OpenSSO 8.0 Update 2 includes enhancements to the Security Token Service and the OpenSSO Fedlet. This update also includes new web container support for WebLogic 10.3.3 and fixes to many bugs.
The Security Token Service now includes the following new features:
Supports TokenType for generating a specific web service provider security token.
Supports both Asymmetric and Transport binding for X509 and username security tokens as requestor.
Enforces SSL/Transport binding with a username security token when OpenSSO STS is configured with a username over SSL.
Issues SAML holder-of-key security token for Asymmetric KeyType with useKey as the web service client public key and web service client X509 security token.
WSDL is dynamically updated based on security token configuration.
Supports encryption by the web service provider public key.
Encrypts the static username password before storing it in the configuration store.
Supports UserName token as On Behalf Of security token through a WS-Trust request.
Supports issuance of SAML Bearer Tokens.
New Web Service Security authentication module WSSAuth supports digest password validation.
New OAMAuth authentication module enables single sign-on using Oracle Access Manager with OpenSSO.
For more information, see Chapter 4, Using the Security Token Service.
The Fedlet now includes the following new features:
Supports encryption in the .NET Fedlet
Supports signing in the .NET Fedlet
.NET Fedlet now supports single logout
.NET Fedlet provides Service Provider initiated single sign-on and artifact support
Supports multiple Identity Providers and Identity Provider Discovery in .NET Fedlet
Supplies version information within property and configuration files for the Fedlet
New password SPI implementation
Supports attribute query
Supports single logout
For more information, see Chapter 5, Using the Oracle OpenSSO Fedlet.
The table lists issues that have been resolved in OpenSSO 8.0 Update 2.
Table 1–1 Bugs Fixed in This Release
Change Request Identifier |
Description |
---|---|
6422249 |
SAML assertions using excessive memory. |
6659356 |
New bug with the interaction process in a load-balanced scenario. |
6802207 |
Policy agent "gateway servelet" function yields "Your authentication module is denied." |
6894077 |
In Cookie hijacking mode, logout request hangs. |
6931544 |
Javadoc comments missing for public API AMLoginModule:isSessionQuotaReached. |
6918266 |
/opensso/realm/IDRepoEdit delete Session service configuration in realm. |
6923660 |
Inheritance setting in agent profile does not work as expected. |
6924534 |
ssoadm --version did not return the right value after patching 141655-03. |
6926203 |
goto URL not validated on distributed authentication. |
6928480, 6934888 |
Distributed authentication UI: In log files IP recorded is DAUI IP, not client IP. |
6931012 |
Access Manager console becomes unresponsive after adding a new config property. |
6931476 |
Incorrect exceptions thrown in the logs for misconfigured SAML/IDP's service URLs on the Service Provider side. |
6933168 |
Password reset page is not localized when locale parameter is given in the URL. |
6933268 |
"Auth module instance" condition with "application timeout properties" set drops session after login. |
6937698 |
OpenSSO8.0: Console Invalid Characters check is not performed |
6937700 |
OpenSSO allows to create username with special characters, but complains during login. |
6939038 |
Security Token Service client samples are failing for IBM Websphere Application Server 6.1. |
6940455 |
Security Token Service "ssoadm set-site-sec-urls" throws an NPE on the console. |
6942485, 6942813 |
OpenSSO does not escape "\" in uid correctly, and 2 different uid values are stored in Directory Server entry. |
6945286 |
Distributed Authentication login: uid with special characters results in error. |
6947033 |
“URL not found” exception errors in SAML. |
6949778 |
iplanet-am-auth-locale value of realm is not taken in consideration in the evaluation process. |
6947068 |
goto is missing after session timeout. |
6958448 |
LDAPv3Repo.setAttributes method fetches the schema multiple times even for a single modification. |