This section of the Release Notes lists known issues and workarounds for Oracle Waveset 8.1.1.
This information is organized into the following sections:
No checking is done on organization name, administrator name, account name, user attribute name (left hand side of schema map), or task names for invalid characters (ID-1145, 1206, 1679, 1734, 1767, 2413, 3331). You cannot use a dollar ($), a comma (,), a period (.), an apostrophe (’), an ampersand (&), a left bracket ([), a right bracket (]), or a colon (:) in the name for these types of objects.
The calendar object is not fully viewable if the browser is using large fonts. (ID-2120).
The Select All checkbox on the Find Results page and the List Task page does not become un-selected if one of the items in the list is un-selected (ID-5090). The selectAll checkbox is ignored during the resulting action if not all of the members in the list have their checkbox selected.
If you make a change to a custom message catalog, it is necessary to restart the server in order to see your changes. (ID-6792)
The current mechanism for detecting a failed Server assumes that all the systems in an Oracle Waveset cluster are synchronized with respect to time. (ID-7064) With the default failure interval of five minutes, if one server is five minutes out of sync with another, the server that is ahead will declare the server that is behind to be dead, causing unpredictable results.
Workaround: Maintain better time synchronization or increase the failover interval.
On Windows, if you are logging in as a user whose name contains double-byte characters and the default encoding for the machine only supports single-byte characters, you must set the USER_JPI_PROFILE environment variable to an existing directory whose name contains only single byte characters. (ID-8540)
If you extract a resource to an XML file using the File Format as XML option, and then select CSV File Format from the drop-down list, the following message dialog is displayed: (ID-10847)
The form has already been submitted. |
Workaround: To avoid this message, click Accounts -> Extract to File -> Choose a Resource -> Choose CSV File Format. Click Download to download the resource account details in .csv file format.
If an expanded node contains less than one page of data and you insert a new child of that node (for example, if you are creating a User in the organization) before the first record on the page, Oracle Waveset will insert a page with one item before the current page on the subsequent refresh. (ID-12151)
Workaround: To realign the pages, click the First Page button.
If you modify a Role form to change the showSuperAndSubRoles variable from 0 to 1, and then import a super role object definition file containing existing subroles from the Configure tab, those subroles will not be modified to include the <SuperRoles> section. However, if you use the Oracle Waveset graphic user interface to create a super role, the subroles referenced by that super role will be updated. (ID-15053)
This issue can occur with roles created outside Oracle Waveset that have references to existing roles (either subroles or super roles) already in the system.
When importing these roles, the roles that already exist in the system are not updated to reflect the new relationships; for example, referential integrity is not maintained. Use the RoleUpdater to check and correct the referential integrity if roles are imported in this way.
Workaround: You can update roles outside the upgrade process by importing a new RoleUpdater.xml file found in sample/forms/RoleUpdater.xml. By default, Oracle Waveset adds the subrole links during upgrade or when you import RoleUpdater.xml.
To disable this new functionality, set the RoleUpdater attribute nofixsubrolelinks to true. For example,
<MapEntry key='nofixsubrolelinks' value='true' /> |
If you modify settings (such as adding additional column attributes) on an existing changelog, these modifications might not appear in a pre-existing changelog CSV file. (ID-15973)
The Repository Configuration object has an attribute named maxAttrValLength. The value of this attribute is ignored, and is always 255. (ID-16261)
While in a localized Oracle Waveset session, users might encounter partial localization (a mix of English and the selected language) in Process Diagram applets. (ID-16139)
Direct-mode password synchronization requires SimpleRpcHandler to be configured in the web.xml file. By default, this handler is not provided as a handler for the rpcrouter2 servlet. (ID-16469) To use direct-mode password synchronization, set the handlers initialization parameter in the following way:
<init-param> <param-name>handlers</param-name> <param-value>com.waveset.rpc.SimpleRpcHandler, com.waveset.rpc.PasswordSyncHandler</param-value> </init-param>
Note that SimpleRpcHandler is known to interfere with certain RemoteSession calls. If you plan on using RemoteSession as well as direct-mode password synchronization, configure a separate servlet for handling RemoteSession calls.
