Patch-ID# 117586-19

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: identity server
Synopsis: IS 6.1: Sun ONE Identity Server
Date: Mar/08/2006


Install Requirements: See Special Install Instructions                      
                      
Solaris Release: 8 9

SunOS Release: 5.8 5.9

Unbundled Product: Sun ONE Identity Server

Unbundled Release: 6.1

Xref: 

Topic: Sun ONE Identity Server

Relevant Architectures: sparc

BugId's fixed with this patch: 4875492 4957403 4958700 5021818 5035446 5037201 5093089 5094149 5105263 5107637 6175172 6201204 6201438 6202135 6202837 6202838 6202840 6221018 6226769 6229799 6231834 6236892 6244578 6246367 6251848 6255526 6260941 6272812 6276094 6276972 6281059 6282777 6283582 6306871 6306874 6306878 6308604 6331016 6347178 6363157

Changes incorporated in this version: 6283582

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

  /etc/opt/SUNWam/config/xml/amAuth.xml 
  /opt/$BASEDIR/libpasswd.so 
  /opt/$PRODUCT_DIR/console.war 
  /opt/$PRODUCT_DIR/docs/am_public_javadocs.jar 
  /opt/$PRODUCT_DIR/lib/AMConfig.properties.template 
  /opt/$PRODUCT_DIR/lib/am_logging.jar 
  /opt/$PRODUCT_DIR/lib/am_sdk.jar 
  /opt/$PRODUCT_DIR/lib/am_services.jar 
  /opt/$PRODUCT_DIR/lib/libamutils.so 
  /opt/$PRODUCT_DIR/locale/amAuth.properties 
  /opt/$PRODUCT_DIR/locale/amAuthUI.properties 
  /opt/$PRODUCT_DIR/locale/amFederation.properties 
  /opt/$PRODUCT_DIR/locale/amLogging.properties 
  /opt/$PRODUCT_DIR/password.war 
  /opt/$PRODUCT_DIR/samples/appserver/amsamples.war 
  /opt/$PRODUCT_DIR/services.war 
  /opt/$PRODUCT_DIR/share/bin/amsecuridd 
  /opt/$PRODUCT_DIR/share/bin/amunixd 
  /opt/$PRODUCT_DIR/share/bin/checkport 
  /opt/$PRODUCT_DIR/web-apps/cdsso.war
  /opt/$PRODUCT_DIR/web-apps/introduction.war 
/etc/opt/SUNWam/config/xml/amLogging.xml 

Problem Description:

117586-07 and lower
===================
4957403 Identity Server hangs due to a deadlock in NamingService
6201438 EventService should not run into a tight loop when it does not get Persistent Search Connection
6202837 No responding/crash Identity Server
6202838 Back button breaks Goto URL
6202840 Session history keeping Goto URL's around
5105263 Reauth with invalid credential should show error if enter the login page by back
5107637 Already logged in - an incorrect wording
4958700 Identity Server with Referrals auth fails
5037201 Recipient attribute should be able to set to null
6201204 HTTPS redirect in CDSSO - redirets to default http PORT 80
 
117586-08
=========
6221018 name field of new container does not show up on amconsole when running AM6.1 with JDK 1.4.2
 
117586-09
=========
6231834 Application of AM6.1 patch6 resulted in NullPointerExceptions
5093089 Identity Server doesn't close socket properly
 
117586-10
=========
6244578 AM should warn user that the browser cookie support is disabled/not available
6236892 Image/Text place holder while CDCServlet is processing the AuthNResponse after Login
6226769 Include ldapjdk.jar 4.16.1 into am_services.jar
6202135 Auth taglib emits quotes in the incorrect locations when generating URL
6246367 Due to a deadlock in EventService initializing, Identity Server hangs when restart
5021818 amLog file is reporting Filehandler errors
6229799 L10N part of amconsole webapp is gone after installing patch
6255526 performance issues when 'cookie.check' is 'true' in AMConfig
 
117586-13
=========
6175172 Access Manager does not work correctly from behind a proxy server
5035446 Policy subject search is displaying incorrect values from SDK Cache
6260941 AM6.1&6.2 postpatch script should modify iplanet-am-auth-login-success-url with relative URL
6251848 AMSDK does not work with AM behind loadbalancer
 
117586-14
=========
6276972 Delay when failover to secondary LDAP instance
6281059 Event service does not work when polling is enabled
6282777 Implementing TTL on UM cache
6276094 During patch installation, the console.war is not redeployed or expanded explicitly.
 
