Patch-ID# 119409-10 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: access manager linux rhel2.1 security Synopsis: Sun ONE Access Manager 6.2 RHEL2.1 Date: Jan/30/2006 Install Requirements: Additional instructions may be listed below Solaris Release: Note: Redhat SunOS Release: Note: RHEL2.1 Unbundled Product: Sun ONE Access Manager Unbundled Release: 6.2 Xref: Topic: Sun ONE Access Manager Relevant Architectures: i386 BugId's fixed with this patch: 4847369 4872249 4987109 5013718 5013729 5015054 5031902 5040055 5046174 5048378 5051401 5052696 5055145 5056660 5060050 5060560 5063149 5064043 5072454 5076037 5079696 5083368 5083387 5083405 5085363 5086581 5087540 5090018 5093089 5094149 5095724 5097235 5099037 5102536 5102680 5105263 5107381 5107637 5109607 6178909 6185149 6185928 6197111 6198000 6201986 6202838 6202840 6204178 6204754 6206629 6214677 6215016 6217200 6218242 6221330 6222704 6226769 6228648 6232251 6235384 6236892 6237056 6237190 6241717 6243214 6245634 6251148 6254890 6254917 6260601 6260941 6265175 6267130 6269826 6274185 6276972 6277864 6292616 6292838 6293833 6294440 6308771 6308982 6320475 6330306 6331016 6350438 6351524 Changes incorporated in this version: 6308982 5094149 6330306 6351524 6350438 6201986 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: Note: sun-identity-console-6.2-5.i686.rpm sun-identity-console-sdk-6.2-5.i686.rpm sun-identity-external-6.2-5.i686.rpm sun-identity-federation-6.2-5.i686.rpm sun-identity-jwsdp-6.2-5.i686.rpm sun-identity-linux-support-6.2-5.i686.rpm sun-identity-password-6.2-5.i686.rpm sun-identity-samples-6.2-5.i686.rpm sun-identity-sci-6.2-5.i686.rpm sun-identity-sdk-6.2-5.i686.rpm sun-identity-sdk-config-6.2-5.i686.rpm sun-identity-services-6.2-5.i686.rpm sun-identity-services-config-6.2-5.i686.rpm sun-identity-utils-6.2-5.i686.rpm Problem Description: 4872249 : Subject eval should be outside of the policy 5052696 : Session and Auth Objects dont get cleaned up completely a fter a login/timeout 5031902 : Policy Cache not cleaned up correctly 5040055 : readACL - search ACL in the search engine does not work with filtered roles 5060050 : iPlanet Portal Server 6.3 Service definitions do not pop up 5015054 : There should be a way to configure the redirect url on id entity server 6285085 : revision number changes for SMS.dtd 5072454 : pre61to62upgrade script hangs, using wrong Directory Serv er instance path 5097909 : Web Server crashes in liberty when accessed by multiple clients 5055145 : Identity Server preupgrade script removes the locale dire ctory but not the localization package. 5060560 : not refreshing cache 5013729 : Policy state is made inconsistent after the Policy Service is deleted 5013718 : Safeword connections are not closed by Identity server 5076037 : locale parameter not set correctly in non JAAS Thread model 5046174 : Non-JAAS thread implementation to 6.2 in auth framework in order to prevent DOS attack 5086581 : Non JAAS Thread Mode - Cert Auth Module Sample not working 5090018 : LDAP Auth fails when authenticating against OpenLDAP 5109607 : Xalan2.6 upgrade 5095724 : Logout action leads to 'ServerError' 5097235 : XML configuration for authentication modules does not work as expected 5051401 : login error message rendered with "null\n" 5063149 : SSO tokens created by internal auth api fails on policy evaluation. 5107381 : Recursive user-profile look-up in Certificate Authentication 5102680 : CRLValidation doesnot work on IS6.2 due to GeneralNamesException class being drop in JDK 1.4.2 and above. 5085363 : Identity Server running on two networks cannot distinguish between addresses 5093089 : TCP sessions builds up to a point where the machine runs out of file descriptor. 5083405 : Authentication failed page leads to "AuthnRequest is not Valid" 6178909 : Can not install IS6.2HP1 when SSL is enabled on DS 5105263 : IS6.2 - Reauth with invalid credential should show error 5099037 : Need to make AuthenticationLocality configurable 5083368 : Threading and performance problem in federation and de-federation scenario 5102536 : Unable to modify trusted provider list after a provider had been deleted 4987109 : possible bug in preserving referential integrity of objects [ subs & policies ] 5083387 : amadmin cli cannot add subconfiguration if subConfigName contains "/" 6185149 : AddDefaultValues doesnt add default value for an existing service 5087540 : Error "modification of profile fail" when adding a user to a group. 