Accounts > Extract to File saves XML and CSV file formats as .dat extensions, rather than the expected .xml and .csv extensions. (ID-17521)
Workaround: The saved files can be manually renamed with the appropriate file extensions.
The String Quality Policy page displays text in vertical lines. (ID-18551)
Role type delegations will override role approval delegations made for a specific role. (ID-18559)
For example, if future role work item types for one or more specific roles are delegated to user one, while all future business role work items are delegated to user two, the specific roles from the first delegation will be delegated to user two rather than user one.
The scenario delegation summary follows:
Delegate role approval for business role 1 to user one
Delegate business role approval to user two
In all requests where a user was assigned a business role approval, the business role will be delegated to user two.
Enabling a role does not give the user an option to update assigned roles. (ID-18647)
Workarounds: Manually update the assigned users, or update the assigned users from the List/Find Roles pages.
Roles contained by other roles can now be conditionally assigned to users when their parent role is assigned. A condition can be specified on the association between the parent and contained role when editing the parent role. A condition can be created or can reference a rule. If a rule is specified, all user view attributes required for the evaluation of the rule must be specified using a rule argument. (ID-18734)
Upgrading from Oracle Waveset 7.x to Oracle Waveset 8.0 will fail if the repository is MySQL and the 7.x installation has configured role objects. This problem occurs when the upgradeto80from71.mysql script executes. When this script executes, the columns in the old object table, which contain the 7.x roles, and the new role table are in a different order. (ID-18874)
The data warehouse message catalog, WICMessages.properties, is loaded based on the server location instead of the user's location. For example, if an application server is running in a Japanese locale, the query attributes will be displayed in Japanese, even if the user's interface is normally in English. (ID-18898)
Workaround: Restart the application server in a locale with a UTF-8 variant that corresponds to the browser's language setting.
Oracle Waveset 8.0 added a new queryable attribute, assignedRoles, which references all direct and indirect roles assigned to a user. (ID-18921) Prior releases contain the still available queryable attribute, role, which only contains roles directly assigned to users. The upgrade process only automatically refreshes users with indirect roles to enable population of assignedRoles. A report for users Assigned a Role will not return all users assigned to a role in an upgraded environment until all users have been refreshed.
Workarounds:
Refresh all users.
Create a report for users with directly assigned roles.
The Sort by Repetition option does not work on the Scheduled Tasks table. (ID-20377)
During a scan, there is no support for retrying user accounts that could not be fetched from resources, or where other failures occur. These failures are reported when the scan is complete, but there is no automated way to rescan the accounts. (ID-9112)
Identity Auditor attempts to keep users in compliance between policy scans by enforcing policy whenever the user is edited. If editing a user that has assigned audit policies and also is in violation of a policy, you cannot save changes to the user, even if the change is as simple as moving a user to another organization. (ID-9504)
Workaround: Use the right-click move (or find then move) functionality on the user applet, or temporarily disable the audit policy checks.
To disable the auditor policy checks, edit the system configuration and remove userViewValidators property. This property which has a value of a List of strings is added during the import of init.xml or upgrade.xml.
In the AuditPolicy, Resource and Organization Violation History reports, implementing logarithmic scaling for a STACK chart type may result in unusual display behavior. (ID-9522)
Currently, the Auditor Access Scan Report administrator cannot schedule an Audit Policy Scan. An error, Error message: Create access denied to Subject auditadmin on type TaskSchedule is displayed. To schedule any task, administrators must have create privileges for the TaskSchedule authType. (ID-14713)
Workaround: Edit the administrator to assign the create privilege for the TaskSchedule, or specify a user with at least the Auditor Administrator or Waveset Adminsistrator capabilities.
When running Audit Scans that produce multiple violations, Auditor might create a remediation workflow to manage processing of the violations. The default MySQL setting for max_allowed_packet (1M) is too small for a workflow with dozens of violations. If this limit is reached, Auditor will not start the remediation workflow. (ID-15830)
Workaround: For heavy use of Auditor, this value should be much larger. To address this issue, add max_allowed_packet = 32M to the MySQL configuration file (my.cnf) and restart the database server.
