Known Issues and Limitations in OpenSSO Enterprise 8.0 Update 1 Patch 3 (Sun OpenSSO Enterprise 8.0 Update 1 Release Notes)

Sun OpenSSO Enterprise 8.0 Update 1 Release Notes

Known Issues and Limitations in OpenSSO Enterprise 8.0 Update 1 Patch 3

OpenSSO ssoadm utility is not producing audit logs (CR 6928588)
STS client samples deployed on WebLogic Server and Jetty are not working for the valid keystore (CR 6928433)
Distributed Authentication UI deployments are not receiving session notifications (CR 6919698)
updateschema.sh script does not modify idRepoService to include minimum password length validation (CR 6919321)
Fedlet SSO HTTP POST link returns a blank page (CR 6927350)

OpenSSO `ssoadm` utility is not producing audit logs (CR 6928588)

In Patch 3, the ssoadm utility does not produce audit logs to record which sub-commands have been executed. For example, the ssoadm list-realms sub-command should produce four audit log records (AMCLI-1, AMCLI-2, AMCLI-3020, and AMCLI-3021), but the log records are not produced.

STS client samples deployed on WebLogic Server and Jetty are not working for the valid keystore (CR 6928433)

In Patch 3, when the Security Token Server (STS) client samples are deployed on WebLogic Server and Jetty, the samples do not obtain the token that the server is deployed on WebLogic Server, and an uninitialized keystore error is thrown.

Distributed Authentication UI deployments are not receiving session notifications (CR 6919698)

After installing OpenSSO Enterprise 8.0 Patch 3, Distributed Authentication UI deployments are not receiving notifications from the server.

Workaround. The notification URL property com.iplanet.am.notification.url has been renamed to com.sun.identity.client.notification.url. Update the AMDistAuthConfig.properties configuration file for the Distributed Authentication UI server (and other clients) with the new com.sun.identity.client.notification.url property.

`updateschema.sh` script does not modify idRepoService to include minimum password length validation (CR 6919321)

Workaround.

After you apply Patch 3, the default minimum password length is 8 characters. However, to specify a different length for a different realm, run the following command:

./ssoadm set-realm-svc-attrs -u amadmin -f password-file
-s sunIdentityRepositoryService -e realm-name
-a sunIdRepoAttributeValidator=
class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl
sunIdRepoAttributeValidator=minimumPasswordLength=password-minimum-length

Fedlet SSO HTTP POST link returns a blank page (CR 6927350)

In Patch 3, the Fedlet SSO HTTP POST link randomly returns a blank page. This problem occurs when a user is logged in on the IDP side and a session is created with SSO. The problem also occurs with SAMLv2.

Workaround. None