Patch-ID# 126357-06 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** For further information on patching best practices and resources, please see the Oracle Technology Network Patching Center: http://www.oracle.com/technetwork/systems/patches *********************************************************************** Copyright 2011, Oracle and/or its affiliates. All rights reserved. *********************************************************************** Keywords: access manager, am7.1, jes5, java_es-5, security Synopsis: Sun Java System Access Manager 7.1 Solaris_x86 Date: Apr/23/2011 Install Requirements: NA Solaris Release: 8_x86 9_x86 10_x86 SunOS Release: 5.8_x86 5.9_x86 5.10_x86 Unbundled Product: Sun Java System Access Manager Unbundled Release: 7.1 Xref: This patch available for sparc as patch 126356-06, for Linux as patch 126358-06 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 6350438 6387712 6409176 6409600 6422249 6435889 6442520 6456504 6460780 6471046 6472574 6472774 6473199 6474089 6476852 6476899 6485237 6485695 6486724 6486843 6487880 6488432 6490703 6494304 6494643 6495293 6496155 6498405 6498902 6499264 6499268 6500868 6501178 6503706 6504377 6506448 6507568 6513655 6515043 6515502 6521389 6521565 6523565 6523681 6524678 6524713 6524796 6524854 6525783 6528549 6532311 6532967 6538181 6539090 6541622 6541695 6542686 6543620 6543623 6543625 6543626 6544092 6544177 6544585 6545645 6547061 6547440 6547958 6549639 6550261 6552218 6554372 6559603 6560931 6562414 6563104 6564121 6567200 6567469 6568278 6568911 6569403 6569870 6570021 6570022 6570025 6571897 6572525 6573080 6575312 6576339 6576571 6577414 6577929 6581230 6583877 6584794 6584960 6585444 6587038 6587553 6587627 6591245 6591330 6591791 6592311 6592426 6592884 6596078 6600057 6600325 6600331 6601819 6603137 6603228 6607892 6609003 6609886 6610519 6611872 6611909 6612691 6618961 6619906 6620746 6621053 6621055 6621802 6626786 6627230 6628235 6629110 6634276 6636341 6637086 6637600 6638652 6640377 6644879 6647324 6651757 6651832 6653144 6656744 6657102 6657112 6657667 6658586 6663135 6665155 6666187 6666244 6666912 6667267 6667756 6667760 6668046 6671815 6673538 6674544 6674688 6677440 6677966 6685368 6689601 6693152 6694162 6696354 6697260 6698247 6698447 6699166 6700722 6702797 6703429 6706821 6707604 6709771 6710058 6712208 6712993 6713147 6713579 6714023 6721606 6722156 6726583 6727687 6729535 6737459 6740071 6740852 6745353 6746406 6746634 6748117 6749656 6754195 6754419 6754852 6754863 6755801 6756079 6761627 6763401 6765971 6766363 6768678 6769316 6770120 6770231 6771038 6773986 6776613 6782529 6785877 6791437 6791898 6795308 6796939 6797112 6797573 6800246 6802207 6804294 6808492 6808821 6811036 6816501 6816973 6817037 6817344 6817798 6818423 6832763 6832765 6837372 6843487 6844490 6846717 6849170 6850818 6853935 6859022 6859742 6861920 6862240 6867326 6870575 6871163 6872718 6876880 6877027 6879946 6882250 6883091 6883136 6884271 6888778 6888783 6888784 6888820 6891374 6894077 6896456 6897044 6897101 6897887 6902310 6907618 6908649 6916584 6918755 6920839 6925475 6925817 6926203 6927207 6932793 6935201 6937104 6937999 6938162 6938355 6947904 6951498 6954288 6957896 6960346 6960348 6962024 6963531 6964062 6967601 6970770 6973683 6985634 6986916 6992299 7011583 7012182 7016248 7018857 7025841 Changes incorporated in this version: 6897044 7012182 7025841 7016248 6935201 6897101 6986916 6992299 7011583 7018857 6985634 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/opt/SUNWam/config/AMConfig.properties.template /etc/opt/SUNWam/config/com.sun.cmm.am.xml.template /etc/opt/SUNWam/config/ldif/am_remote_ad_schema.ldif /etc/opt/SUNWam/config/xml/template/WSSAuthService.xml /etc/opt/SUNWam/config/xml/template/amAuth.xml /etc/opt/SUNWam/config/xml/template/amAuthCert.xml /etc/opt/SUNWam/config/xml/template/amDelegation.xml /etc/opt/SUNWam/config/xml/template/amDisco.xml /etc/opt/SUNWam/config/xml/template/amSession.xml /opt/SUNWam/bin/amadmin.template /opt/SUNWam/bin/amas70config /opt/SUNWam/bin/amas81config /opt/SUNWam/bin/amconfig /opt/SUNWam/bin/amsamplesilent /opt/SUNWam/bin/amsdkconfig /opt/SUNWam/bin/amstaging /opt/SUNWam/bin/amsvcconfig /opt/SUNWam/bin/amtune/amtune-directory.template /opt/SUNWam/bin/amtune/amtune-env /opt/SUNWam/bin/amtune/amtune-identity /opt/SUNWam/bin/amtune/amtune-os /opt/SUNWam/bin/amtune/amtune-prepareDSTuner /opt/SUNWam/bin/amtune/amtune-utils /opt/SUNWam/bin/amutils /opt/SUNWam/bin/amwas51config /opt/SUNWam/bin/amwl81config /opt/SUNWam/bin/amws61config /opt/SUNWam/bin/amws70config /opt/SUNWam/dmy /opt/SUNWam/docs/am_public_javadocs.jar /opt/SUNWam/dtd/remote-auth.dtd /opt/SUNWam/include/am.h /opt/SUNWam/include/am_log.h /opt/SUNWam/include/am_map.h /opt/SUNWam/include/am_types.h /opt/SUNWam/include/am_utils.h /opt/SUNWam/include/am_web.h /opt/SUNWam/lib/am_logging.jar /opt/SUNWam/lib/am_sdk.jar /opt/SUNWam/lib/am_services.jar /opt/SUNWam/lib/am_sso_provider.jar /opt/SUNWam/lib/amclientsdk.jar /opt/SUNWam/lib/authapi.jar /opt/SUNWam/lib/identity/console-war/WEB-INF/lib/am_console.jar /opt/SUNWam/lib/libamsdk.so.2 /opt/SUNWam/lib/libamutils.so /opt/SUNWam/lib/libxml2.so.2 /opt/SUNWam/lib/log4j-1.2.8.jar /opt/SUNWam/lib/xmlsec.jar /opt/SUNWam/locale/amAuth.properties /opt/SUNWam/locale/amAuthCert.properties /opt/SUNWam/locale/amAuthLDAP.properties /opt/SUNWam/locale/amAuthSecurID.properties /opt/SUNWam/locale/amConfigurator.properties /opt/SUNWam/locale/amConsole.properties /opt/SUNWam/locale/amDisco.properties /opt/SUNWam/locale/amSDK.properties /opt/SUNWam/locale/amSession.properties /opt/SUNWam/locale/amSessionDB.properties /opt/SUNWam/locale/amWSSecurity.properties /opt/SUNWam/locale/serviceDefaultValues.properties /opt/SUNWam/share/bin/amunixd /opt/SUNWam/share/bin/amwar /opt/SUNWam/share/bin/checkport /opt/SUNWam/war/Makefile.distAuthUI /opt/SUNWam/war/README.distAuthUI /opt/SUNWam/war/am_server.war /opt/SUNWam/war/amauthdistui.war /opt/SUNWam/war/amclient.war /opt/SUNWam/war/console.war /opt/SUNWam/war/introduction.war /opt/SUNWam/war/password.war /opt/SUNWam/war/services.war /opt/ace/data/log4j.properties /opt/ace/data/rsa_api.properties /opt/SUNWam/lib/am_sessiondb.jar Problem Description: 6897044 Getting "An internal authentication error has occurred" msg when accessing btw login page with realm 7012182 URI is considered as URL in the goto parameter when it is URL-encoded 7025841 @ symbol in goto URL is not interpreted correctly. 7016248 A security risk on gotoOnFail URL parameter 6935201 OpenSSO U1P3: DAUI sends errors after 3 uses (user reload three times DAUI login url) 6897101 When login in non-default realm, user experience multiple logins after timeout. 6986916 AM 7.1 patch 4 DAUI, access granted to protected page on browser refresh under certain conditions 6992299 AM 7.1 patch 4 and fix for bug: 6935201, distauth tries to login users to previously accessed realm 7011583 CDSSO shows internal hostname in header when site is configured. 7018857 AM71 P5 loosing the realm context when using the return login link after session timeout. 6985634 IDFF - Composite Advice not handled correctly by SP (from 126357-05) 6888778 SB: config/federation/default/Error.jsp - should escape output 6932793 Intermittent authentication session timeout in 7.1p4 multiserver setup 6894077 In Cookie hijacking mode, logout request hangs 6964062 Unnecessary session requests repeatedly send from one server to another 6920839 SAMLPostProfile Servlet XSS issues 6951498 Session memory leak due to orphaned sessions on Restricted Tokens in a CDSSO/CHM with logout 6954288 With AM restart, logout is broken for active CDSSO Restricted agents leading to sessions leak 6808492 GF 2.1 CLI undeploy attempt fails and causes all future CLI commands to fail 6902310 New sessionid should be generated upon successful authn 6871163 Need to bundle in latest C-SDK (from WebAgents 2.2-05 bits bundled with NSS 3.12.5) into AM 6926203 goto URL not validated on distauth 6937104 OpenSSO u1 patch3 - XSS security vulnerability 6925817 IdRepo prints user password attribute in clear text in debug log with debug level message 6960346 Concurrentmodification Exceptions glassfish container, AM 7.1P3 6960348 Null Pointer Exceptions in CachedDirectoryServicesImpl 6962024 AM 7.1P3 ClassCast Exception in logs 6918755 amconfig from AM 7.1 patch 03 console redeploy breaks on testing USE_MFWK 6927207 AM server web interface lost focus of selected page after return 6963531 Implementing retry mechanism in PLL server (to avoid network glitch) 6967601 Unbranded screen is shown in response to a URL with an invalid GOTO parameter 6957896 AM 7.1 