Changing severity and priority values for Compliance Violation remediations can be misleading. The initial values in the form are not the current values of the Compliance Violations. They are the last values set when making a change. It is important that you know what severity/priority value you want while still viewing the list view, because you cannot determine the current values when on the page that lets you change the values. (ID-16040)
Audit policy names cannot contain these characters: ’ (apostrophe), . (period), | (line), [ (left bracket), ] (right bracket), , (comma), : (colon), $ (dollar sign), “ (double quote), = (equals sign). (ID-16078)
The Data Exporter can be configured to run as any Oracle Waveset administrator with the appropriate capabilities. The export task runs as a daemon, and is started and monitored by the Oracle Waveset scheduler. Audit records created by the Data Exporter will show the subject of the Oracle Waveset scheduler (Scheduler:IDMServer), rather than the subject the task is configured to use. (ID-18055)
Forensic query does not support Edit/Modify actions against role types. (ID-18769)
Users of Data Exporter must be aware of the following performance issues: After warehouse model configuration has been written, Data Exporter will not re-examine warehouse interface code. If you modify the warehouse interface code to add extended user attributes, these new attributes do not appear in the Configure -> Warehouse -> Warehouse Model Configuration (Model -> Attributes tab), and consequently do not appear for use within the Forensic Query interface. (ID-18975)
You will see this problem when you configure your warehouse and afterward try to add custom attributes for export. The initial warehouse configuration looks at the WIC code and writes the Configuration -> Data Warehouse Configuration object. Subsequently, Data Exporter does not re-examine the WIC code.
Subsequent warehouse upgrades with new versions of Oracle Waveset also experience this problem.
When exporting data to the data warehouse, if the number of records being exported exceeds the 'Repository Read Limit', the exporter may write data to the warehouse more than once even when the 'Export Once' flag has been set.
Workaround:
Increase the blockRowsList property of the RepositoryConfiguration object from the default of 10000 to a larger value. For example 50000 or 100000. Try to use the lowest value possible as returning large numbers of entries in one batch will increase memory consumption by the server. It may also be necessary to increase the JVM heap in order to accommodate the increase in batch size and therefore some testing should be done based on the new value.
Reduce the Repository read limit value within the Data Warehouse Task Configuration from the default of 250000 to the value you've specified for the blockRowsList property above. This will ensure that during an export Oracle Waveset does not attempt to read more entries from the repository than can fit within a single batch.
Oracle Waveset Service Provider and Sun Java System Portal Server may not be compatible; there is a problem related to the encrypted libraries. (ID-10744)
This problem may be corrected by setting the following values in Portal Server’s /etc/opt/SUNWam/config/AMConfig.properties file, and then restarting the web container:
com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption com.iplanet.security.SSLSocketFactoryImpl=netscape.ldap.factory. JSSESocketFactory com.iplanet.security.SecureRandomFactoryImpl=com.iplanet.am.util. SecureRandomFactoryImpl
Some configuration options that appear in the Oracle Waveset Administrator interface are not used with Service Provider. (ID-10843).
Among these are:
Resource options: exclude accounts rule, approvers, and the organization that the resource is assigned to.
Role attributes
The default Service Provider login module group expects the Service Provider resource to be named ’SPE End-User Directory’. If the name of the resource is different, then the Service Provider end-user login page will not function properly. The page will not show the login related fields. (ID-14891)
Workaround: Update the resource name in the UI_LOGIN_MOD_GRP_DEFAULT_SPE_PWD LoginModGroup object to reference the correct resource name.
Oracle Waveset does not provide a mechanism to customize encoding of a CSV file that has been generated as a result of a bulk action. When you use Excel to open a UTF-8 encoded CSV file, the contents are displayed as garbage because Excel expects native encoding in CSV file. (For example, for Japanese, iShift_JIS) (ID-19901)
Workaround: Use an editor that supports UTF-8 encoding.
