JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Sun Java System Access Manager 7.1 Release Notes
Oracle Technology Network
Library
PDF
Print View
Feedback

Document Information

Sun Java System Access Manager 7.1 Release Notes

Revision History

About Sun Java System Access Manager 7.1

Access Manager 7.1 Patch Releases

Sun Java System LDAP JDK Patches

Access Manager 7.1 Patch 6

Access Manager 7.1 Patch 6 WAR File Issue on GlassFish 2.2.x (13730542)

Access Manager 7.1 Patch 5

Time to Live (TTL) is implemented for the Service Management (SMS) cache (6973683)

Retry mechanism is implemented in the PLL server (6963531)

Access Manager 7.1 patch Readme lists the required LDAP JDK patches (6959325)

HttpServletRequest and HttpServletResponse are available with Distributed Authentication User Interface (6677966)

Access Manager 7.1 Patch 4

New Features and Changes in Access Manager 7.1 Patch 4

New property prevents "Too many authentication attempts" error (6883136)

New property sets idle time out for policy agent sessions (6697260)

Access Manager session cookies can be marked as HTTPOnly (6843487)

ampassword utility has new options to hash and encrypt a password (6850818)

Windows Desktop SSO authentication is added for Distributed Authentication UI Server deployment (6888820)

CDC Servlet inserts custom HTTP response header (6800246)

Changes to the updateschema.sh script (6870576)

Known Issues in Access Manager 7.1 Patch 4

updateschema.pl script fails with older version of ldapjdk.jar (6934848)

updateschema script cannot run successfully under certain circumstances in WAR file deployment (6934844)

Access Manager 7.1 Patch 3

New Features and Changes in Access Manager 7.1 Patch 3

Sun Java System LDAP JDK Patches are Available

Running the updateschema Script is Required

Limitation is Removed for Creation of Data Store Authentication Module Instance in Legacy Mode

Backward Compatibility Issue Between Access Manager 7.1 and amclientsdk.jar is Fixed

Sun Java Web Console 3.1 Patches Are Required

New Property Prevents Sessions From Being Destroyed After Session Upgrade

New Property Allows SSO Token Restriction Other Than an IP Address

Distributed Authentication UI Server Works With Basic Authentication

SecurID Authentication Support is Added for Linux Systems

Known Issues in Access Manager 7.1 Patch 3

Single WAR Access Manager Deployment Cannot Use https Protocol Handler (6810092)

If config Directory Path on Windows Contains a Space, Patch 3 updateschema.pl Fails (6852463)

Hard-coded Path Should be Removed from Patch 3 updateschema.pl Script on Windows (6852467)

Access Manager 7.1 Patch 2

Access Manager 7.1 on WebLogic Server requires new ldapjdk.jar File (6774634)

Creation of Data Store authentication module instance fails in Legacy mode (6764919)

Sub-realm administrator can log in as amadmin in root realm (6761627)

New com.sun.identity.appendSessionCookieInURL property (6740071)

Backward compatibility issue between Access Manager 7.1 and amclientsdk.jar File (6754863)

Access Manager JAR files should include version number in MANIFEST.MF file (6693152)

Security permission is missing for CRL validation (6673538)

SecurID authentication is supported on Solaris x86 systems (6621802)

Access Manager Key Provider needs option to use types other than JKS format (6603228)

Delegation privileges cannot be defined for a filtered role (6486843)

Persistent cookie support is added (6600325)

Access Manager 7.1 Patch 1

Support for specific application idle session timeout values

Web Proxy Agent 2.2-01 in CDSSO mode does not work with Access Manager 7.1 Patch 1 (CR 6611841)

Distributed Auth UI does not work with a WebSphere Application Server 5.1.1.12 server (CR 6625928)

Password file exposed in a temporary directory after Patch 1 re-deployment (CR 6640377)

LDAP Failover not working properly (CR 6611627)

amconfig does not tag-swap and re-register the monitoring framework descriptor (CR 6636710)

amtune does not work if installed in a non-default directory (CR6640673)

amtune does not delete the world readable password file (CR 6640672)

amtune should set thread pool size at 3 times the number of CPUs or cores for CMT servers (CR 6631123)

amsfo.pl does not work for Windows (CR 6629189)

