The following versions of Patch 3 are now available from SunSolve. For information about applying these patches, see the rel_notes.html included inside the patch binary.
The SAML v2 Plug-in for Federation Services Patch 3 can not be installed directly on Access Manager 7.0 or Federation Manager 7.0. You must first install the SAML v2 Plug-in for Federation Services product release, or already have an existing installation of the product release. Then, following the appropriate procedure, you can update your installation to Patch 3 for Solaris (SPARC and x86), Linux and Windows.
For instances of Access Manager 7 2005Q4 and Federation Manager 7.0 on Solaris operating system (SPARC)
For instances of Access Manager 7 2005Q4 and Federation Manager 7.0 on Solaris operating system (x86)
For instances of Access Manager 7 2005Q4 and Federation Manager 7.0 on Linux application environment
For instances of Access Manager 7 2005Q4 and Federation Manager 7.0 on the Windows operating system
The following issues are fixed when Patch 3 is installed:
6518149 Attribute name for passive request should be IsPassive instead of isPassive
6518158 Extra line when converting NameIDPolicy object to String expression
6518161 XMLEncryption message needs to support alternative form
6518163 Unable to handle AttributeStatement with both clear Attribute and EncryptedAttribute elements
6518944 Unable to encrypt AttributeStatement with multiple Attributes
6526628 Single logout fails if one of the SOAP binding is unavailable
6526665 Forced Authentication function is broken on the identity provider side
6527086 UTF-8 characters are corrupted in Attributes Assertions
6527095 UTF-8 character corruption leads to signature validation failure
6528347 spSSOInit.jsp and idpSSOInit.jsp do not work correctly in load balanced environment
6535921 SAML v2 SSO needs option to generate Liberty ID-WSF Discovery Service bootstrap resource offering. See Bootstrapping the Liberty ID-WSF with SAML v2 in Sun Java System SAML v2 Plug-in for Federation Services User’s Guide for information on this feature.
6551247 SAML v2 performance fixes
6551522 SAML v2 Service needs to do Certificate Revocation List (CRL) checking before validating the signing entity in the XML message. See Certificate Revocation List Checking in Sun Java System SAML v2 Plug-in for Federation Services User’s Guide for information on this feature.
6555241 SAML v2 identity provider does not validate the samlp:AssertionConsumerServiceURL element
6557846 Identity provider single log out HTTP Redirect and service provider single log out HTTP Redirect fail when LogoutRequest is signedsamlp:AssertionConsumerServiceURL element
The following information is applicable when installing the SAML v2 Plug-in for Federation Services on Microsoft Windows.
Before installing the SAML v2 Plug-in for Federation Services Patch 3 on Windows, ensure that the LDAP server is running, and the web container is shutdown. The installer needs to modify files held by the web container process.
When installing the SAML v2 Plug-in for Federation Services Patch 3 on Solaris and Linux, sample metadata templates and a circle of trust will be automatically created. This is not done when installing on Windows. To create metadata templates and a circle of trust on Windows after installation, start your web container and run saml2meta. See The saml2meta Command-line Reference in Sun Java System SAML v2 Plug-in for Federation Services User’s Guide for more information.
You should already have a staging directory from your initial installation. This variable is referred to as war staging dir in the following procedure.
Download the Windows patch.
See Table 1–3.
Unzip the file into a new directory.
Copy saml2.jar from unzip directory\saml2\lib to war staging dir\WEB-INF\lib.
Change to the unzip directory\saml2\samples\useCaseDemo directory.
Copy init.jspf to the war staging dir\samples\saml2\useCaseDemo.
This action will overwrite the earlier init.jspf.
Generate a new WAR from the war staging dir.
Redeploy the new WAR to your web container.
It may be necessary to clean up an attempted installation of Patch 3 if an error is encountered. If this situation occurs, future attempts to install the patch will fail unless this procedure is followed.
Remove the base_dir\saml2 directory.
This directory contains the SAML v2 binary bits.
Remove the following SAML v2 related properties from the bottom of AMConfig.properties.
Remove the appropriate Access Manager or Federation Manager staging directory and extract new one.