Oracle® Access Management
Webgate Release Notes
Bundle Patch 12 c (12.2.1.3.181207)
F12498-01
Jan 2019
This document describes the bug fixes that are included with Bundle Patch 12.2.1.3.181207.
The Bundle Patch requires a base installation of Oracle Access Management Webgate 12c (12.2.1.3.0). This document supersedes the documentation that accompanies Oracle Access Management 12c (12.2.1.3.0), and earlier documents if any. This document contains the following sections:
Understanding the Webgate Bundle Patch
Describes Bundle Patches and explains differences between Bundle Patches, patch set exceptions (also known as one-offs), and patch sets.
WebGate Bundle Patch Introduction
A bundle patch is an official Oracle patch for Oracle Access Management components on baseline platforms. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another.
Each bundle patch is cumulative: the latest bundle patch includes all fixes in earlier bundle patches for the same release and platform. Fixes delivered in bundle patches are rolled into the next release.
Bundle patches are released on a regular basis and are available on My Oracle Support (formerly Oracle MetaLink).
Note:
To remain in an Oracle-supported state, Oracle recommends that you apply the bundle patch to all installed components for which packages are provided.
Table 1-1 Bundle Patches versus Patch Sets
Mechanism | Description |
---|---|
Bundle Patch |
A bundle patch is an official Oracle patch mechanism for Access Manager components on baseline platforms. Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. This bundle patch must be applied to Access Manager 12.2.1.3.0 WebGates. |
Patch Set |
All of the fixes in the patch set have been tested and are certified to work with one another on the specified platforms. Each patch set provides the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. |
WebGate Bundle Patch Requirements
Requirements for this WebGate release are discussed in the following topics:
WebGate Bundle Patch 12.2.1.3.181207
Access Manager 12c Release (12.2.1.3.0) WebGates are the required base for WebGate Bundle Patch 12.2.1.3.181207
Note:
On AIX platform, along with WebGate Bundle Patch 12.2.1.3.181207, an additional OHS patch has to be applied for OHS server to function as expected.OHS patch for AIX- Patch ID: 29113759
See Also:
Certification Documentation for details about certification, installers, and downloads.
Bundle Patch Recommendations
Oracle recommends that you apply the WebGate bundle patch to all installed WebGates for which a bundle patch is provided.
Oracle also recommends that OAM Server components be at the same (or higher) bundle patch level as the installed 12c WebGate.
If you have ... | Perform Following Steps... |
---|---|
12.2.1.3.0 Webgates |
Apply the WebGate bundle patch:
|
Before Installing this WebGate Bundle Patch
Installing and Removing the Webgate Bundle Patch
This section contains the following topics to guide you, as you prepare and install the WebGate files (or as you remove a WebGate, should you need to revert to your original installation):
Preparing All Environments and Downloading the Bundle Patch
This section introduces the Oracle patch mechanism (Opatch) and requirements that must be met before applying the bundle patch. Opatch is a Java-based utility that runs on all supported operating systems and requires installation of the Oracle Universal Installer.
Note:
Oracle recommends that you have the latest version of Opatch (version 13.9.2.0.0+) from My Oracle Support. Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.The patching process uses both unzip and Opatch executables. After sourcing the $ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching.
Perform steps in the following procedure to prepare your environment and download the bundle patch. Due to formatting constraints in this document, some sample text lines wrap around. These line wraps should be ignored.
Note:
Ignore line wrapping in syntax examples and ignore steps that do not apply to your environment or intended Opatch use.Unless explicitly identified as relevant to only a specific condition, all steps apply to all Opatch environments. Steps that relate to only a specific condition are identified with a bold condition.
To prepare your environment and download the bundle patch:
Preparing 64-Bit Oracle HTTP Server 12c WebGates on Windows 2012 64-Bit Platforms
If you are using Windows 2012 64-bit operating systems, you must install updated Microsoft Visual C++ 2010 libraries on the machine hosting the Oracle HTTP Server 12c Webgate for Oracle Access Manager.
To install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update
Install the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update for X64 systems, which can be downloaded from the following Web site:
https://www.microsoft.com/en-us/download/details.aspx?id=26999
Proceed to Installing a WebGate Bundle Patch on any Platform
Installing a WebGate Bundle Patch on any Platform
This section describes how to install WebGate bundle patches on any platform using Oracle patch (Opatch). While individual command syntax might differ depending on your platform, the overall procedure is the same for all platforms.
The files in each bundle patch are installed into the destination ORACLE_HOME. This enables you to remove (roll back) the bundle patch even if you have deleted the original bundle patch files from the temporary directory you created.
Oracle recommends that you back up the ORACLE_HOME
using your preferred method before any patch operation. You can use any method (zip, cp -r, tar, and cpio) to compress the ORACLE_HOME
.
When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your ORACLE_HOME:
-
Conflicts with a patch already applied to the
ORACLE_HOME
. In this case, stop the patch installation and contact Oracle Support Services. -
Conflicts with subset patch already applied to the
ORACLE_HOME
. In this case, continue installation because the new patch contains all the fixes from the existing patch in theORACLE_HOME
. The subset patch is automatically rolled back before installation of the new patch begins.