In PasswordSync Notification email, the multibyte characters in the $cn field are not displayed properly. (ID-19934)
In the Tomcat web container, the multibyte characters for column names are displayed as “???” in the SOD report with compact display mode. (ID-20040)
For a Solaris resource, Oracle Waveset displays a garbled message in the Roles field. If the OpenSolaris is used as a resource, then this is not an issue. (ID-20046)
Workaround: In /etc/default/init file, set LANG=C and reboot Solaris. Then assign a Solaris resource to the user. The Roles field is empty, which is the expected behavior.
Oracle Waveset garbles apostrophes and multibyte characters on MultiSelect Java applets for the following browser configurations: Internet Explorer 7 with Java 1.6.0_07 and 1.6.0_11 (when UTF-8 encoding is set) Firefox 3 with Java 1.6.0_07 on Windows XP Professional (ID-20106)
The string “Check Alignment of PHs” and misplaced html tags are shown on some German online help files. (ID-20345)
If an Administrator logs in and selects Change My Password, and then selects another tab, their account is locked until the lock expires. (ID-3705)
If another Administrator attempts to edit that locked Administrator, the following message displays:
com.waveset.util.WavesetException: Unable to access account #ID#Configurator at this time Please try again later.
If that Administrator clicks OK, the workflow process diagram from the last action is displayed.
Renaming an organization when there are provisioning requests pending that have users belonging to the organization will cause the provision request to fail (ID-564).
Workaround: Ensure there are no outstanding requests before renaming an organization.
When creating a new organization, if the User Member Rules option is selected before specifying an org name, when the page is refreshed, an organization ID will appear in the Organization name field (ID-6302). The name can still be set prior to saving the new organization.
The PasswordSync installation and configuration application can read an XML file to populate the registry keys used by the DLL. The XML file used should always be based on the file generated by the “-writexml” option of the configuration application taken from a working PasswordSync installation. (ID-20375)
Workaround: You can change the file if you keep in mind these restrictions: keynames are case-sensitive; Oracle Waveset does not check values; keys that Oracle Waveset does not recognize will not generate errors or warnings, and are silently ignored.
The Oracle Waveset account policy attribute Reset Notification Option has a value option of “administrator” that has no effect (ID-944). The only viable options are “immediate” and “user.”
The minimum number of questions a user must answer can be set to a value greater than the number of defined questions (ID-1834). If this situation occurs, the user will not be able to log in using the “Forgot My Password” option.
The Default Lighthouse Account Policy cannot be cloned by editing the policy, changing the name, and selecting to create a new object (ID-5147).
Workaround: Create a new account policy.
Audit scan has an option in the Task Launch form to send an email to a specified email address with a violation report. This email will not be sent if no violations are found. (ID-18773)
When a full reconciliation is canceled, the error message displays: (ID-14554)
Canceled the incremental reconciliation of [resource] running on [server] |
The message should read:
Canceled the full reconciliation of [resource] running on [server] |
When executing Load From Resource, and the resource supports ACCOUNT_CASE_INSENSITIVE_IDS, if the user's accountId differs in case from the accountId stored in Oracle Waveset's ResourceInfo user object, a second ResourceInfo will be added to the user object with the accountId in the same case as reported by the resource. (ID-17377)
Workaround: Ensure that the accountId in the Oracle Waveset ResourceInfo object in the user object is the same case as that reported by the resource.
If you disabled the MultiSelect display component applet (and are using the HTML version instead), and edit the reconciliation policy of a particular resource instance, you can get an error when you uncheck the Inherit resource type policy checkbox. (ID-18964)
Workaround: Re-enable the MultiSelect applets.