Not able to deploy WAR file generated by patch.bat if -l option is used for Windows (CR 6636474)

amserveradmin.bat throwing errors for Access Manager 7.1 Patch for Windows (CR 6631526)

amsfo.pl script does not work for Session Failover in a Single War deployment for Windows (CR 6646519)

Access Manager classpath not pointing to xml.sec.jar in Patch 1 for Windows (CR 6644461)

Post authentication plug-in supports Microsoft SharePoint (CR 6541695)

Retrieving schema from Active Directory data store fails (CR 6542686)

Access Manager supports the JDK 1.5 HttpURLConnection setReadTimeout method (CR 6536635)

saml samples will not work if the saml module instance is created with lower case name "saml" (CR 6648342)

G11n: CLI commands amhasetup and amserver are not localized (CR 6567135)

G11n: The User sub-tab incorrectly translated in French language (CR 6633529)

Web Security Service Issues Fixed

6543625 -- UserName token authentication can authenticate against a configured LDAP module

6543626 -- SOAPRequestHandler returns the SSOToken set in the Subject

6544177 -- When using X509 token with an invalid certificate AM always accepts the cert even without root CA

6559603 -- Boolean configuration flag for "request" signing

6543620 Access Manager Policy Agent profiles able to apply a digital signature to the service request for UserName token

6543623 Access Manager Policy Agent profiles able to encrypt SOAP request body and SOAP response body

6570021 Encryption supports SOAP messages with extra spaces.

Removed ACIs that cause unnecessary performance degradation (CR 6484947)

6.3-based console online help not displayed win Application Server 8.2 (CR 6587213)

Multiple passwords not required for amtune script

amtune-os will not run in local zone

Pre-Installation Considerations

Installing and Configuring Access Manager

Patch Installation Instructions

Patch Installation Instructions For Solaris Systems

Solaris 10 Zones

Patch Installation Instructions For Linux Systems

Patch Installation Instructions For Windows Systems

Installing the Windows Patch

Backing Out the Windows Patch

Access Manager 7.1 Patch 1 Single WAR Deployment

New Container Versions Supported

Considerations for Single WAR Deployment with WebSphere 6.1

Considerations for Single WAR Deployment with Weblogic 9.2

Applying Patch 1 for Single WAR Deployment

Known Issues with Patch 1 WAR Deployment

Modifying SAML source ID in WAR deployment for Access Manager 7.1 Patch 1 (CR 6582972)

amAdmin from amAdminTools.zip Single WAR does not work with IBM JDK WebSphere 6.1 (CR 6618861)

What's New in This Release

Java ES Monitoring Framework Integration

Web Service Security

Single Access Manager WAR file deployment

Enhancements to Core Services

Deprecation Notification and Announcement

Hardware and Software Requirements

Supported Browsers

General Compatibility Information

AMSDK intersystem incompatibility with Access Manager server

Upgrade not supported for Access Manager HPUX version

Access Manager Legacy Mode

Java ES Silent Installation Using a State File

"Configure Now" Installation Option in Graphical Mode

"Configure Now" Installation Option in Text-Based Mode

"Configure Later" Installation Option

Determining the Access Manager Mode

Access Manager Policy Agents

Known Issues and Limitations

Installation Issues

Access Manager single WAR deployment on WebLogic requires JAX-RPC 1.0 JAR files to communicate with client SDK (6555040)

Additional .jar file is required for single WAR generated by the Java Enterprise System 5 installer for Websphere 5.1 (6550261)

Single WAR deployment for Webshpere requires changes to server.xml to communicate with client SDK (6554379)

Changes required for Distributed Authentication to work with Access Manager single War for Weblogic and Webshpere (6554372)

Single WAR Configurator fails against DS (6562076)

Multi-server configuration of AM Single WAR on same host throws exception (6490150)

Upgrade Issues

Required Services not supported in Access Manager 7.1 Console in Realm Mode (6615838)

Compatibility Issues

Access Manager Single Sign-On fails on Universal Web Client (6367058, 6429573)

StackOverflowError occurs on Web Server 7.0 running in 64-bit mode (6449977)

