Oracle Entitlements Server 10g (10.1.4.3) Release Notes

SSMs now provided for Microsoft Office SharePoint Server, WebLogic Portal 10.2, and Internet Information Server 6.0. Also provided is the RMI SSM that allows communication with a centralized SSM over RMI protocol.

Single Java API

The Java API implementation was updated to allow seamless invocation of the Web Service or RMI SSM. The implementation also provides decision caching and failover capabilities while using a remote SSM.

Internationalization Support

OES was designed to handle double bytes and was tested with Chinese and French characters. Here is the scope of internationalization support in this release:

Deprecated Platforms

Supported Configurations

This section documents the core components and security service modules supported in this release.

Core Components

Table 1 lists the platforms for core components supported in OES 10gR3 with CP6 (Cumulative Patch/Patch Set 6).

Table 1 Core Components
Component	Platforms	Operating Systems
Admin Console Browser	MS IE 6.0, 7.0, 8.0	Windows 2000 SP4, 2003 R2, XP SP2, 2008, 7
E-UI Browser	MS IE 6.0, 7.0, 8.0 Firefox 2.0.x, 3.6.8	Windows 2000 SP4, 2003 R2, XP SP2, 2008, 7
Admin Server Platform	WebLogic Server¹ 9.2 MP2 WebLogic Server 10.0 MP1 WebLogic Server 10gR3 (10.3)² 10.3.1, 10.3.2, 10.3.3, 10.3.4 WebSphere Application Server 6.1³, 7 Tomcat 5.5.23, 5.5.26⁴	Sun Solaris Sparc 8, 9, 10 (32-bit) Windows 2000 SP4, 2003 R2, XP SP2, 2008, 7 Red Hat Adv. Server 3, 4, 5 Oracle Enterprise Linux (OEL) 4 & 5 (64 bit) Suse Linux⁵ 9.2, 10 & 11 HP-UX 11.23 (Itanium only) (64 bit) AIX 5.3, 6.1⁶
OES Policy Store	Oracle 9.2.0.5, 10.1.2, 10.2.0.2, 11.1.0.6, 11.2.0.1 (11gR2) Sybase 12.5.3, 15 MS-SQL 2000 & 2005, 2008⁷ PointBase 5.1 DB2 Universal DB Enterprise Server 9.1
OES Policy Export	AquaLogic Enterprise Repository 2.6 & 3.0
User Directory	Oracle Identity Directory 10.1.4.2 Microsoft Active Directory 2000 & 2003⁸ Microsoft ADAM SunONE Directory Server v5.2 Novell eDirectory v8.7.31 Open LDAP v2.2.24 Oracle 9.2.0.5, 10.1.2, 10.2.0.2, 11g, 11.2.0.1 (11gR2) Sybase 12.5.3, 15 DB2 Enterprise Server Edition 9.1 MS-SQL 2000 & 2005 PointBase 5.1
IDEs	WebLogic Workshop 9.0 & 10.0 Studio 3.0 MS Developers Studio 2007

¹All WebLogic Servers can use either the Sun JVM or JRockit JVM that ships with WLS 9.x/10.x. JRockit JVM supported on Intel hardware only.

²Requires Cumulative Patch 1 or later.

³WebSphere 6.1 is a supported Administration server platform initially on AIX 5.3 and Solaris 8, 9, 10.

⁴Tomcat supported only with JDK 5.0

⁵Suse Linux is supported on both 32-bit and 64-bit hardware.

⁶Administration server support on AIX 5.3 & 6.1 is only for WebSphere 6.1.

⁷Requires Cumulative Patch 6 or later.

⁸Includes support for Active Directory Application Mode (ADAM).