117586-15
=========
6308604 Unable to get to login  page from session expired page
5094149 auth does not set error message/template in the xml message
6306878 SDK install calls are Logged failed
6306871 Create of users and reading the attributes throws NoSuchUser exception
6306874 Out Of Memory/NoClassDefFound Error
4875492 RFE: Support for primary and failover jdbc urls with per-server config
 
117586-16
=========
6331016 Logging out of a server using a remote session does not destroy the session
 
117586-17
=========
6347178 Restarting AM disallows SSO to work unless a user login directly
6272812 Login failure attempts-count is not reset upon a successful login
 
117586-18
=========
6363157 allow to disable individual persistent search
 
117586-19
=========
6283582 Num of login failures are not shared across AMs

Patch Installation Instructions:
--------------------------------
 
For Solaris 8-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/117586-19
 
The following example removes a patch from a standalone system:
 
       example# patchrm 117586-19
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
For bug #5037201:
The following new properties have been added to AMConfig.properties.
1> The property 'com.sun.identity.saml.nameidentifier.format' will
be read by AssertionManager to get Format attribute value of
NameIdentifier. The value of this property can be any URI string
or empty string.
com.sun.identity.saml.nameidentifier.format=
 
2> The property 'com.sun.identity.saml.response.nullrecipient' will
be read by SAMLSOAPReceiver to determine if Recepient attribute should
be removed. The value of this property can be true or false. If true,
the 'Recipient' attribute of Response will not be set.
com.sun.identity.saml.response.nullrecipient=false
 
For bug #6201438:
The eventservice restart fix needs two new properties to be added to
AMConfig.properties.
The property 'com.sun.am.event.connection.idle.timeout' specifies
timeout value in minutes after which the persistent searches will be
restarted. Ideally, this value should be lower than the Load Balancer/
Firewall TCP timeout, to make sure that the persistent searches are
restarted before the connections are dropped. A value of '0' indicates
that these searches will no be restarted.
com.sun.am.event.connection.idle.timeout=0
 
For bug #4957403:
The jvm option '-Dcom.iplanet.am.serverMode=true' should be added to
the webcontainer's configuration descriptor server.xml file.
on IAS7.0
<jvm-options>-Dcom.iplanet.am.serverMode=true</jvm-options>
on IWS6.1
<JVMOPTIONS>-Dcom.iplanet.am.serverMode=true</JVMOPTIONS>
 
For bug #6244578:
New property 'com.sun.identity.am.cookie.check' needs to be set to
"true" in AMConfig.properties, in order to determine whether the cookie
support is enabled on the broswers. The default value is "false".
com.sun.identity.am.cookie.check=true.
 
For bug #6236892:
The following new properties, which will be read by the CDC servlet,
have been added to AMConfig.properties.
1> The property 'com.iplanet.services.cdc.WaitImage.display' needs
to be set to true to have an image displayed in the browser while
waiting for the protected page in a CDSSO scenario (default is false).
 
2> The property 'com.iplanet.services.cdc.WaitImage.name' defines the
name of the image file. The default value is waitImage.gif. The file
must be copied in the login_images directory.
 
3> The property 'com.iplanet.services.cdc.WaitImage.width' defines
the width of the image. The default value is 420.
 
4> The property 'com.iplanet.services.cdc.WaitImage.height' defines
the height of the image. The default value is 120.
 
For bug #6282777:
The following 3 new properties have been introduced for incorporating
TTL mechanism to UM cache. By default the TTL is disabled. 
    com.iplanet.am.sdk.cache.entry.expire.enabled=false
    com.iplanet.am.sdk.cache.entry.user.expire.time=
    com.iplanet.am.sdk.cache.entry.default.expire.time=
The first one is to enable TTL based expiration. By default it is false.
To enable TTL, change it to true. The other two properties are to 
allocate different expiration times for user entries and all the other
type of cache entries. The time unit is minute.
 
For bug #6363157:
The new property 'com.sun.am.event.connection.disable.list', which 
specifies which event connection (persistent search) to be disabled. 
There are three valid values - aci, sm and um (case insensitive). 
Multiple values should be separated with ",".
 
 
Since the patch install script redeploys Access Manager application
war files, you might have to reapply your customizations on the jsp
files after the patch installation.
 
If you have multiple Identity Server installations, you need to do the
above on each Identity Server installation for each bug fix.
 
Once you make any changes to AMConfig.properties or server.xml, you
need to restart the Identity Server.

README -- Last modified date:  Wednesday, March 8, 2006