Incompatibilities exist in core authentication module for legacy mode (6305840)

Delegated Administrator commadmin utility does not create a user (6294603)

Delegated Administrator commadmin utility does not create an organization (6292104)

Configuration Issues

Incorrect console redirection behind a load balancer (6480354)

Notification URL needs to be updated for Access Manager SDK installation without web container (6491977)

Password Reset service reports notification errors when a password is changed (6455079)

Account Locking feature fails to send email notification when the user's account is locked (6760137)

Platform server list and FQDN alias attribute are not updated (6309259, 6308649)

Data validation for required attributes in the services (6308653)

Document workaround for deployment on a secure WebLogic 8.1 instance (6295863)

The amconfig script does not update the realm/DNS aliases and platform server list entries (6284161)

Default Access Manager mode is realm in the configuration state file template (6280844)

Performance Issues

In Realm mode, creation of a new group generates Group Admin with ACIs that never get used (6485695)

Access Manager Console Issues

New Access Manager Console cannot set the CoS template priorities (6309262)

Old console appears when adding Portal Server related services (6293299)

Console does not return the results set from Directory Server after reaching the resource limit (6239724)

Add ContainerDefaultTemplateRole attribute after data migration (4677779)

Command Line Issue

Organization Admin role is fails to create a new user with the amadmin command line utility (6480776)

SDK and Client Issues

Clients do not get notifications after the server restarts (6309161)

SDK clients need to restart after service schema change (6292616)

Authentication Issues

Distributed Authentication UI server performance drops when application user has insufficient privileges (6470055)

Incompatibility for Access Manager default configuration of Statistics Service for legacy (compatible) mode (6286628)

Attribute uniqueness broken in the top-level organization for naming attributes (6204537)

Session and SSO Issues

System creates invalid service host name when load balancer has SSL termination (6245660)

Using HttpSession with third-party web containers

Policy Issues

Deletion of dynamic attributes in Policy Configuration Service causing issues in editing of policies (6299074)

Server Startup Issues

Debug error occurs on Access Manager startup (6309274, 6308646)

AMSDK Issues

Error displayed when performing AMIdentity.modifyService (6506448)

Group members don't show up in selected list (6459598)

Access Manager Login URL Returns Message "No such Organization found" (6430874)

Sub-org creation not possible from Access Manager when using amadmin (5001850)

SSL Issue

The amconfig script fails when SSL certificate is expired. (6488777)

Samples Issue

Clientsdk samples directory contains unwanted makefile (6490071)

Linux OS Issues

JVM problems occur when running Access Manager on Application Server (6223676)

Windows and HP-UX Issues

Access Manager auto configuration failed when installing on zh_TW and es locales (6515043)

HP-UX needs gettext binary with AM while installing Java Enterprise System full stack (6497926)

Federation and SAML Issues

Logout error occurs in Federation (6291744)

Globalization (g11n) Issues

Administration console components displayed in English in the zh locale (6470543)

Current Value and New value are incorrectly displayed in the console (6476672)

Policy condition date must be specified according to English custom (6390856)

Removing UTF-8 is not working in Client Detection (5028779)

Multi-byte characters are displayed as question marks in log files (5014120)

Documentation Issues

Missing information when configuring Access Manager in SSL mode (6660610)

Access Manager supports non-ascii character passwords if Directory Server is configured to support them (6661374)

Document the roles and filtered roles support for LDAPv3 plug-in (6365196)

Document unused properties in the AMConfig.properties file (6344530)

Document how to enable XML encryption (6275563)

Documentation Updates

Access Manager 7.1 Documentation Collection

Support for the Java SecurID Authentication Module

Access Manager in an Application Server Cluster

Policy Agent 2.2 Collection

Redistributable Files

How to Report Problems and Provide Feedback

Oracle Welcomes Your Comments

Additional Resources

Accessibility Features for People With Disabilities

Hardware and Software Requirements

The following table shows the hardware and software that are required for this release.

Table 2 Hardware and Software Requirements

Component
Requirement
Operating system (OS)
  • Solaris10 on SPARC, x86, and x64 based systems, including support for whole root local and sparse root zones.

