6620746 6677440 6471046 6698247 6754852 6700722 6771038 6785877 6653144 6486724 6702797 6770231 6722156 6756079 6776613 6746634 6749656 6754195 6709771 6796939 6811036 6350438 6804294 6795308 6754863 6817037 6844490 6816973 6769316 6817344 6832763 6832765 6435889 6837372 6818423 6755801
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/etc/opt/SUNWam/config/AMConfig.properties.template
/etc/opt/SUNWam/config/com.sun.cmm.am.xml.template
/etc/opt/SUNWam/config/ldif/am_remote_ad_schema.ldif
/etc/opt/SUNWam/config/xml/template/amAuth.xml
/etc/opt/SUNWam/config/xml/template/amAuthCert.xml
/etc/opt/SUNWam/config/xml/template/amDelegation.xml
/etc/opt/SUNWam/config/xml/template/amDisco.xml
/etc/opt/SUNWam/config/xml/template/amSession.xml
/opt/SUNWam/bin/amadmin.template
/opt/SUNWam/bin/amas70config
/opt/SUNWam/bin/amas81config
/opt/SUNWam/bin/amconfig
/opt/SUNWam/bin/amsamplesilent
/opt/SUNWam/bin/amsdkconfig
/opt/SUNWam/bin/amstaging
/opt/SUNWam/bin/amsvcconfig
/opt/SUNWam/bin/amtune/amtune-directory.template
/opt/SUNWam/bin/amtune/amtune-env
/opt/SUNWam/bin/amtune/amtune-identity
/opt/SUNWam/bin/amtune/amtune-os
/opt/SUNWam/bin/amtune/amtune-prepareDSTuner
/opt/SUNWam/bin/amtune/amtune-utils
/opt/SUNWam/bin/amutils
/opt/SUNWam/bin/amwas51config
/opt/SUNWam/bin/amwl81config
/opt/SUNWam/bin/amws61config
/opt/SUNWam/bin/amws70config
/opt/SUNWam/dmy
/opt/SUNWam/docs/am_public_javadocs.jar
/opt/SUNWam/dtd/remote-auth.dtd
/opt/SUNWam/include/am.h
/opt/SUNWam/include/am_log.h
/opt/SUNWam/include/am_map.h
/opt/SUNWam/include/am_types.h
/opt/SUNWam/include/am_utils.h
/opt/SUNWam/include/am_web.h
/opt/SUNWam/lib/am_logging.jar
/opt/SUNWam/lib/am_sdk.jar
/opt/SUNWam/lib/am_services.jar
/opt/SUNWam/lib/am_sessiondb.jar
/opt/SUNWam/lib/am_sso_provider.jar
/opt/SUNWam/lib/amclientsdk.jar
/opt/SUNWam/lib/authapi.jar
/opt/SUNWam/lib/identity/console-war/WEB-INF/lib/am_console.jar
/opt/SUNWam/lib/libamsdk.so.2
/opt/SUNWam/lib/libxml2.so.2
/opt/SUNWam/lib/log4j-1.2.8.jar
/opt/SUNWam/lib/xmlsec.jar
/opt/SUNWam/locale/amAuth.properties
/opt/SUNWam/locale/amAuthCert.properties
/opt/SUNWam/locale/amAuthLDAP.properties
/opt/SUNWam/locale/amConfigurator.properties
/opt/SUNWam/locale/amConsole.properties
/opt/SUNWam/locale/amDisco.properties
/opt/SUNWam/locale/amSession.properties
/opt/SUNWam/locale/amSessionDB.properties
/opt/SUNWam/locale/amWSSecurity.properties
/opt/SUNWam/locale/serviceDefaultValues.properties
/opt/SUNWam/share/bin/amwar
/opt/SUNWam/war/Makefile.distAuthUI
/opt/SUNWam/war/README.distAuthUI
/opt/SUNWam/war/amauthdistui.war
/opt/SUNWam/war/amclient.war
/opt/SUNWam/war/console.war
/opt/SUNWam/war/services.war
/opt/ace/data/rsa_api.properties
/opt/ace/data/log4j.properties
Problem Description:
6791898 "No such Organization found" shown when primary LDAP is stopped
6791437 Sun Java SAM 7.1 Distributed Auth UI session timeout re-login URL incorrect
6748117 AM71 losing the realm context when using the return login link
6770120 AM 7.1sp1 console bug can lock out amadmin account permanently
6754419 AM server does not send password expired error to remote client
6387712 Notification requests can cause a build up of close_wait connections
6515502 LDAPv3 Repo plugin does not handle "Alias Search Attribute" correctly
6768678 Can not access user profile of users not in the default people container
6782529 updateschema.sh script is required to make schema changes after applying a patch
6637600 psearch connections to directory server not terminating resulting in resouce crunch and even crash
6521565 Agent fails if agentRootURL list has a non dns hostname
6607892 Access Manager will not follow goto URL from logout page when session has expired
6456504 Can not start server if an entry in server or site list does not have port number
6496155 Use a restriction token other than the IP address in cookie hijacking feature
6763401 Updating "primary ldap server" of policy configuration on amconsole causes two MOD operations in ldap
6797112 A user is not locked after password reset failure attempts
6773986 Warning message not displayed on login failure before the user lockout
6620746 Memory leak causing heap growth in Policy Evaluation tests
6677440 Probable XSS vulnerability in the cdcservlet
6471046 AuthLoginException message not meaningful when authenticating user is locked
6698247 Access Manager Radius Authentication Module lost uid between access_request and access challenge
6754852 AM7.1 DAUI does not work with basic auth
6700722 Don't kill old session during session upgrade
6771038 JESMF auth module integration does not recognise custom modules