6197111 : IS 6.2 HP2 does not seem to be patching the WAR staging area, instead it is patching the exploded areas 4847369 : Logs getting inconsistent values for IP address 6215016 : Module parameter in url cannot be carried into new org login page 6198000 6202838 :Back button on invalid session breaks goto 6204754 6202840 : Session history keeping Goto URL's around (Security issue) 5107637 : Already logged in - an incorrect wording 6206629 : WebLogic J2EE Agents have persistent LDAP connections closed by load balancer due to idle 6204178 : there is no way to terminate a session created by application auth module 6222704 : Pre/Post processing doesn't work for password changes 6217200 : users in filtered admin roles are not redirected to the admin console. 6214677 : Policy API not extracting policy correctly in certain circumstances. 6235384 : AM 6.2 backout issue 6226769 : Makefiles need to be changed to pick up fix of 6221011 on ldapjdk.jar 4.16.1 5079696 : Searching for another ldap subject after selecting one subject throws error 5048378 : Inconsistent usage of com.iplanet.am.smtpport property 6236892 : Image/Text place holder while CDCServlet is processing the AuthNResponse after Login 6185928 : AM6.2HP2 - Default "LoginURL" not work, when SSL terminated externaly 6218242 : Access Manager does not handle List types in group selection 6237056 : AM6.2 patch 4 should redeploy services.war to update Login.jsp for a bug fix 6241717 : 6.2patch4 fails to update classpath for xml jars 6243214 : Issues when installing AM6.2 patches 6254890 : ApprovalCallback has to have a property which makes AM server to trust only servers listed in AMConfig.properties 6221330 : API getFilteredRoleDNs and getAllRoleDNs of AMUser/AMUserImpl does not check whether the roleDN's of a user have objectclass "iplanet-am-managed-role" and "iplanet-am-managed-filtered-role". 6251148 : Authenticator ID is being stransmission of Radius client request. 6260601 : AM6.2 patch does not run on x86 platforms 6232251 : At an AM + UWC environment, the gotoOnFail parameter is used by the UWC UI to ensure that if there is an auth failure then the user will end up back on the UWC UI. 6267130 : Issues caused by prepatch and postpatch scripts. We should consider the scenario that a machine with only AM SDK installed. 6260941 : AM does not work correctly from behind a proxy server 6274185 : AM6.2 patch6 breaks soft link of AMConfig.properties 5056660 : Changing password user ldap does not work when password getting expired 6277864 : AM6.2 patch6 included wrong xercesImpl.jar and xml-apis.jar 6228648 : Attribute iplanet-am-role-managed-container-dn of a filtered role not read with fix for Bug 6217200 6265175 : It is not possible to apply AM hotpatches on systems which has not installed a comlete AccessManager 6292838 : iplanet-am-role-display-options not processed correctly for Filtered Roles 6293833 : Exception thrown when removing members from static group 6294440 : LDAP authentication module can prompt user to change their password prematurely 6308771 : Pluggable User Status Event Classes" does not exist in the GUI, under core- authentication 6269826 : login password in debug mode shown in plain text in amAuth debug file 6245634 : To many invalid session requests could cause a server hang 6292616 : AM sdk clients need restart after svc schema change 6237190 : Need to escape the special characters in session xml messages 5064043 : Identity Server running on two networks cannot distinguish between addresses 6320475 : com.iplanet.am.session.client.polling.enable on server side must not be true 6276972 : Delay in AM6.3 failover to secondary ldap directory 6331016 : logging out of a server using a remote session does not destroy the session 6308982 : Need population of module specific customized error message and error template via Auth remote API 5094149 : auth does not set error message/template in the xml message 6330306 : Access Manager SDK HttpsURLConnection uses a plain socket when retrying a failed connection 6351524 : LDAP search time during policy evaluation is too long when there are thousands users in a group 6350438 : AM hang under peak load caused by LDAP access within synchronized block 6201986 : AM SDK can not handle user credentials with '& ' and '<' characters Patch Installation Instructions: -------------------------------- The following command installs a patch to a standalone machine: example# cd 119409-09 example# ./installpatch Special Install Instructions: ----------------------------- Alternate Root install mode (patchadd -R) is not supported for this patch; this also means that the Live Upgrade product cannot be used to apply this patch. For Access Manager Server specific patch information and patch installation instructions, refer to the included patch release notes file, rel_notes.html, located inside of the patchID directory once the file has been unzipped. The patch release notes include must read information including installation information, redeployment instructions, instructions on how to deal with customized auth jsp files and workarounds for known issues and limitations. README -- Last modified date: Monday, January 30, 2006