OpenSSO 8.0 Update 2 Patch 4

OpenSSO 8.0 Update 2 patch 4 is available as patch ID 141655-08 on the My Oracle Support site. Information about this patch includes:

• Bug 12286933: Dist Auth cannot receive session notifications

• Bug 12427762: SAML attributes containing a | are not decoded in a SAML attribute

• Bug 13361224: SecurID authentication support for WebSphere Application Server 6.1 on AIX 6.1

Bug 12286933: Dist Auth cannot receive session notifications

In patch 4, the new com.sun.identity.client.notification.url property in the AMDistAuthConfig.properties file allows a Distributed Authentication UI (DAUI) deployment to receive session notifications. This property replaces the com.iplanet.am.notification.url property.

For a DAUI deployment, the com.sun.identity.client.notification.url property defines the URL where notifications will be received by the client application, in the following format:

protocol://host:port/distauth-uri/notificationservice

For a new DAUI deployment, no changes are required, because the new property is available by default in the AMDistAuthConfig.properties file. However, in the case of a DAUI deployment upgrade from an older version, you must reconfigure the DAUI deployment after upgrading and redeploying the Dist Auth WAR file, because the original AMDistAuthConfig.properties does not have this property.

Otherwise, if you do not reconfigure the DAUI deployment, this property must be manually added to the DistAuthConfig.properties file of the upgraded instance.

Redeploying the Dist Auth WAR file is required, but if you reconfigure, you do not have to add the property manually. If you don't reconfigure the DAUI deployment, you must manually add the property after redeploying.

Bug 12427762: SAML attributes containing a | are not decoded in a SAML attribute

In patch 4, the new com.sun.identity.saml.escapespecialchars property determines if the special characters "|" and "&" should be escaped during attribute mapping in a generated session after SAML SSO by a Service Provider.

By default com.sun.identity.saml.escapespecialchars is set to true, which specifies that the characters should be escaped.

If you do not want the special characters to be escaped (that is, you want the characters retained as they are now), set the property to false, as follows:

In the Oracle OpenSSO Admin Console, click Configuration > Servers and Sites > Server SP > Advanced > and then set the com.sun.identity.saml.escapespecialchars property to false.

Bug 13361224: SecurID authentication support for WebSphere Application Server 6.1 on AIX 6.1

For SecurID authentication to operate with IBM WebSphere Application Server 6.1 on the AIX 6.1 platform, the SecurID Java Authentication APIs must be updated. You must replace the existing SecurID Java Authentication API JAR files in the OpenSSO WAR file (opensso.war) with the latest RSA Authentication API for Java version 8.1.1.312.

Download the SecurID Java Authentication API JAR files from the RSA website:

http://www.rsa.com/

These JAR files must replaced in the opensso.war file:

• authapi.jar

• cryptoj.jar

• log4j-1.2.8.jar

To replace the JAR files in the opensso.war:

1. Create a staging directory.

2. Explode the opensso.war in the staging directory.

3. Copy the new SecurID JAR files to the staging-directory/opensso/WEB-INF/lib directory.

4. Recreate the opensso.war file from the staging directory.

5. Deploy the opensso.war.

   Note: If the opensso.war is already deployed, first undeploy the existing opensso.war and then redeploy the updated opensso.war.

6. Restart the OpenSSO web container.

7. Configure the SecurID authentication module as described in the Oracle OpenSSO documentation in the following library:

   http://docs.oracle.com/cd/E19681-01/index.html

8. Restart the OpenSSO web container