|
Sun ONE Identity Server J2EE Policy Agents Release Notes |
Sun™ ONE Identity Server J2EE Policy Agents
Release NotesVersion 2.1
Part Number 816-6885-10
September 2003
These release notes contain important information available at the time of the release of Sun™ Open Net Environment (Sun ONE) Identity Server J2EE Policy Agents, version 2.1. This version of the policy agents can be used with Sun ONE Identity Server, version 6.0 SP1. Read this document before you begin using the policy agents.
The most up-to-date version of these release notes can be found at the Sun ONE documentation web site: http://docs.sun.com/db/coll/S1_IdServ_60. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Revision History
About Sun ONE Identity Server J2EE Policy AgentsSun ONE Identity Server J2EE Policy Agents, version 2.1 protect content on supported application servers from unauthorized intrusions. They control access to services and web resources based on the policies configured by an administrator. The agents documented in this guide are for the following application servers:
Installation NotesDetailed steps to install Sun ONE Identity Server Policy Agents on the supported application servers are provided in the J2EE Policy Agents Guide.
Known IssuesThis section contains a list of the known issues at the time of the release of Sun ONE Identity Server J2EE Policy Agents, version 2.1.
In the failover environment, the agent will work properly only when the Agent Filter mode is set to either SSO_ONLY or J2EE_POLICY. (#4869458)
Workaround
None exists at this time.Once the agent is installed and security is enabled, only the "amldapuser" can log into the IBM WebSphere 5.0 Application Server Administrative Console. (#4868888)
Workaround
None exists at this timeCommand-Line uninstallation program of the agent for Sun ONE Application Server 7.0 will not work properly if the Admin Server port of Sun ONE Application Server 7.0 is changed after the installation. (#4879650)
Workaround
Make sure the Admin Server port is not changed after the agent is installed or use the GUI-based uninstallation program.Command-Line uninstallation program of the agent for Sun ONE Application Server 7.0, will not work properly if the Admin Server user of Sun ONE Application Server 7.0, is changed after the installation. (#4880299)
Workaround
Make sure the Admin Server user is not changed after the agent is installed or use the GUI-based uninstallation program.During the Command-Line installation, from the Identity Server Details prompt, if you return to the Select Installation Directory prompt, the installation program throws an exception. (#4882901)
Workaround
Make sure that you enter the correct installation directory before you proceed to the Identity Server details prompt or use the GUI-based installation program.Re-installation in silent mode prints the following message: "Incompatible or corrupted state file provided. Cannot continue." (#4857531)
Workaround
Re-installation of the same agent on the same system is not supported. Instead, use the agent tools to configure the agent for a new instance of the application server. In the case of IBM WebSphere Application Server 5.0, follow the manual steps provided in the user guide to configure the agent for the new instance of the application server.No installation status is displayed for any J2EE Agent during Silent installation. (#4857532)
Workaround
The user must ensure that the proper environment exists before performing the silent installation/uninstallation. User should check the installation/uninstallation logs to confirm the actual status.The agent debug log, namely the amAuthContext file, displays the amldapuser password in the plain text format instead of the encrypted format. (#4873117)
Workaround
This happens only if the debug level is set to message. Manually change the permission of this file so that only the root/superuser has read access. Alternatively, set the debug level to off to prevent any sensitive information from appearing in the agent debug logs.If an invalid FQDN Map is specified and both the login-attempt limit and the redirect-attempt limit are set to 0, then any user who is already authenticated is denied access to the resource. (#4899847)
Workaround
Make sure that you specify a valid FQDN Map.When using PeopleSoft 8.3 agent, if the value of the property com.sun.am.policy.amAgentLog.disposition is set to Remote or ALL, the agent will malfunction. (#4919377)
Workaround
By default the value of this property is set to LOCAL during the agent installation. It is recommended that you retain this value. Remote logging is not supported with PeopleSoft 8.3.PeopleSoft fails to do a normal shutdown after the agent is installed. (#4899838)
Workaround
Some of the application server processes will fail to shut down when you do a Normal shutdown from the PeopleSoft Domain Shutdown Menu. You can, instead, do a complete shutdown by choosing Forced shutdown.
How to Report Problems and Provide FeedbackIf you have problems with Sun ONE Identity Server, contact Sun customer support using one of the following mechanisms:
- Sun Software Support services online at
http://www.sun.com/service/sunone/software
- The telephone dispatch number associated with your maintenance contract
So that we can best assist you in resolving problems, please have the following information available when you contact support:
- Description of the problem, including the situation where the problem occurs and its impact on your operation
- Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
- Detailed steps on the methods you have used to reproduce the problem
- Any error logs or core dumps
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions. Email your comments to Sun at this address:
Please include the part number (816-6885-10) of the document in the subject line and the book title (Sun ONE Identity Server J2EE Policy Agents Release Notes) in the body of your email.
Additional Sun ResourcesUseful Sun ONE information can be found at the following Internet locations:
- Documentation for Sun ONE Identity Server
http://docs.sun.com/db/coll/S1_IdServ_60- Sun ONE Documentation
http://docs.sun.com/prod/sunone- Sun ONE Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Software Products and Service
http://www.sun.com/software- Sun ONE Software Support Services
http://www.sun.com/service/sunone/software- Sun ONE Support and Knowledge Base
http://www.sun.com/service/support/software- Sun Support and Training Services
http://www.sun.com/supportraining- Sun ONE Consulting and Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Developer Information
http://sunonedev.sun.com- Sun Developer Support Services
http://www.sun.com/developers/support- Sun ONE Software Training
http://www.sun.com/software/training- Sun Software Data Sheets
http://wwws.sun.com/software
Copyright © 2003 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Solaris, Java and the Java Coffee Cup logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Use of Identity Server is subject to the terms described in the license agreement accompanying it.