2 Oracle Mobile Security Access Server

This chapter describes the release notes for Oracle Mobile Security Access Server.

It contains the following sections.

• Section 2.1, "New Features"

• Section 2.2, "System Requirements"

• Section 2.3, "Compatibility"

• Section 2.4, "Bug Fixes"

• Section 2.5, "Known Limitations"

2.1 New Features

The following new features are included in the 3.0.0 release.

• Oracle rebranding.

• Integration with Oracle Access Manager (OAM) for username/password authentication.

• Retrieval of OAM and OAuth 2.0 tokens for single sign-on to back end resources protected with either or those token types, including:

  • OAM WebGate protected resources

  • Oracle Web Services Manager (OWSM) protected resources

  • Oracle API Gateway (OAG) protected resources

• Various security improvements, including integrating security patches for all underlying open source components.

• Support for passing GSSAPI Kerberos flags from Mobile Security Access Server configuration files.

• Merging of cookies set during multi-pass NTLM SSO negotiation exchanges.

• Support for PIN management features through Radius protocol.

• Failover across multiple Radius servers.

The following new features are included in the 3.0.1 release.

• Support for Oracle Linux 6 Update 1 and higher

2.2 System Requirements

The following system requirements are required for this release of the Mobile Security Access Server:

• Windows 2008 SP2 or Oracle Linux 6 Update 1+

• Latest service pack and security updates

• 4 GB memory

• 2.2 Gz processor

• 30GB hard drive

2.3 Compatibility

This release is compatible with the following Oracle Mobile Security Suite components.

• Mobile Security Administrative Console v3.0.x

• Mobile File Manager Server v3.0.x

• Mobile Security Notification Server v3.0.x

• Mobile Security Container v2.4.x, v2.5.x, v3.0.x

  • for iOS

  • for Android

• Mobile Security App Containerization Tool v2.5.x, v3.0.x

  • for iOS

  • for Android

2.4 Bug Fixes

The following bug fixes are included in the 3.0.0 release.

• Escape embedded commas in LDAP DNs during certificate provisioning and lifecycle operations.

2.5 Known Limitations

The following limitations are known in this release.

• For user authentication with Kerberos PKINIT (X509 certificates), Mobile Security Access Server requires that the RSA with SHA-512 algorithm be allowed for domain authentication. This is enabled by default in standard domain configurations.

• For user authentication with Kerberos username and password, Mobile Security Access Server requires that the RC4-HMAC algorithm be allowed for domain authentication. This is enabled by default in standard domain configurations.

• Load balancing across multiple Mobile Security Access Servers requires that source or SSL session stickiness be configured on the load balancer such that all client requests during the authentication process hit the same Mobile Security Access Server instance. Following the authentication process, subsequent requests can hit any Mobile Security Access Server instance.