Numbers display in the Priority and Severity columns of the Violation Summary Report instead of text descriptions. (ID-16932)
The Violation Summary Report does not include fixed violations. The report only includes violations that are currently active (new or recurring) or mitigated. (ID-16933)
When several conditions are specified to generate a usage report, the graph displays correctly on the Report Result page, but the fixed line width will truncate the conditional text. (ID-17224)
All Inactive Account Scan reports do not display their results on the View Risk Analysis page. To view the result from these reports, go to the Server Tasks page. (ID-17255)
The User Question report does not display the report title when Question Policy is not configured. (ID-17415)
The Resource User report lists Reset Administrator as a user, but Reset Administrator is a hidden user that should not be displayed. (ID-17650)
Oracle Waveset does not display the “Last Login Date” label on the Risk Analysis Report results table. (ID-20269)
The Download CSV report sends email notification when the email report check box is selected. This email notification should happen only when the report is run (by clicking Run button). (ID-20346)
Resource test button does not test all fields. (ID-51)
The error message when a resource account password or username is not correct on a PeopleSoft resource is not clear (ID-2235). The error message states:
bea.jolt.ApplicationException: TPESVCFAIL - application level service failure
Windows Active Directory resource actions that use the %DISPLAY_INFO_CODE% exit status cause the action to fail with errors (ID-2827).
Setting a user’s primary group ID on Active Directory cannot be done when creating the user (ID-3221).
Workaround: Create the user without setting the primary group ID, then edit the user and set the value. The primary group ID is also set by number and not by the distinguished name (DN) of the group.
Resource IP addresses are cached in the JVM after the hostname is resolved to an IP address. If a resource IP address is changed, the application server must be restarted for Oracle Waveset to detect the change (ID-3635). This is a setting in the Sun JDK (version 1.3 and higher) and can be controlled with the sun.net.inetaddr.ttl property, which is typically set in jre/lib/security/java.security.
You cannot create multiple accounts for a single user on Oracle resources (ID-3832).
If a user is moved from or to a sub-container within the Active Directory organization, the Active Sync adapter will detect the change, but when you view the user on the edit page, (or make a change and view the confirmation page) the user’s accountId is still displayed as the original DN (distinguished name) (ID-4950). Because we use GUID to modify the user, this will not cause any operational problems. Running a reconcile against the resource will fix the problem.
If a user is moved from an Organization (OU) to a sub-organization, the LDAP ChangeLog adapter will not recognize the change and assumes the user has been deleted. The user object is then locked in Oracle Waveset (if that is the current setting), and a new account is not created for the moved account (ID-4953).
The pooled connections used by the UNIX resource adapters can be left in an undetermined state if an error occurs while executing a command or script (ID-5406).
On NDS, if you edit a field (such Grace Login Limit) on the initial provision, and do not provide values for the boolean fields, all the Boolean fields are set to false (ID-6770). This prevents you from setting the other fields on the restriction tab which require certain check box values to be true. To avoid this, always ensure all your Boolean fields are true when you expect them to be, so they are properly pushed when editing other fields.
When updating users by selecting update from an Oracle Waveset organization, users with a Sun One ID Server account will get an error if those users were created natively and loaded into Oracle Waveset (ID-7094). The work around is to update those users individually.
Oracle Waveset still contains the following deprecated classes:
com.waveset.object.IAPI
com.waveset.object.IAPIProcess
com.waveset.object.IAPIUser
Custom adapter classes should no longer refer to these classes, and should instead refer to the corresponding classes in package com.waveset.adapter.iapi. (ID-8246)
If you leave the New Resource Object wizard without clicking the Save or Cancel button, the abandoned form may not be destroyed and may interfere with the creation of subsequent new resource objects. (ID-11033) This leads to an error that says
No resource form id found in options or view.
Workaround: Always use the Cancel button to abandon the New Resource Object wizard.
If you edit a user while you are also running Active Sync as a different administrator, an Active Sync exception occurs. Because the user is locked by another administrator, Active Sync cannot retry the process. (ID-11255)
Workaround: To enable Active Sync retry for a resource, update the resource XML to include these two additional resource attributes, in the following format:
<ResourceAttribute name='syncRetryCountLimit' type='string' multi='false'facets='activesync' value='180'/> |
<ResourceAttribute name='syncRetryInterval' type='string' multi='false' facets='activesync' value='10000'/> |
Where:
syncRetryCountLimit is the number of times to retry the update.
syncRetryInterval is the number of milliseconds to wait between retries.
Subsequently, these values will appear as custom resource settings when you configure Active Sync. Specifying a displayName is advisable; using a custom catalog key if localization is necessary.