OES Security Modules

Table 2 Security Modules
Category	Platform Version(s)	Windows¹	Solaris Sparc 8, 9, 10	RHAS² 3, 4, 5	OEL 4, 5	Suse³ 9.2, 10	AIX 5.3, 6.1⁴
Web Services / RMI	MS .NET 1.1 & 2.0⁵ WL Workshop 9.0, 10.0 Studio 3.0	Yes	Yes	Yes	Yes	Yes	No
Oracle WebLogic Products	WebLogic Server⁶ 8.1.5, 8.1.6, 9.2.2, 10.0 MP1, 10.3⁷, 10.3.1, 10.3.2, 10.3.3⁸ WebLogic Portal 8.1.5, 8.1.6, 9.2.2, 10.0.1, 10.2, 10.3, 10.3.2 WebLogic Integration 9.2.2	Yes	Yes	Yes	Yes	Yes	No
Other Oracle Products	ODSI (formerly ALDSP) 2.5, 3.0, 3.1⁹ OSB (formerly ALSB) 2.6, 3.0¹⁰, 11g OBPM (formerly ALBPM) 6.0	Yes	Yes	Yes	Yes	Yes	No
IBM WebSphere	WebSphere 6.1, 7	Yes	Yes	Yes	Yes	Yes	Yes
Java	Sun JVM 1.4.2, 5.0, 6.0 JRockit 1.4.2, 5.0, 6.0 IBM JDK 1.4.2, 5.0¹¹	Yes	Yes	Yes	Yes	Yes	No
Other Applications	Oracle Database 10g Documentum Content Server v5 Microsoft Office SharePoint Server 2007	Yes Yes Yes	No Yes N/A	No Yes N/A	No Yes N/A	No Yes N/A	No No N/A

¹Windows 2000 SP4 and higher, Windows 2003 R2 and higher, Windows XP SP2 and higher.

²RedHat Advanced Server requires applying the Cumulative Patch 1 or later. Towards the end of installing OES Admin server, DO NOT install the schema. Apply CP1 and run the bin/install_ales_schema.sh/bat after applying the patch. Following this, start the server.

³Suse Linux is supported on both 32-bit and 64-bit hardware.

⁴AIX installer via Distribution Archive.

⁵NET Web Services client on Windows 2000 and 2003 only.

⁶All WebLogic Servers can use either the Sun JVM or the JRockit JVM that ships with the WLS 9.x/ 10.x. JRockit JVM supported on Intel hardware only.

⁷For WebLogic Server 10.3 and above, the latest CP is required. Towards the end of installing OES Admin server, DO NOT install the schema but run bin/install_ales_schema.sh/bat after applying the latest CP from the support site before attempting to run install_ales_schema.bat/sh and starting the server.

⁸For WebLogic Server 10.3.3, the latest CP5 is required. Towards the end of installing OES Admin server, DO NOT install the schema. Apply CP5 and then run bin/install_ales_schema.sh/bat. Following this, start the server.

⁹OSDI 2.5 on WLS 8.1.x, OSDI 3.0 on WLS 9.2 MP2, OSDI 3.1 on WLS 10.0 MP1

¹⁰OSB 2.6 running on WLS 9.2, OSB 3.0 running on WLS 9.2 MP1 and WLS 10.0 MP1.

¹¹IBM JDK support on AIX 5.3 and AIX 6.1 only.