Patch4, User passwords containing "+" are failing 6816501 DAS Auth UI fail-over support can result in user being blocked access to the DAS 6859742 LoginViewBean in the DAS does not support server side success URL changes during the request 6867326 DistAuthUI does not recognise DNS alias when determining the authentication context realm 6891374 If session constraints fail, then the debug data is lost 6888784 SB: WH-3153144: Policy servlet should validate/encode output 6422249 SAML assertions using excessive memory 6938162 SESS:FIX Session Token in URLs /opensso/federation /opensso/realm etc 6937999 INPT:XSS Cross Site Scripting on /opensso/base/AMAdminFrame 6970770 Sub-realm user with same user-id as in root realm can access root realm protected resources 6925475 Username and password fields missing in login screen for non-LDAP auth modules in Legacy mode 6938355 NPE while deleting Portal Desktop service for a user in Access Manager Console 6947904 NullPointerException while hitting "Save" button many times on admin console 6888783 SB : WH-3148162 : SMProfileViewBean.java should escape/validate SMProfile.server 6973683 Implement TTL in SMS cache 6677966 HttpServletRequest/HttpServletResponse not available in AMLoginModule when using DA (from 126357-04) 6884271 CR/LF weakness of Access Manager 7.1 6870575 Change updateschema.sh user/run environment 6697260 Add option to allow agent application session to idle timeout 6879946 Cert auth does not work if iplanet-am-auth-cert-user-profile-mapper-ext not set 6808821 ClientSDK : Cannot login and get profile as Portal user created in Active Direct 6907618 Remote IdRepo calls does not work when special characters present 6850818 CLI ampassword needs new option to both hash and encrypt a password 6882250 Session attribute userId is not set correctly 6496155 Use a restriction token other than the IP address in cookie hijacking feature 6849170 Client sdk throws InvalidAppSSOTokenException following accessmanger restart 6846717 Dist auth zero page login does not escape special characters 6853935 Cookies should be decoded in the communication between 2 AM instances 6862240 BUG#6816973 causes anonymous login to fail - Msg: Session Upgrade fails since us 6877027 Can not login with DataStore module if auth naming attribute is changed from the 6883136 AM7.1 - When is authContext.submitRequirements=true ? - errMsg:"Too many Authen 6883091 Am7.1 Patch2 : can't configure url policy which contains character '?' 6802207 PA "gateway servlet" function yeilds "Your authentication module is denied" 6640377 AM7.1.1: temporary file with directory manager's password is world-readable 6843487 Set flag HttpOnly when creating AM session cookie 6696354 CDC servlet does not encode special characters in the destination URL 6896456 CDCClientServlet does not respect "com.iplanet.am.cookie.encode" property 6908649 Admin Console shows error message during logout 6765971 While using Unix Auth module AM logs wrong DN in amAuthentication.access file 6611872 Can not remove agentRootURL key value for agent profile from Admin console 6859022 Bootstrapping the Liberty ID-WSF with SAML v2 Doc has wrong information 6861920 XSS Vulnerability fix 6667760 AMLoginModule requires a method to determine users current session quota level 6800246 CDCservlet needs to be able to insert custom HTTP response header 6797573 Unable to get/set properties on restricted tokens 6712208 Locale cannot be changed during authentication using dist auth ui (resource bundle 6817798 Auth UI does not process locale parameter to meet RFC4646 6685368 Dist. Auth state lost at login page after com.iplanet.am.session.invalidate time 6703429 "Accept-Language" property not inherited when request are exchange between AM se 6721606 Return incorrect cookie domain for method getCookieDomainsForReq 6872718 Persistent XSS scripting issue in OpenSSO 6876880 LDAP Connection Pool Size settings being ignored 6888820 Request to add AMSDK and DAM support for Windows Desktop SSO authentication 6897887 AM 7.1-in-memory account lockout doesn't work for the users in the second Auth module in Auth Chain 6714023 SECURID messages for SAFEWORD Authentication does not translate one particular message correctly 6637086 Session time out message should be shown even if the idle time exceeds invalidsessionmaxtime 