  • Solaris 9 on SPARC and x86 based systems.

  • Red Hat Enterprise Linux 5.0 Server, 32 and 64-bit versions, all updates

  • Red Hat Enterprise Linux 3 and 4, all updates

    Advanced Server (32 and 64-bit versions) and

    Enterprise Server (32 and 64-bit versions)

  • Windows

    Windows 2000 Advanced Server, Data Center Server version SP4 on x86

    Windows 2003 Standard (32 and 64–bit versions), Enterprise (32 and 64–bit versions), Data Center Server (32–bit version) on x86 and x64 based systems

    Windows XP Professional SP2 on x86 based systems

    HP-UX 11i v1 (11.11 from uname), 64–bit on PA-RISC 2.0. Access Manager 7.1 Patch 1 is not available for HP-UX.

For the most updated list of supported operating systems, see Platform Requirements and Issues in Sun Java Enterprise System 5 Release Notes for UNIX in the Sun Java Enterprise System 5 Release Notes for UNIX, or Hardware and Software Platform Information in Sun Java Enterprise System 5 Release Notes for Microsoft Windows in the Sun Java Enterprise System 5 Release Notes for Windows.
Java 2 Standard Edition (J2SE)
J2SE platform 6.0, 5.0 Update 9 (HP-UX: 1.5.0.03), 1.4.2 Update 11, and 5.0 Update 12 (as of Java Enterprise System 5 update 1)
Directory Server
Access Manager Information Tree (configuration data store):

  • Sun Java System Directory Server Enterprise Edition 6.3 (requires Access Manager 7.1 Patch 2 or later)

  • Sun Java System Directory Server Enterprise Edition 6.1 and 6.2 (requires Access Manager 7.1 Patch 1 or later)

  • Sun Java System Directory Server 5.2 2005Q4 and 6.0

Access Manager Identity Repository (user data store):

  • Sun Java System Directory Server Enterprise Edition 6.3 (requires Access Manager 7.1 Patch 2 or later)

  • Sun Java System Directory Server Enterprise Edition 6.1 and 6.2 (requires Access Manager 7.1 Patch 1 or later)

  • Sun Java System Directory Server 5.2 2005Q4 and 6.0

  • Microsoft Active Directory
Web containers
Sun Java System Web Server 7.0 and 7.0 Update 1. On supported platform/OS combinations you may elect to run the Web Server instance in a 64 bit JVM. Support platforms: Solaris 9/SPARC, Solaris 10/SPARC, Solaris 10/AMD64, Red Hat AS or ES 3.0/AMD64, Red Hat AS or ES 4.0/AMD64

Sun Java System Application Server Enterprise Edition 8.2

BEA WebLogic 8.1 SP4, and 9.2 for (Patch 1). WebLogic is not supported with Access Manager for HP-UX.

IBM WebSphere Application Server 5.1.1.6 and 6.1( for Patch 1). WebSphere is not supported with Access Manager for HP-UX.
RAM
Basic testing: 512 Mbytes

Actual deployment: 1 Gbyte for threads, Access Manager SDK, HTTP server, and other internals
Disk space
512 Mbytes for Access Manager and associated applications

If you have questions about support for other versions of these components, contact your Sun Microsystems technical representative.

Supported Browsers

The following table shows the browsers that are supported by the Sun Java Enterprise System 5 release.

Table 3 Supported Browsers

Browser
Platform
Firefox 1.0.7, 1.5, 2.0 and later
Windows XP

Windows 2000

Solaris OS, versions 9 and 10

Red Hat Linux 3 and 4

Mac OS X
Microsoft Internet Explorer7
Windows XP

Supported for Patch 1 onwards.
Microsoft Internet Explorer 6.0 SP2
Windows XP
Microsoft Internet Explorer 6.0 SP1
Windows 2000
Mozilla 1.7.12
Solaris OS, versions 9 and 10

Windows XP

Windows 2000

Red Hat Linux 3 and 4

Mac OS X
Netscape™ Communicator 8.0.4
Windows XP

Windows 2000
Netscape Communicator 7.1
Solaris OS, versions 9 and 10
Copyright © 2010, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next