6785877 Clear text passwords in debug files when using message level debugging
6653144 Exception handling around LdapSPValidator and DNOrIPAddressListTokenRestriction is poor
6486724 secure cookie flag should be set in CDSSO/cookie hijacking scenario
6702797 Problem with new line chars in authContext during authentication
6770231 goto URLnot validated
6722156 NullPointerException in post auth plugin
6756079 Randomly, some users cannot log in Access Manager despite their login and passwd being correct
6776613 As session timed-out, session time out page is not displayed
6746634 Policy is created but ineffective until AM restarted
6749656 Updating service schema for filtered role privileges
6754195 LDAP servers not correctly closing sockets can cause AM server to hang
6709771 federation session map is not cleaned up if sessions are timed out
6796939 Application based session time out is not working via Dist. Auth
6811036 After upgrade from JES4 cannot login as amadmin in coexistence mode - authentication module is denied
6350438 AM hang under peak load caused by LDAP access within synchronized block
6804294 AM7.1 console does not function correctly if the LB host name resolves to an unreachable IP address
6795308 CDCServlet can make advice available to the wrong client
6754863 amclientsdk bundled with agent 2.2hp5 and 7 has backward compatibility issues
6817037 AM 7.1 cert auth module is not able to use "X509v3 Subject Alternative Name"
6844490 Need to bundle in latest C-SDK into AM server
6816973 User matching is not checked in Session Upgrade case
6769316 Zero page login does not work with distributed authentication
6817344 DA could inadvertently make a connection to an untrusted host
6832763 updateschema.sh script does not take inputted DS host and port
6832765 amconfig after patch install (7.1patch2) gives cryptic error related to Cacao/JMF
6435889 Method Session.getSession fails because RestrictedTokenContext is not set
6837372 "No such Organization found" page shown when primary LDAP is stopped, in legacy mode
6818423 Severing LDAP connection causes sporadic login failure
6755801 AMSDK does not failover to secondary DS if primary DS is down in legacy mode
(from 126357-02)
6619906 AM 7.1 REALM mode: authentication with Unix/SecurID does not pull user profile
6539090 User Based Authentication shows incorrect profile post authentication
6740852 Configuration Items in console can show information
6689601 SAML errors while parsing Assertions "verify AssertionAndGetGSSMap : missing or extra
6665155 AM 7.1 has issues if sub-realm has 2 Active Directory datastores
6712993 Information issue in access manager login
6740071 Zero Page authentication is putting the cookie in the URL
6644879 User can login with empty password in AD module in special case
6636341 AM 7.1 Password Reset Service not showing errors
6603228 Access Manager KeyProvider needs option to use types other than JKS format
6600331 Make composite advice available to underlying authentication modules
6600325 Persistent cookie support
6707604 AMSDK API search control issues with the creation of new instance of search in AM 7.1
6710058 AM 7.1 User can login to amconsole using uid with wildcards such as "amadmi*" or "amad*"
6713147 NPE appears in agent debug log when CDSSO is enabled in J2EE Agent 2.2-01
6713579 ClientTypeManager is not initiated if client detection is disabled
6726583 WebtopNaming.getPlatformServerList() returns empty Vector sometimes during saml2 perforance testing
6727687 Method getPrimaryConnection stops retry and returns a null
6729535 Remote logging fails if incoming request has empty recMsg
6737459 CDC servlet looses subrealm
6666244 Share persistence searches if host,orgdn and search filter are same
6667267 NPE if search attribute does not include amsdkdn
6667756 AMLoginModule should provide access to Account Lockout count
6671815 ProxyPolicyEvaluator doesn't work as expected in Sun Realms in AM 7.1
6674544 Thread lock in LDAPv3Repo
6674688 Need to support force auth
6694162 Sharing psearch can deadlock
6699166 AM 7.1 U1 - Session failover testing throws java.lang.ClassCastException error
6706821 Password reset policy in auth chain module(LDAP) causes authentication failure
6409600 ConcurrentModificationException in AMObjectImpl prevents AMEvents from being delivered
6651832 In Remote auth previous AuthContext is not set even if the request is a session upgrade
6657102 NameCallbacks defaultNames are not available in the dist auth UI
6657112 RedirectCallback not supported in the Remote Auth API
