| Oracle® Adaptive Access Manager Release Notes Release 10g (10.1.4.5) Part Number E13648-03 |
|
| View PDF |
| Oracle® Adaptive Access Manager Release Notes Release 10g (10.1.4.5) Part Number E13648-03 |
|
| View PDF |
Release Notes
Release 10g (10.1.4.5)
E13648-03
May 2009
These release notes contain important last minute information not included in the Oracle Adaptive Access Manager Release 10g (10.1.4.5) documentation library. This document contains the following sections:
The following guides are located at the Oracle Technology Network. You can refer to them for detailed information about Oracle Adaptive Access Manager.
Note:
For information about updates to the Oracle Adaptive Access Manager Release 10.1.4.5 documentation set, visit the Oracle Technology Network atNote:
The Oracle Adaptive Access Manager Integration Guide has been renamed to the Oracle Adaptive Access Manager Developer's Guide.Oracle Adaptive Access Manager release 10.1.4.5.2 resolves the known issues listed in this section.
This section describes issues concerning models.
When a user logs in to an application, models are run that are linked to the group the user is in. When the same user logs into a second application under a different group, the original group membership is still valid and models are run that are linked to both groups.
This section describes issues concerning rules.
Rule execution logs are not configurable and therefore may affect Adaptive Risk Manager performance. Users who experience large numbers of log ins per day will have many rows of data written in the logs.
Configurable parameters are provided to address this issue. Users can now configure "n," a numeric property for time, so that logging is performed only if the total time taken for the Runtime is greater than "n" milliseconds. The parameter can be configured globally or for a specific runtime.
For example, the properties, as set below, logs for all Runtime process rules, only if the total time taken is more than 1000 ms.
vcrypt.tracker.rules.trace.policySet=false vcrypt.tracker.rules.trace.policySet.min.ms=1000
This section describes issues concerning the Rule Editor.
When a Pattern Condition is added to a Rule, the user interface does not display the Condition parameters correctly (or not at all in some cases). The Condition parameters are not loading properly even though the conditions are listed under the User Rules.
This section describes issues concerning Auto-learning.
The user login behavior pattern for location (at a city level) is not evaluated correctly. User logins are not being identified as members of the pattern.
When an Auto-learning rule to compare the pattern count is configured, it does not trigger if the pattern type is device-each user and the timeperiodType is month.
Users cannot base rules on the day of the week, because there is no attribute for "Day of the Week" available for pattern configuration.
To fix the issue, a dayOIfTheWeek attribute has been added where 1 = Sunday, 2 = Monday, and so on, with 7= Saturday.
When an Entity: Pattern Membership rule condition is evaluated, it does not take into account the current bucket that the pattern authentication operation belongs to.
To resolve this issue, the "ENTITY: Entity is member of bucket N times in a given time period" condition has been created.
This section describes issues concerning KBA.
The oaam.kba.questions.randomorder property has been added for presenting KBA questions in random order instead of sequentially. Randomization will be performed Online only (Adaptive Strong Authenticator) if "oaam.kba.questions.randomorder" is missing or is set to true. For the "CSR Get Challenge Question" flow, question access will always be sequential.
This section describes issues concerning configurable actions.
A Configurable Action for adding an item is needed. This can be used to add userId/loginId/deviceId/country/state/city/IPAddress of the current request to a "Watch list" if the item is not in the "White List"/Black List" that is specified in the configuration. For item type IPs: even if the IP address is in the "White List"/Black List, the IP address is added to "Watch List". The same type of behavior can also be observed for countries and cities.
This section describes issues concerning transactions.
When filter operators "equals" and "like" are applied to city, country, device ID, or IP in transaction conditions, the rule does not trigger.
The issue with equals is fixed. "like" works only on transaction data and entity data where the data type is string.
This section describes resolved issues for Adaptive Risk Manager Offline.
Scheduled load and run are not functional:
List load and run does not list schedules.
Multiple records are listed for the list schedulers query when edits are made to the same record at the time of creation.
Only manual load and run are working.
This section describes issues concerning the Oracle Adaptive Access Manager Proxy.
The openssl random number API generates secure random numbers for Session ID generation. mod_uio.so now expects to have mod_ssl loaded into Apache httpd so that it seeds the random number generator of openssl correctly.
A single binary configures itself for single and multiple process Apache httpd configurations. It auto-configures itself to use memcached (multi-process httpd) or local sessions (single-process httpd). There is a different binary for Linux and for Windows.
As config XML is modified, the Oracle Adaptive Access Manager Proxy does not auto-load the modified config XML. The Oracle Adaptive Access Manager Proxy should keep the data structures for previous config XML in memory and reference-count them against sessions for garbage collection. This issue has been fixed in this patch.
This section describes issues concerning queries.
The message text "Are you sure you want to export the selected row(s) for Delete?" is split into 3 entries. The text cannot be translated into Japanese correctly due to the grammatical binding.
This section describes issues concerning IP Loading.
The IPLocationLoader application throws encryption-related exceptions. A note to remind users to configure encryption has been added to Chapter 3, "IP Location Data Import," of the Oracle Adaptive Access Manager Reference Guide for 10.1.4.5.2.
This section describes issues concerning the user interface.
In the Scheduler user interface for Online mode,
Run appears as the default for Task Type search filter.
Load is a search parameter you can choose in Task Type.
Load/Run should not be listed in the Online deployment. Running and loading data is not a feature in Online mode.
This section describes known problems for Oracle Adaptive Access Manager release 10.1.4.5.2. If a suitable workaround exists for a known problem, it is listed with the description of the bug to provide a temporary solution.
Configure the following properties in tracker.properties to enable the rule log using fingerprint:
# Int property determining finger print logging or detailed logging. Detailed logging if exceeds this. Inclusive vcrypt.tracker.rulelog.exectime.maxlimit=-1 # Boolean property to do both fingerprint and detailed logging. Overrides vcrypt.tracker.rulelog.exectime.maxlimit. vcrypt.tracker.rulelog.logBoth=false
Set the following property to milliseconds:
vcrypt.tracker.rulelog.exectime.maxlimit=5000
If the logging take more than the time specified, it will use fingerprint for logging.
The Rule Engine can also perform logging using both the legacy and fingerprint mechanisms when the following property is enabled:
vcrypt.tracker.rulelog.logBoth=true
Adaptive Risk Manager fails to delete, activate, or de-activate actions when the user clicks the Delete Actions, Activate, or De-Activate buttons in the Add Action Instances screen of Configurable Actions.
The buttons will work if the user selects a specific Runtime instead of "--All--" from the Select Runtime list before clicking the "Load Actions" button.
Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Deaf/Hard of Hearing Access to Oracle Support Services
To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html.
Oracle Adaptive Access Manager Release Notes, Release 10g (10.1.4.5)
E13648-03
Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|