OBSOLETE Patch-ID# 120954-01 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: access manager security Synopsis: Obsoleted by: 120954-02 AM 7.0: Sun Java System Access Manager 2005Q4 Date: Jan/19/2006 Install Requirements: NA Solaris Release: 8 9 10 SunOS Release: 5.8 5.9 5.10 Unbundled Product: Sun Java System Access Manager Unbundled Release: 7.0 Xref: This patch available for i386 as patch 120955-01, for Linux as patch Patch-ID# 120956-01 Topic: Sun Java System Access Manager Relevant Architectures: sparc BugId's fixed with this patch: 6204679 6246905 6273148 6281358 6289589 6291287 6292616 6293720 6294440 6294618 6295075 6295078 6295081 6295524 6295834 6296108 6298433 6298462 6303917 6303975 6305268 6306605 6306833 6307920 6308982 6309830 6309907 6310356 6311985 6313117 6314342 6318296 6320475 6321128 6323367 6323608 6324349 6325333 6325343 6326050 6326634 6327691 6327836 6328362 6328396 6330678 6330679 6330685 6330687 6330747 6333870 6334633 6335137 6336904 6337106 6337160 6337701 6338418 6338582 6340418 6341686 6341737 6342223 6342313 6342725 6343531 6345362 6346904 6346908 6346918 6347568 6349959 6350573 6352076 6356473 6356670 6356715 6356879 6363399 6366215 Changes incorporated in this version: 6289589 6295075 6204679 6273148 6246905 6291287 6310356 6298462 6298433 6292616 6305268 6308982 6309830 6296108 6313117 6294440 6320475 6306605 6318296 6311985 6325343 6325333 6309907 6328396 6324349 6295524 6306833 6303975 6330678 6330687 6314342 6281358 6293720 6294618 6295081 6295834 6303917 6321128 6323367 6323608 6326050 6326634 6327691 6327836 6328362 6330679 6330685 6330747 6333870 6335137 6337106 6337701 6338418 6338582 6340418 6341737 6342313 6349959 6343531 6352076 6356879 6350573 6334633 6346904 6346908 6342223 6341686 6336904 6295078 6307920 6345362 6366215 6363399 6342725 6356473 6346918 6347568 6356670 6356715 6337160 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/opt/SUNWam/config/serverconfig.xml.template /etc/opt/SUNWam/config/xml/template/idRepoService.xml /opt/SUNWam/Makefile.clientsdk /opt/SUNWam/Makefile.distAuthUI /opt/SUNWam/README.distAuthUI /opt/SUNWam/amauthdistui.war /opt/SUNWam/amclient.war /opt/SUNWam/bin/amas70config /opt/SUNWam/bin/amas81config /opt/SUNWam/bin/amsdkconfig /opt/SUNWam/bin/amsfoconfig /opt/SUNWam/bin/amsvcconfig /opt/SUNWam/bin/amtune/amtune-identity /opt/SUNWam/bin/amtune/amtune-os /opt/SUNWam/bin/amutils /opt/SUNWam/bin/amwas51config /opt/SUNWam/bin/amwl81config /opt/SUNWam/console.war /opt/SUNWam/docs/am_public_javadocs.jar /opt/SUNWam/dtd/remote-auth.dtd /opt/SUNWam/lib/am_logging.jar /opt/SUNWam/lib/am_sdk.jar /opt/SUNWam/lib/am_services.jar /opt/SUNWam/lib/amclientsdk.jar /opt/SUNWam/locale/LC_MESSAGES/amsfoconfig.mo /opt/SUNWam/locale/amConsole.properties /opt/SUNWam/locale/amIdRepoService.properties /opt/SUNWam/services.war /opt/SUNWam/bin/amws61config Problem Description: 120954-01 ========= 6289589 Incorrect ldap server info is causing the UI not to display the LDAP related subjects in console 6295075 legacy: Reset button does not work for Client Detection/edit page 6204679 amadmin failed with no specific error message for a valid xml file but with uppercase suffix 6273148 Could not add/delete/modify discovery service resource offerings 6246905 Wrong error msg for Single Sign-On Failure Redirect URL 6291287 Policy UI for condition by auth level displays wrong values for auth level 6310356 amwas51config incorrectly using WL8_PROTOCOL when setting values for naming and notification URL's 6298462 amsfoconfig fails on linux 2.1 server 6298433 amsfoconfig has incorrect permissions on linux 2.1 6292616 AM sdk clients need restart after svc schema change 6305268 Problem with idrepo ldapv3 plugin and openldap 6308982 Need population of module specific customized error message and error template via Auth remote API 6309830 Adding more amadmin properties in the console is changing the amadmin user password 6296108 realm: Exception error when selecting a user from a new Realm contains the default v3 info 6313117 Client SDK (amclientsdk.jar) throws error messages that permission denied for reading config data 6294440 LDAP authentication module can prompt user to change their password prematurely 6320475 com.iplanet.am.session.client.polling.enable on server side must not be true 6306605 AM does not deploy on WebSphere with non-default URI's 6318296 Can't remove Session Service configuration for a subrealm 6311985 CDC: CDC Servlet redirecting to the invalid login page when Policy condition is specified 6325343 amclientsdk.jar doesn't handle localized content in utf-8 properly 6325333 Request to add InternalSession.getObject/InternalSession.setObject() methods 6309907 postprocess plugin defined for a Named config does not execute for role based auth 6328396 IDrepo Gives exception while storing new attribute with LDAPV3 plugin 6324349 JAXRPC classcast exceptions cause initialization failure for portal webapp 6295524 amwl81config: typo prevents wireless_rendering.jar and wireless_rendering_util.jar from being used 6306833 Modification notification mail is sent when other attribute is changed 6303975 Memory leak in