6916584 Policy day condition is not evaluating the condition if the range is laying over into next year (from 126357-03) 6791898 "No such Organization found" shown when primary LDAP is stopped 6791437 Sun Java SAM 7.1 Distributed Auth UI session timeout re-login URL incorrect 6748117 AM71 losing the realm context when using the return login link 6770120 AM 7.1sp1 console bug can lock out amadmin account permanently 6754419 AM server does not send password expired error to remote client 6387712 Notification requests can cause a build up of close_wait connections 6515502 LDAPv3 Repo plugin does not handle "Alias Search Attribute" correctly 6768678 Can not access user profile of users not in the default people container 6782529 updateschema.sh script is required to make schema changes after applying a patch 6637600 psearch connections to directory server not terminating resulting in resouce crunch and even crash 6521565 Agent fails if agentRootURL list has a non dns hostname 6607892 Access Manager will not follow goto URL from logout page when session has expired 6456504 Can not start server if an entry in server or site list does not have port number 6496155 Use a restriction token other than the IP address in cookie hijacking feature 6763401 Updating "primary ldap server" of policy configuration on amconsole causes two MOD operations in ldap 6797112 A user is not locked after password reset failure attempts 6773986 Warning message not displayed on login failure before the user lockout 6620746 Memory leak causing heap growth in Policy Evaluation tests 6677440 Probable XSS vulnerability in the cdcservlet 6471046 AuthLoginException message not meaningful when authenticating user is locked 6698247 Access Manager Radius Authentication Module lost uid between access_request and access challenge 6754852 AM7.1 DAUI does not work with basic auth 6700722 Don't kill old session during session upgrade 6771038 JESMF auth module integration does not recognise custom modules 6785877 Clear text passwords in debug files when using message level debugging 6653144 Exception handling around LdapSPValidator and DNOrIPAddressListTokenRestriction is poor 6486724 secure cookie flag should be set in CDSSO/cookie hijacking scenario 6702797 Problem with new line chars in authContext during authentication 6770231 goto URLnot validated 6722156 NullPointerException in post auth plugin 6756079 Randomly, some users cannot log in Access Manager despite their login and passwd being correct 6776613 As session timed-out, session time out page is not displayed 6746634 Policy is created but ineffective until AM restarted 6749656 Updating service schema for filtered role privileges 6754195 LDAP servers not correctly closing sockets can cause AM server to hang 6709771 federation session map is not cleaned up if sessions are timed out 6796939 Application based session time out is not working via Dist. Auth 6811036 After upgrade from JES4 cannot login as amadmin in coexistence mode - authentication module is denied 6350438 AM hang under peak load caused by LDAP access within synchronized block 6804294 AM7.1 console does not function correctly if the LB host name resolves to an unreachable IP address 6795308 CDCServlet can make advice available to the wrong client 6754863 amclientsdk bundled with agent 2.2hp5 and 7 has backward compatibility issues 6817037 AM 7.1 cert auth module is not able to use "X509v3 Subject Alternative Name" 6844490 Need to bundle in latest C-SDK into AM server 6816973 User matching is not checked in Session Upgrade case 6769316 Zero page login does not work with distributed authentication 6817344 DA could inadvertently make a connection to an untrusted host 6832763 updateschema.sh script does not take inputted DS host and port 6832765 amconfig after patch install (7.1patch2) gives cryptic error related to Cacao/JMF 6435889 Method Session.getSession fails because RestrictedTokenContext is not set 6837372 "No such Organization found" page shown when primary LDAP is stopped, in legacy mode 6818423 Severing LDAP connection causes sporadic login failure 6755801 AMSDK does not failover to secondary DS if primary DS is down in legacy mode (from 126357-02) 6619906 AM 7.1 REALM mode: authentication with Unix/SecurID does not pull user profile 6539090 User Based Authentication