Time to live (TTL) for service management configuration is not working because the TTL property is not being initialized.
After getting the certificate revocation list (CRL) from the CRL distribution point extension, OpenSSO Enterprise does not store the CRL in the LDAP directory.
In this scenario, OpenSSO Enterprise is deployed on two GlassFish (or Application Server 9.1) instances on Windows Vista server. During the configuration of the second OpenSSO Enterprise instance, replication of the configuration using the “Add to Existing Deployment” option hangs.
Workaround. This issue still exists on Windows Vista systems. For Windows systems other than Vista, add the following GlassFish (or Application Server 9.1) JVM option:
An Active Directory data store sometimes hangs the system. This problem can also occur when you are creating a new Active Directory data store.
Workaround. In the OpenSSO Enterprise Admin Console, disable LDAP Follows Referral for the Active Directory data store:
Click Access Control, top-level-realm, Data Stores, ActiveDirectory-data-store-name.
Uncheck Enabled for the LDAP Follows Referral.
Save your changes.
If OpenSSO Enterprise is configured with the AMSDK plug-in and the directory server is set up for MMR, failover does not occur if a directory server instance goes down.