distributed Auth 6330678 IdRepo doesn't cache sub entries of ou=users,ou=default,ou=globalconfig,ou=1.0,ou=sunidentityreposit 6330687 There are 4 directory searchs for each authentication 6314342 Unnecessary object creation of Notification/NotificationSet in session service cause perf. problem 6281358 AM legacy mode: Deletion Notification does not work 6293720 legacy: Created groups is not placed under Groups container 6294618 After first click on Directory Management tab, sub-tabs do not appear 6295081 legacy: Should prevent Orgs, Containers, People Con, user,roles to be created under grp Container 6295834 Changing password via console with debug 'message' logs changed password in amProfile 6303917 Deprecating SiteAttributeMapper overwrites new PartnerSiteAttributeMapper in SAML 6321128 Special characters (&) in SAML statements should be encoded 6323367 AM70 does not allow customers to get the uuid through command line or console 6323608 AuthContext object instances/bytes linger/leak even after user logouts and session/idle timeouts 6326050 Session event should be sent when the pre-authentication session times out 6326634 SAML: Duplicate Trusted Partner console edit errors 6327691 UrlAccessAgent SSOToken is expiring as the Application module does not return the special user DN 6327836 Distributed Authentication service to be not required to stick to one server for LB deployments 6328362 Federation performance is slow campared to 6.3 6330679 Auth model cannot be created during to lack of page session data 6330685 Include AM Server healthcheck JSP within services.war 6330747 Unable to assign Named Config(created in sub-realm) to a role 6333870 Adding a DNS/Aliases name to an organization from the Access Management will give LDAP error 6335137 Session notification is unnecessarily being sent to AM server itself 6337106 Ability to disable DNS Lookup 6337701 Realm/Subjects/Role doesnot contains a General page 6338418 Universal ID disappeard when Save button is pressed 6338582 SSO fails for federation 6340418 Logout fails after federation termination 6341737 AMSDK call to AMUser.getAttributesByteArray() returns empty if called after AMUser.getAttributes() 6342313 Login as an org admin user when click on Directory Manager link will get user page 6349959 Adding "role=read,create,edit,delete" to LDAPv3 IdRepo plugin causes IdRepo to fail 6343531 Deleting service leaves amconsole unusable and service partially deleted 6352076 WL8.1 SP4: Access denied while accessing any resource first time in cdsso setup 6356879 amadmin gives access to AM even with invalid user/password 6350573 Distributed Authentication Does not work when deployed in Production mode in Bea WebLogic Server 6334633 Inconsistent AM-SDK Global Schema Cache behaviour 6346904 Session Polling could hang the server under high load 6346908 Session Destroy or logout on the client sdk does not work properly 6342223 Session cache has no way to cleanup client cache when notifications are missed 6341686 Adding all groups to a user get error " Error [Ljava.lang.Object;@1d8be60" 6336904 Authentication service should not be required to stick to one server for LB deployments 6295078 legacy:Cannot delete an organization that created under a container 6307920 Special characters (&) in SAML statements should be encoded 6345362 Server failed to start if com.sun.am.event.connection.idle.timeout is set to a non zero value 6366215 IDRepo unable to search based on "cn" - LDAPv3Repo unable to search with respect to naming attribute 6363399 Policy evaluation fails for LDAPV3 filtered role 6342725 idrepo cache not updated 6356473 Gateway does not come up on a separate node after installation 6346918 cookie name property is missing in AMClient.properties since AMClientSDK is not working 6347568 amclientsdk webapp is not working the amclientsdk.jar file is missing in the war file built. 6356670 java.lang.NullPointerException in amSecurity debug logs 6356715 Auth Remote API gives error due to failure in retrieval of internal session from session ID on server 6337160 IdRepo calls SMS for every operation, leading to performance issues Patch Installation Instructions: -------------------------------- Backup following files: For Solaris 8 and 9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/120954-01 The following example removes a patch from a standalone system: example# patchrm 120954-01 For additional examples please see the appropriate man pages. After the patch is installed or removed, AM applications need to be redeployed. Please refer to release notes rel_notes.html for more details. Special Install Instructions: ----------------------------- For Access Manager Server specific patch information and patch installation instructions, refer to the included patch release notes file, rel_notes.html, located inside the patchID directory once the file has been unzipped. The patch release notes include must read information including installation information, redeployment instructions, instructions on how to deal with customized auth jsp files and workarounds for known issues and limitations. README -- Last modified date: Wednesday, May 17, 2006