shows incorrect profile post authentication 6740852 Configuration Items in console can show information 6689601 SAML errors while parsing Assertions "verify AssertionAndGetGSSMap : missing or extra 6665155 AM 7.1 has issues if sub-realm has 2 Active Directory datastores 6712993 Information issue in access manager login 6740071 Zero Page authentication is putting the cookie in the URL 6644879 User can login with empty password in AD module in special case 6636341 AM 7.1 Password Reset Service not showing errors 6603228 Access Manager KeyProvider needs option to use types other than JKS format 6600331 Make composite advice available to underlying authentication modules 6600325 Persistent cookie support 6707604 AMSDK API search control issues with the creation of new instance of search in AM 7.1 6710058 AM 7.1 User can login to amconsole using uid with wildcards such as "amadmi*" or "amad*" 6713147 NPE appears in agent debug log when CDSSO is enabled in J2EE Agent 2.2-01 6713579 ClientTypeManager is not initiated if client detection is disabled 6726583 WebtopNaming.getPlatformServerList() returns empty Vector sometimes during saml2 perforance testing 6727687 Method getPrimaryConnection stops retry and returns a null 6729535 Remote logging fails if incoming request has empty recMsg 6737459 CDC servlet looses subrealm 6666244 Share persistence searches if host,orgdn and search filter are same 6667267 NPE if search attribute does not include amsdkdn 6667756 AMLoginModule should provide access to Account Lockout count 6671815 ProxyPolicyEvaluator doesn't work as expected in Sun Realms in AM 7.1 6674544 Thread lock in LDAPv3Repo 6674688 Need to support force auth 6694162 Sharing psearch can deadlock 6699166 AM 7.1 U1 - Session failover testing throws java.lang.ClassCastException error 6706821 Password reset policy in auth chain module(LDAP) causes authentication failure 6409600 ConcurrentModificationException in AMObjectImpl prevents AMEvents from being delivered 6651832 In Remote auth previous AuthContext is not set even if the request is a session upgrade 6657102 NameCallbacks defaultNames are not available in the dist auth UI 6657112 RedirectCallback not supported in the Remote Auth API 6657667 DistAuth UI cannot process more than 2 callbacks during one page only login 6485237 Need to be able to deploy CDCServlet on the Dist-Auth server 6663135 Remote auth API cannot handle special XML characters in callback values 6666187 CRL validation is not working in war deployment under appserver9.1 6647324 Login page localization does not work with DAUI for AM7.1 6621802 SecurID authentication support on Solaris/x86 platform 6627230 AM7.0 does not set session property UserId to the uid for Cert module 6629110 Under load testing, amconsole experiences memory leak 6745353 AM SDK does not failover to secondary DS properly 6746406 AD data store: Groups from sub branches of a DIT are not visible under Subjects 6761627 Subream admin can login as amadmin at root realm by creating user amadmin in sub-realm 6766363 Re-establishing ldap conn pool under load has problems/race conditions 6638652 amconsole breaks while managing custom attributes added to organizationAttributeSchema 6651757 MAP libraries missing from DAS application 6658586 AMStoreConnection.daysSinceModified() got incorrect days 6666912 DistAuth URI by default does not take you to Login page 6668046 SAMLv2 needs to support failover on Artifact SSO and SLO 6673538 Security permission is missing for CRL validation 6693152 amsdk jar files should include version number in the manifest file 6634276 ExceedRetryLimit message does not show correctly on AM7 with JA locale 6486843 Privileges cannot be defined for a filtered role 6409176 AM authentication issue when Account lockout is enabled in Directory Server 6538181 SMS layer does not update SMS cache when policy schema of a service is changed 6698447 Unnecessary debug error msg when safeword auth fails 6656744 Collection object is not synchronized (from 126357-01) 6473199 Method onLoginFailure instead of onLogout of postprocess is not executed when user logs out 6488432 Policy response to include issueInstant 6494643 Compatibility issue among agent, sdk client and server 6494304 Authschemecondition should support application idle timeout and force authn 6442520 