6657667 DistAuth UI cannot process more than 2 callbacks during one page only login
6485237 Need to be able to deploy CDCServlet on the Dist-Auth server
6663135 Remote auth API cannot handle special XML characters in callback values
6666187 CRL validation is not working in war deployment under appserver9.1
6647324 Login page localization does not work with DAUI for AM7.1
6621802 SecurID authentication support on Solaris/x86 platform
6627230 AM7.0 does not set session property UserId to the uid for Cert module
6629110 Under load testing, amconsole experiences memory leak
6745353 AM SDK does not failover to secondary DS properly
6746406 AD data store: Groups from sub branches of a DIT are not visible under Subjects
6761627 Subream admin can login as amadmin at root realm by creating user amadmin in sub-realm
6766363 Re-establishing ldap conn pool under load has problems/race conditions
6638652 amconsole breaks while managing custom attributes added to organizationAttributeSchema
6651757 MAP libraries missing from DAS application
6658586 AMStoreConnection.daysSinceModified() got incorrect days
6666912 DistAuth URI by default does not take you to Login page
6668046 SAMLv2 needs to support failover on Artifact SSO and SLO
6673538 Security permission is missing for CRL validation
6693152 amsdk jar files should include version number in the manifest file
6634276 ExceedRetryLimit message does not show correctly on AM7 with JA locale
6486843 Privileges cannot be defined for a filtered role
6409176 AM authentication issue when Account lockout is enabled in Directory Server
6538181 SMS layer does not update SMS cache when policy schema of a service is changed
6698447 Unnecessary debug error msg when safeword auth fails
6656744 Collection object is not synchronized
(from 126357-01)
6473199 Method onLoginFailure instead of onLogout of postprocess is not executed when user logs out
6488432 Policy response to include issueInstant
6494643 Compatibility issue among agent, sdk client and server
6494304 Authschemecondition should support application idle timeout and force authn
6442520 Session upgrade does not work in case
6498405 Some Chinese Characters are not allowed when creating AM managed groups
6513655 Profile attribute set to Ignore doesn't give access to console to TopLevelAdmin Roles
6460780 authN throughput improvements
6532311 Authentication validation rules should prompt user password and not deny user
6541695 Post-auth plug-in changes to support Sharepoint
6507568 LDAP AuthModule does not return correct error when password validation fails
6547061 Need to bundle in new xmlsec.jar due to incorporate fix for 6519471
6499264 Need AuthInstant for every authenticated module Instance
6499268 Support for ForcedAuth using Composite Advice and URL parameter
6498902 Policy client sdk should clear policy decision with advice on first use
6472774 Access manger console user/password does not match sdk installer
6474089 AMUserPasswordValidation class should not be invoked during initial authentication
6476852 Server runs out of PermGen space with several deploy/redeploys
6476899 Bundled AccessManager startup times are huge with JavaEE SDK B08
6485695 In realm mode creating a group creates an administrative role with set of ACIs which never get used
6487880 Authentication type field needs more explanation in online help
6490703 Missing document: Multi instance AM setup on top of DS in MMR without LB
6495293 Service not assigned to users properly using AD plugin
6500868 Exception thrown when debug mode is set to message on client side
6501178 Exception in thread AMTimer
6503706 ClassCastException when trying to get binary attribute
6504377 New user created with AD plugin is inactive
6506448 NPE when doing AMIdentity.modifyService
6515043 The AM and portal server auto configuration failed when installing on zh_TW and es locales.
6521389 Appclient projects require sun-acc.xml to include the AMClientProvider provider-config element.
6523565 Server sample fails to run
6523681 Using an empty username for UserNameToken profile exposes a security hole
6524678 Readme.txt in the SDK install/addons has to be updated.
6524713 Impossible to login to AS Adm. GUI after the execution of java -jar am-configurator.jar
6524796 Deletion of subconfiguration fails when the config name has special characters.
6524854 Document install procedure for application server multiple instances
6525783 AM security doesn't work when using custom keystore
6528549 Need a getBinaryServiceAttribtues api for AMIdentity
6532967 com.iplanet.am.sdk.caching.enabled default value is documented incorrectly