If a password for a user on all systems that are part of the CUA landscape is not in sync, changing the password might fail on child systems that are out-of-sync. This will occur only when the administrator sets a productive, not expired, password for the user, or the user changes the password himself. Under all other circumstances, the password change will succeed even if the systems are out-of-sync. (ID-13396)
Workaround:First, set an expired password and then, through a second change, set the productive password for the user.
There are two known issues with the Remedy Integration template editor. (ID-14729)
The default Remedy Schema value “HPD:HelpDesk” is not appropriate for later versions of BMC Remedy. Later versions do contain a schema “HPE:Help Desk”.
The Choices columns is not displayed for some fields. This does not affect the ability to use Remedy templates.
A regression causes Oracle Waveset password synchronization to fail when used with Sun Java SystemDirectory Server Enterprise Edition 6.0, 6.1, and 6.2. The failure will be corrected in the Directory Server 6.3 release. If versions 6.0, 6.1, or 6.2 are required to work with Oracle Waveset, please request a Directory Server hotfix from Support, referencing Directory Server bug 6604342. (ID-14895)
When you expand the resource objects of a Sun Java System Access Manager 7.0 resource from the Resources tab, you might see the following error: (ID-15525)
Error listing objects. ==> com.waveset.util.WavesetException: Error trying to get attribute value for attribute 'guid'. ==> java.lang.IllegalAccessError: tried to access method com.sun.identity.idm.AMIdentity.getUniversalId()Ljava/lang/String; from class com.waveset.adapter.SunAccessManagerRealmResourceAdapter |
This error occurs on Access Manager 7.0 resources that have not had any patches applied. To fix this problem, you must apply at least Patch 1 of Access Manager, and then rebuild and redeploy the Access Manager client SDK.
NDS/Groupwise users created by Oracle Waveset that possess the Access and AccountID fields can appear to not have their corresponding values saved when inspected by certain viewers within the NDS Console 1 application (for example, by selecting user’s properties and then selecting the Groupwise tab). (ID-16330)
However, if the user’s Groupwise Diagnostic -> Display Object “viewer” is used instead, the field are then seen. Updates made by Oracle Waveset to the aforementioned fields do not seem to be affected by this “viewer” bug.
WRQ looks though the classpath to discover its own entry. From that entry, WRQ computes the directory where the JAR is stored, and then uses that directory to read the .JAW (licensing file). However, both BEA and WebSphere use non-standard protocol names (BEA uses zip, and WebSphere uses wsjar) rather than the standard JAR, which is the protocol the WRQ code assumes exists. (ID-16709, 17319)
Workarounds:
For BEA, add the following option to the java command in the startWeblogic.sh file:
-Dcom.wrq.profile.dir="DirectoryContainingLibraries" |
For WebSphere, add the com.wrq.profile.dir=DirectoryContainingLibraries property to the WebSphere/AppServer/configuration/config.ini file.
Before creating a new resource, be sure to enable the resource type in the list of configured types. Otherwise, the newly created resource object may not have all the required fields. (ID-17324)
The default value for the Make Directory resource attribute is inconsistent among the different UNIX OS resource adapters. For AIX, user creates always result in the home directory being created, and consequently this value is not present. For the Linux adapters, this value is set to “true” by default. For Solaris and HP-UX adapters, the default is set to “false”. (ID-18301)
If an external resource assignment is pending provisioning, and you rename the user to whom that work item was escalated, the provisioning task will finish without escalating to the renamed user. (ID-19897)
When pass-through authentication is configured between Oracle Waveset and OpenSSO server (Sun Access Manager Realm Resource adapter), authentication may fail if you use the '%' character in passwords. For more information on this issue, see https://opensso.dev.java.net/issues/show_bug.cgi?id=4122. (ID-20011)
The Domino gateway resource object create and update forms do not recognize non-default group category values (that is, values other than “Administration” and “None”. The Domino gateway resource object update form will display an error when editing a group that uses non-default category values. (ID-20212)
The Active Directory connector does not display localized messages if the browser language is set to a value without cntry, such as ja. (ID-20255)
Workaround: Select a language with a cntry value, such as ja-JP on the browser or specify cntry=JP as a URL parameter when you log into Oracle Waveset. For example,
http://host:port/idm/login.jsp?lang&cntry=ja=JP
If you are migrating an Active Directory adapter-based resource to an Active Directory connector-based resource, you must edit any associated resource actions to include the execMode attribute. Valid values for this attribute are connector and resource, but for Active Directory, if you are using the SHELL action type, resource is the only valid value. (ID-20534)
For example, where previous implementations of a resource action would have this line: <
<ResTypeAction restype='Windows Active Directory' actionType='SHELL'>
You must add the following line if you are using the Active Directory connector:
<ResTypeAction restype='Windows Active Directory' actionType='SHELL' execMode='resource'>
On SAP GRC 5.3 patch 9 resources, when you assign an SAP role to an existing Oracle Waveset user, the following error is generated (ID-22267):
com.waveset.util.WavesetException: Error executing the request: 'JAVA ERROR(2010) - com.virsa.ae.core.ObjectNotFoundException: Invalid Company : 00000000'
Workaround: Use the following steps to create a dummy company in Access Control:
Click the Configuration tab.