Session upgrade does not work in case 6498405 Some Chinese Characters are not allowed when creating AM managed groups 6513655 Profile attribute set to Ignore doesn't give access to console to TopLevelAdmin Roles 6460780 authN throughput improvements 6532311 Authentication validation rules should prompt user password and not deny user 6541695 Post-auth plug-in changes to support Sharepoint 6507568 LDAP AuthModule does not return correct error when password validation fails 6547061 Need to bundle in new xmlsec.jar due to incorporate fix for 6519471 6499264 Need AuthInstant for every authenticated module Instance 6499268 Support for ForcedAuth using Composite Advice and URL parameter 6498902 Policy client sdk should clear policy decision with advice on first use 6472774 Access manger console user/password does not match sdk installer 6474089 AMUserPasswordValidation class should not be invoked during initial authentication 6476852 Server runs out of PermGen space with several deploy/redeploys 6476899 Bundled AccessManager startup times are huge with JavaEE SDK B08 6485695 In realm mode creating a group creates an administrative role with set of ACIs which never get used 6487880 Authentication type field needs more explanation in online help 6490703 Missing document: Multi instance AM setup on top of DS in MMR without LB 6495293 Service not assigned to users properly using AD plugin 6500868 Exception thrown when debug mode is set to message on client side 6501178 Exception in thread AMTimer 6503706 ClassCastException when trying to get binary attribute 6504377 New user created with AD plugin is inactive 6506448 NPE when doing AMIdentity.modifyService 6515043 The AM and portal server auto configuration failed when installing on zh_TW and es locales. 6521389 Appclient projects require sun-acc.xml to include the AMClientProvider provider-config element. 6523565 Server sample fails to run 6523681 Using an empty username for UserNameToken profile exposes a security hole 6524678 Readme.txt in the SDK install/addons has to be updated. 6524713 Impossible to login to AS Adm. GUI after the execution of java -jar am-configurator.jar 6524796 Deletion of subconfiguration fails when the config name has special characters. 6524854 Document install procedure for application server multiple instances 6525783 AM security doesn't work when using custom keystore 6528549 Need a getBinaryServiceAttribtues api for AMIdentity 6532967 com.iplanet.am.sdk.caching.enabled default value is documented incorrectly 6541622 Auth should not make call to DS for user search when username contains NOT allowed pattern 6542686 Unable retrieve schema info from AD 6543620 Access Manager Policy Agent profiles should be able to apply a digital signature to the service req 6543623 AM Policy Agent profiles should be able to encrypt SOAP request body and SOAP response body 6543625 UserName token authentication should be able to authenticate against a configured LDAP module. 6543626 SOAPRequestHandler should return SSOToken set in the Subject, in addition to X509 6544092 Service schema file for AD 6544177 When using X509 token with an invalid certificate AM always accepts the cert even without root ca 6544585 Unable to login with agent 6545645 New AMIdentity constructor does not work when token has no uuid. 6547440 Verification of unsigned response is passed 6547958 AMSDK doesn't fallback to primary directory server once primary comes up 6549639 Typo in Postinstallation Guide for Single War Deployment 6550261 Additional jar file is required for war generated by config later option 6552218 Restricted token (anti-hijack prevention mode) doesn't work in federated environment 6554372 Dist Auth broken in Websphere and Weblogic 6559603 Need to add boolean configuration flag for request signing 6560931 The provider-id for the Anonymous security mechanism in the provider-config is incorrect 6562414 Incorrect dynamic attr value returned by AD plugin 6563104 AM security fails when running against jdk1.5 on Solaris, Linux and MacOS 6564121 AM 7.1 legacy mode with AS 9.0 J2EE Agent 2.2 doesn't return the requested roles. 