CR# 6637806: After restart, Access Manager sent an invalid application SSO token to an agent (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

Previous: Access Manager 7 2005Q4 Patch 8
Next: CR# 6612609: Session failover works if network cable is disconnected from Message Queue server

CR# 6637806: After restart, Access Manager sent an invalid application SSO token to an agent

After an Access Manager server restart, the Access Manager client SDK now sends a meaningful exception to an agent, so the agent can re-authenticate itself to get a new application session. Previously, after applying Access Manager 7 2005Q4 patch 5, the Access Manager client SDK sent a invalid application SSO token to the agent after an Access Manager server restart.

This problem has been fixed by duplicate CR 6496155. Patch 7 also provides an option (comp.iplanet.dpro.session.dnRestrictionOnly property) to send the application SSO token in a restrictive context. By default, agents send the IP address of the server where they are installed, but if strict DN checking is required, set this property in the AMConfig.properties file as follows:

com.iplanet.dpro.session.dnRestrictionOnly=true

Previous: Access Manager 7 2005Q4 Patch 8
Next: CR# 6612609: Session failover works if network cable is disconnected from Message Queue server