On the left hand side under Roles, click Attributes.
Click Company.
Click Create at the bottom.
Enter a value of 00000000 for the Company ID and a short description .
Save your changes.
Role status is not updated immediately on Role List page. (ID-20259)
Workaround: Reload the page or click Clear.
SPML2 search responses that include iterators may include inconsistent result items if the search request uses the Substrings filter item. (ID-20328)
The gateway occasionally will not stop when using net stop “Oracle Waveset Gateway“ (ID-2337).
Under some circumstances, the gateway does not stop cleanly when stopped from the Services Console on Windows (any supported Windows version). In response, Oracle Waveset displays a dialog box with a message that indicates that the gateway did not respond in a timely fashion. If you dismiss the dialog box, Oracle Waveset indicates that the gateway has stopped. If you use the command-line equivalent, net stop <service name>, Oracle Waveset indicates that an exception has occurred. Note that in both cases, the gateway has stopped. (ID-20296)
Workaround: Use the command line gateway -k to stop the gateway service.
The Find Task page does not display the number of tasks matching the search criteria (ID-5152).
Delegated administrators who do not control Top can schedule tasks and view the task results, but cannot view the task after it has been created (ID-6659). The scheduled task was placed in Top and the delegated administrator does not have rights to view the object.
You cannot use the XPRESS <eq> function to compare Boolean values to TRUE or FALSE strings or to the integers 1 or 2 (ID-3904).
Workaround: Use the following
<cond> <isTrue><ref>Boolean_variable</ref></isTrue> <s>True action</s> <s>False action</s> </cond>
Path expressions do not work when iterating a list of generic objects with a dolist (ID-4920).
<dolist name=’genericObj’> <ref>listOfGenericObjects</ref> <ref>genericObj.name</ref> </dolist>
Workaround: Use <get> / <set> as shown:
<dolist name=’genericObj’> <ref>listOfGenericObjects</ref> <get><ref>genericObject</ref><s>name</s> </dolist>
If you use global.attrname variables for fields in your user form, and the attribute is shared among more than one resource, you should also define a Derivation rule (ID-5074). Otherwise, if the attribute has been changed natively on one of the resources, the attribute may or may not be picked up and propagated to the other resources.
You cannot use special strings beginning with “&” in HTML components of forms. For example, will no longer appear as a space. This issue was introduced because of a change to support special characters (&<>’) in Select lists. (ID-5548)
Form, workflow and rule comments contained in <Comment> tags have 
 strings in them representing the line feed character (ID-6243). These characters are seen only when viewing the XML for these objects; the Oracle Waveset server will process these characters properly.
If you use the Resource Table User Form for editing users, when editing a user’s resource, the resource attributes are not fetched when the form first appears.
Workaround: Click the Refresh button, which will fetch the attribute data. (ID-10551)
If Oracle Waveset is protected by a Sun Java System Access Manager Policy Agent, workflow process diagrams might render incompletely. (ID-18304)