6567469 AM can`t be configured properly using old installation contract 6568278 NPE in amclientsdk 6568911 Access Manager Username Token Profile OASIS standard mismatch 6569403 Request with no encryption is not validated 6569870 Addition Fields to Web Service Security Provider and Client Profile Page 6570021 Encryption support for SOAP messages with extra spaces or newline characters 6570022 Error in soapHandler.validateRequest during load testing 6570025 Need help with troubleshooting authorization based on X509 tokens. 6572525 Auto creation of WSS agents do not specify Agent type as WSC or WSP 6573080 System hangs under heavy load in the LdapConnectionPool 6575312 Auth configuration corruption in multi threaded scenario 6576339 Compiler error while deploying identity webservices samples 6576571 Issue with AM 7.1 timeout with(Distributed Auth module) 6577414 UserNameToken-Plain profile does not have a corresponding provider-config entry in domain.xml 6577929 Username Token Created element uses incompatible namespace 6581230 Console can not set response encrypt / decrypt flag value for WSC and WSP 6584794 Authentication Exception due to incorrect handler. 6584960 Configurator.jsp fails to install on a DS suffix such as 'o=company' 6585444 Anoymous User in AM 7.1 when configured with Distributed Authentication throws server error 6587038 Datastore authentication does not enumerate through all datastore 6587553 DistAuth does not work with subrealms; displays 'Organization not found'. 6587627 FDQN is stripped to just the host name, needs to be preserved 6591245 Stalled Cookie Problem in Distributed Auth User Interface 6591330 Incorrect Lockout Handling 6592311 Auth makes three sms calls to config data store which is causing performance degradation 6571897 After PS installation was able to start AS, reach AS Admin GUI without passwords 6567200 AM7.1 cdcservlet is preserving the policy advice if the Web Server is reusing the same servlet 6592426 SessionServic.getSessionService call always enters the synchronized block even though not required. 6591791 amtune files for WS7 and utils are missing from the patch1 nightly ZIP file 6592884 Session stickyness not working with multisite configuration with WebAgents 6472574 Policy subject result cache is not cleaned up when receiving session notifications 6600057 AM does not report Session notification queue size in the stats. 6601819 Single war needs to support BEA WL 9.2 6596078 Can not login to AM 7.1 with data store auth module if DS running on non-default port 6583877 IE7: The "continue" button doesn't work when registering a new user without inputting info. 6603137 Can not create policy with time condition 6609886 AM hangs if Session notification queue is full 6495293 Service not assigned to users properly using AD plugin 6610519 When purge delay is set to 0 we still send two notifications timeout and destroy. 6609003 The usage is not displayed when using the syntax provided. amtune help 6612691 Missing functionalities in distAuth 6611909 realmqualified authscheme perapp timeout is not giving the access to the resource for valid auth 6618961 amadmin CLI sends 5 session validations req/sec for the same session handle 6626786 Server memory leak with repeated application SSOtoken creation and destroy 6621053 Client Certificate authentication broken on WebSphere 6621055 Client Certificate authentication failed on WebLogic 6628235 Single WAR web application cannot be configured with a root suffix with '&' char Patch Installation Instructions: -------------------------------- For Solaris 8, 9 and 10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/126357-06 The following example removes a patch from a standalone system: example# patchrm 126357-06 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- For Access Manager 7.1 patch 3 and higher, there is a dependency on the following LDAP JDK patch, which needs to be installed prior to installing AM patch platform patchid ---------- -------------------------- solaris sparc, x86 119725-06 or higher Linux 120834-04 or higher windows 138905-01 or higher For Access Manager specific patch information and patch installation instructions, refer to the AM 7.1 patch release notes that is available online. http://docs.sun.com/doc/819-4683/gfotd?a=view The patch release notes include important information including installation information, redeployment instructions and workarounds for known issues and limitations. README -- Last modified date: Saturday, April 23, 2011