If you open multiple browser tabs in the same browser instance to access the Access Manager login page, the new com.sun.identity.authentication.mutiple.tabs.used property prevents the “Too many authentication attempts” error.
To use this new property, add it with a value of true to the AMConfig.properties file and restart the Access Manager web container.
The new com.iplanet.am.session.agentsessionidletime property sets the maximum idle timeout in minutes for policy agent sessions. The default value is 0, which causes policy agent sessions to never time out. The minimum value is 30 minutes. A value between 0 and 30 minutes will be reset to 30.
To use this new property, add it with a value appropriate for your deployment to the AMConfig.properties file and restart the Access Manager web container.
The new com.sun.identity.cookie.httponly property allows Access Manager session cookies to be marked as HTTPOnly, in order to prevent scripts or third-party programs from accessing the cookies. Specifically, session cookies marked as HTTPOnly can help to prevent cross-site scripting (XSS) attacks.
By default, the value for com.sun.identity.cookie.httponly is false. To use this new property, add it with a value of true to the AMConfig.properties file and restart the Access Manager web container
You must also set this property on the client side. For example, for a Distributed Authentication UI server deployment, set it to true in the AMDistAuthConfig.properties file.
In patch 4, the ampassword utility has the following new options:
ampassword -s | --hash [ password ] ampassword -c | --hashencrypt [ password ]
-s or --hash hashes the password.
-c or --hashencrypt both hashes and encrypts the password.
Support for Windows Desktop SSO authentication is added for a Distributed Authentication UI server deployment and the Access Manager 7.0 and later Client SDK. This CR was verified for the following Access Manager 7.1 deployment scenarios:
Access Manager 7.1 server with a version 7.1 Distributed Authentication UI server deployment from a browser (both Internet Explorer and Firefox)
Access Manager 7.1 server with a version 7.1 Distributed Authentication UI server deployment with the Access Manager 7.0 and later Client SDK on Windows XP and Windows 2003
In patch 4, if you integrate Cross-Domain Single Sign-On (CDSSO) with programmatic clients, the CDC Servlet inserts an extra HTTP response header (which is not configurable). For example, with a web agent installed in CDSSO mode, viewing a response on “Live HTTP Headers”, you will see the Cdcservlet_auto_post: true header. This change allows custom applications to easily distinguish the auto submitting form and to process the information accordingly.
Patch 4 includes the following changes to the updateschema.sh script:
Removes the restriction of requiring the user to be superuser (root) to execute the script.
Allows the user to specify whether Directory Server has SSL enabled.
Validates the path of the ldapsearch and ldapmodify commands and prompts the user to specify the path if they are incorrect.
Corrects the path to the amadmin utility in an Access Manger 7.1 single WAR file deployment.