6541622 Auth should not make call to DS for user search when username contains NOT allowed pattern
6542686 Unable retrieve schema info from AD
6543620 Access Manager Policy Agent profiles should be able to apply a digital signature to the service req
6543623 AM Policy Agent profiles should be able to encrypt SOAP request body and SOAP response body
6543625 UserName token authentication should be able to authenticate against a configured LDAP module.
6543626 SOAPRequestHandler should return SSOToken set in the Subject, in addition to X509
6544092 Service schema file for AD
6544177 When using X509 token with an invalid certificate AM always accepts the cert even without root ca
6544585 Unable to login with agent
6545645 New AMIdentity constructor does not work when token has no uuid.
6547440 Verification of unsigned response is passed
6547958 AMSDK doesn't fallback to primary directory server once primary comes up
6549639 Typo in Postinstallation Guide for Single War Deployment
6550261 Additional jar file is required for war generated by config later option
6552218 Restricted token (anti-hijack prevention mode) doesn't work in federated environment
6554372 Dist Auth broken in Websphere and Weblogic
6559603 Need to add boolean configuration flag for request signing
6560931 The provider-id for the Anonymous security mechanism in the provider-config is incorrect
6562414 Incorrect dynamic attr value returned by AD plugin
6563104 AM security fails when running against jdk1.5 on Solaris, Linux and MacOS
6564121 AM 7.1 legacy mode with AS 9.0 J2EE Agent 2.2 doesn't return the requested roles.
6567469 AM can`t be configured properly using old installation contract
6568278 NPE in amclientsdk
6568911 Access Manager Username Token Profile OASIS standard mismatch
6569403 Request with no encryption is not validated
6569870 Addition Fields to Web Service Security Provider and Client Profile Page
6570021 Encryption support for SOAP messages with extra spaces or newline characters
6570022 Error in soapHandler.validateRequest during load testing
6570025 Need help with troubleshooting authorization based on X509 tokens.
6572525 Auto creation of WSS agents do not specify Agent type as WSC or WSP
6573080 System hangs under heavy load in the LdapConnectionPool
6575312 Auth configuration corruption in multi threaded scenario
6576339 Compiler error while deploying identity webservices samples
6576571 Issue with AM 7.1 timeout with(Distributed Auth module)
6577414 UserNameToken-Plain profile does not have a corresponding provider-config entry in domain.xml
6577929 Username Token Created element uses incompatible namespace
6581230 Console can not set response encrypt / decrypt flag value for WSC and WSP
6584794 Authentication Exception due to incorrect handler.
6584960 Configurator.jsp fails to install on a DS suffix such as 'o=company'
6585444 Anoymous User in AM 7.1 when configured with Distributed Authentication throws server error
6587038 Datastore authentication does not enumerate through all datastore
6587553 DistAuth does not work with subrealms; displays 'Organization not found'.
6587627 FDQN is stripped to just the host name, needs to be preserved
6591245 Stalled Cookie Problem in Distributed Auth User Interface
6591330 Incorrect Lockout Handling
6592311 Auth makes three sms calls to config data store which is causing performance degradation
6571897 After PS installation was able to start AS, reach AS Admin GUI without passwords
6567200 AM7.1 cdcservlet is preserving the policy advice if the Web Server is reusing the same servlet
6592426 SessionServic.getSessionService call always enters the synchronized block even though not required.
6591791 amtune files for WS7 and utils are missing from the patch1 nightly ZIP file
6592884 Session stickyness not working with multisite configuration with WebAgents
6472574 Policy subject result cache is not cleaned up when receiving session notifications
6600057 AM does not report Session notification queue size in the stats.
6601819 Single war needs to support BEA WL 9.2
6596078 Can not login to AM 7.1 with data store auth module if DS running on non-default port
6583877 IE7: The "continue" button doesn't work when registering a new user without inputting info.
6603137 Can not create policy with time condition
6609886 AM hangs if Session notification queue is full
6495293 Service not assigned to users properly using AD plugin
6610519 When purge delay is set to 0 we still send two notifications timeout and destroy.
6609003 The usage is not displayed when using the syntax provided. amtune help
6612691 Missing functionalities in distAuth
6611909 realmqualified authscheme perapp timeout is not giving the access to the resource for valid auth
6618961 amadmin CLI sends 5 session validations req/sec for the same session handle
6626786 Server memory leak with repeated application SSOtoken creation and destroy
6621053 Client Certificate authentication broken on WebSphere
6621055 Client Certificate authentication failed on WebLogic
6628235 Single WAR web application cannot be configured with a root suffix with '&' char
Patch Installation Instructions:
--------------------------------
For Solaris 8, 9 and 10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/126357-03
The following example removes a patch from a standalone system:
example# patchrm 126357-03
For additional examples please see the appropriate man pages.
Special Install Instructions:
-----------------------------
For Access Manager specific patch information and patch installation
instructions, refer to the AM 7.1 patch release notes that is available online.
http://docs.sun.com/doc/819-4683/gfotd?a=view
The patch release notes include important information including installation
information, redeployment instructions and workarounds for known issues and limitations.
README -- Last modified date: Saturday, November 10, 2012