Known Issues

Table 3 Known Issues in This Release
CR	Description
8185305	When re-installing the Administration Server on Tomcat, make sure the following caching directory is empty: `Tomcat_Home\work\AlesEngine`.
8180230	To upgrade from ALES 2.6 when installing both the SSMs and the Administration Server in the same BEA HOME, delete all files in the SSM root directory. This does not include files in child directories.
8173519	OES 10gR3 Aministration Server needs JDK 1.5. When upgrading ALES 22 OES Admin deployed on Tomcat, JDK is upgraded to 1.5.
8187105	On AIX platforms, the Administration Server and SSM run on 64-bit JDKs, the SSM Instance Wizard tool runs only on 32-bit JDKs. Therefore, to install the distribution archive on AIX, you must: Assign the JDK tokens in `post-processing.properties` (refer to README - Step #3) to a 64-bit JDK. After running `ant -f post-processing.xml pp`, you must change JAVA_HOME in all SSM instance wizard files (e.g., `ales32-ssm\java-ssm\adm\instancewizard.cmd`) to use a 32-bit JDK. After creating a WebSphere SSM instance, edit the following files and modify JAVA_HOME to use a 63-bit JDK: `..\websphere-ssm\instance\test\adm\ssm_instance.properties`..\websphere-ssm\instance\test\bin\set-env.bat(sh) ..\websphere-ssm\instance\test\bin\upgrade_providers.bat\|sh)
8179444	Upgrades from ALES 2.2 when Sybase is the datastore requires specialized procedures. Contact Oracle support for assistance.
8196889	When Sybase is used as the policy repository, policy queries cannot contain more than 24 parameters. Queries with more than 24 parameters will fail.
8173128	When upgrading from ALES 3.0 on WebLogic Server 10.0, the following tokens must be manually replaced in BEA_HOME\ales32-admin\asiDomain\autodeploy\asi.ear/asi.war/WEB-INF/web.xml: @shared.dir@ @ca.validity@ @asi.properties@
8185600	When removing the Administration Server, a message may indicate that, “Some components are not selected because they are required by another product”. This message can be ignored.
8185742	In order to stop a WebLogic domain being secured by OES, the `BEA_HOME\ales32-admin\lib\framework.jar` file must be included in the CLASSPATH environment variable.
8183645	In order to run the Java API example on AIX, you must manually add -Xverify:none to JAVA_OPTIONS.
8174004	One of two methods must be used to support multiple application sessions in the Entitlements Administration Application. Make sure that the Autosave checkbox is selected in all Entitlements Administration Application windows. Add extra settings to the Database as shown below: SQL Server 2005 alter database db_name set READ_COMMITTED_SNAPSHOT ON DB2 db2set DB2_EVALUNCOMMITTED=ON db2set DB2_SKIPDELETED=ON db2set DB2_SKIPINSERTED=ON Sybase alter table TABLE_NAME lock datarows
8195947	If a role/resource/identity attribute is created and then deleted, you may recreate it so long as the attribute type does not change. However, you cannot recreate it as a different type. For example, after an attribute named CustStatus of type string is created and then deleted, you cannot create an attribute of the same name of type integer.
8174312	A role or resource attribute used in a policy definition cannot be deleted until it is removed from the policy.
8181591	EUI doesnt support "[1..4]" list style constant definitions. Workaround: use [1,2,3,4].
8180650	When displaying policies, the delegator parameter is not working properly. Users who want to perform a policy query with delegator parameter can use 'Filter' function, which returns compound policy results.
8181606	A maximum of ten identity directories can display in an organization.
8188417	After renaming an identity directory in E-UI, perform a refresh to completely display the current information.
8185702	When viewing a role, the Refresh button does not refresh the role’s policies. As a workaround, select a different role in the Roles list and then reselect the role.
8159746	The perfDB Audit provider does not currently record Authentication Statistics.
8186601	When you restart an Administration Server running in WebSphere and attempt to log in to the administration console (https://<host>:7010/asi), you receive an Access Denied response, regardless of the log in credentials As a workaround, navigate to the log in screen of the Entitlements Administration Application (https://<host>:7010/entitlementsadministration) — you do not need to actually log in. Then return to the administration console and log in as usual.
9502540	SimplePortalExample (ales_wlp_ear file) is not compatible with WLP 10.3.2.
10245365	An `UnspportedClassVersionError` has been seen when using jrockit150_06 on the client side with the RMI-SSM, and a server running on 64 bit Windows-2008. We do not see this issue when running jrockit 6.
9693690	Prior releases of OES one wasrequired to remove the cached policies (to force a flush distribution) if policies required to start the server were missing. A new flag syncPolicyOnStartup is now available on the WLESarme.properties – if the value is set to true the SM waits to get the latest policies and then starts-up. Defaults to true.
9924146	Starting with CP5, Sybase jconnect drivers are no longer packaged with OES. Download separately and ensure that the path for these jars is reflected properly in the `WLESWrapper.conf` or other platform specific config files in which classpath information is defined.
10306229	WAS 7 is certified with OES as of the CP5 distribution archive. WAS 7 requires a IPC_CONNECTOR_ADDRESS port that is not needed for WAS 6.0 – add this configuration websphere.profile.port.14 in post-processing.properties. WAS 6.x SMs ignore this port configuration.
10365898	The configuration Solaris + WAS 6.1 Admin + JDK 15 + Sybase 125 + OES CP5 has occasionally experienced issues stating the following error: kodo.jdo.DataStoreException: Your server command (family id #0, process id #15) encountered a deadlock situation. If you encounter this, re-run your command. This only happens on WAS using Sybase – not for the Oracle database on other platforms. We will resolve this issue once the Kodo issue has been resolved.
10203843	When performing management operations, the admin users should be available as part of the OES database authenticator. Users external to the OES directory structure cannot be used for BLM operations, unless duplicate users with the same name are created within OES.

Release Notes

Oracle Entitlements Server 10g (10.1.4.3) Release Notes

Features and Changes in This Release

Enhanced Entitlements Administration Application

New Platform Support

Administration Server

SSMs