test

Sun Java System Access Manager 7 2005Q4 Release Notes

Access Manager 7 2005Q4 Patch 8

Access Manager 7 patch 8 (revision 08) fixes a number of problems, as listed in the README file included with the patch. Patch 8 also includes these changes:

CR# 6668882: Cannot access Console that was installed with upper and lower case characters in domain name

If Access Manager is installed with a domain name that contains both upper and lowercase characters, you cannot log in to the Console. For example, if the domain name is amhost.realm-name.Example.COM, you cannot log in using amhost.realm-name.example.com.

Workaround. There are two workarounds:

First, try logging in using the following URL:

http://amhost.realm-name.example.com:port/amserver/UI/Login?realm=realm-name

Or, add the realm-name to the Realm/DNS aliases:

  1. In the Admin Console, go to Realms, Edit Realm - realm-name.

  2. Add amhost.realm-name.example.com to the Realm/DNS aliases.

  3. Restart the Access Manager server.

  4. Log in using the following URL:

    http://amhost.realm-name.example.com:port/amserver/UI/Login

CR# 6691106: Multiple SiteMonitor threads could be running for checking the same site

The amNaming log sometimes indicates multiple SiteMonitor threads running for checking the same site.

To prevent this problem, patch 8 provides improved synchronization to prevent the creation of the multiple SiteMonitor threads for the same site. Patch 8 also includes these new configuration properties:

The fix for this problem also uses the following property, which was added for patch 5:

The patch does not add these new properties to the AMConfig.properties file. To use these properties with values other than the default values:

  1. For each property that you want to set, add the property and its value to the AMConfig.properties file.

  2. Restart the Access Manager web container for the values to take effect.

CR# 6697260: New property to set policy agent application session idle timeout

Patch 8 includes this new property:

By default, policy agent sessions never expire unless you set this property. To use this new property, add it with the maximum idle timeout value to the AMConfig.properties file and restart the Access Manager web container.

CR# 2151598: Delegation privileges cannot be defined for a filtered role

If you create a new filtered role, it does not appear under the Privileges tab in the Admin Console.

Workaround. After you apply patch 8, follow these steps to update the Delegation Service (sunAMDelegationService) in the Directory Server schema:

  1. Create an XML file with the FILTEREDROLE subject type. For example:

    <?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd">
<Requests>
   <SchemaRequests serviceName="sunAMDelegationService"
       SchemaType="Global" i18nKey="">
       <AddDefaultValues>
           <AttributeValuePair>
               <Attribute name="SubjectIdTypes"/>
               <Value>FILTEREDROLE</Value>
           </AttributeValuePair>
       </AddDefaultValues>
   </SchemaRequests>
</Requests>

    Note: The XML encoding used in this example is ISO-8859-1. You might need to use a different encoding depending on your environment.

  2. Use the amadmin command to load the XML file you created in Step 1 into Directory Server. For example:

    # cd /opt/SUNWam/bin
# ./amadmin -u amadmin -w pwfile -t new-filteredrole.xml

    where:

    • pwfile contains the amadmin password.

    • new-filteredrole.xml is the new XML file you created in Step 1.

  3. Restart the Access Manager server web container.

Now, when you log in to the Admin Console, the filtered role will appear under the Privileges tab.