To install a Webgate bundle patch on any platform:
Failure During WebGate Bundle Patch Installation
If there is a failure during your WebGate installation, your original WebGate installation is restored automatically.
Note:
You can check the window to see if you can discern the problem, then correct the problem and restart the bundle patch installation.Rolling Back a WebGate Bundle Patch on Any System
Note:
If you see "Patch not present in the Oracle Home, Rollback cannot proceed", enteropatch rollback -help
to get more information. If the patch was applied using -no_inventory
option, use -ph
option.
After the WebGate bundle patch is removed, the system is restored to the state it was in immediately before the bundle patch installation.
To roll back a WebGate bundle patch on any system:
Resolved Issues in 12.2.1.3.181207
Base Bug Number | Description |
---|---|
29017484 |
REMOVAL OF RAPIDJSON USED FOR OIDC HEADERS FEATURE. |
28921190 |
COMPILATION FAILURE ON BOTH SOLARIS PLATFORMS FOR 12CPS3 JAN BP |
28381497 |
OHS 11.1.2.3.180417 RETURNS BAD REQUEST WITH DEFAULT SSL PORT |
27724373 |
STRESS:122131OHS- 3GB PROCESS SIZE IN PS4 COMPARING 400MB PROCESS SIZE IN 12CPS3 |
27608453 |
WEBGATE SETS MULTIPLE ACCESS TOKEN COOKIES PER SCOPE COMBINATION IN CLOUD.POLICY |
27204428 |
OAM LOGOUT URL HAVING QUERY STRING IN END_URL IS NOT RETAINED IN DCC CASE |
Resolved Issues in 12.2.1.3.180622
Base Bug Number | Description of the problem |
---|---|
28155915 |
NOT ABLE TO ACCESS RESOURCE OF APP HAVING ONLY OPENID SCOPE |
27986254 |
DCC WEBGATE COMPATIBILITY SUPPORT Note: Administrator can add an user-defined parameter If the By default, Webgate profile uses |
27892813 |
OAUTH FLOWS NOT WORKING ON OTD (BOTH WINDOWS/LINUX) |
27683326 |
WNA AUTHENTICATION THROWS BASIC PROMPT ON IDLE-TIMEOUT |
27484889 |
ERROR AT IDLE TIMEOUT WITH DCC AND X509 |
27026287 |
OHS 12.1.2.0.0 WEBGATE : STALE/INVALID OAMAUTHNCOOKIE |
26307941 |
ESSODIRECTSUBMIT DOES NOT WORK WHEN THE USER HAS A DOUBLE QUOTE IN HIS PASSWORD |
Resolved Issues in 12.2.1.3.180414
Base Bug Number | Description of the problem |
---|---|
27743823 |
NOT ABLE TO ACCESS THE HOME PAGE URL : EBEX |
27609018 |
WEBGATE (OIDC) SETS IDTOKEN AND ACCESS TOKEN COOKIES IN THE BROWSER UNENCRYPTED |
27536251 |
REFRESH TOKENS (OAUTH/OPENID) IN WEBGATE IS NOT WORKING |
27258588 |
Fix for bug 27258588 Note: All the WebGate behind the same LoadBalancer/Proxy must be Patched. In case of DCC Webgate, fix for the bug is disabled. The fix for the DCC WebGate can be enabled by setting the The DCC WebGate Example: If OAM Server There is no configuration setting for Resource WebGate. All the WebGate behind same proxy/loadbalancer must be patched simultaneously. |
27568356 |
Fix for bug 27568356 Note: Please refer the note added for bug 27258588, the same implies for this bug also. |
27355601 |
Fix for bug 27355601 Note: Please refer the note added for bug 27258588, the same implies for this bug also. |
27793168 |
GETTING BAD ACCESS MANAGER ERROR ON FIRST TIME RESOURCE ACCESS Note: Please refer the note added for bug 27258588, the same implies for this bug also. |
27247346 |
SUPPORT FOR STANDARD BASED PROTOCOL (OAUTH/OPENID) IN WEBGATE Note: This Feature is only supported for OHS WebGate. |
26554694 |
WEBGATE FAILURES AFTER UPGRADE OF FEDRAMP POD CONFIGURED TO USE OHSRUN USER |
24588634 |
Fix for bug 24588634 Refer to technical note Doc ID 2386892.1 available on My Oracle Support. You can access My Oracle Support at https://support.oracle.com Note:
The above configuration is only for Apache based servers(OHS/APACHE/IHS). IIS provides inbuilt protection for this kind of request hijacking. IIS "Site Bind" Settings needs to be modified with the valid HostName of the Server, upon encountering modified Host header request, IIS Server return 404 response. |
22104011 |
Fix for bug 22104011 |
16369333 |
Fix for bug 16369333 |
Resolved Issues in 12.2.1.3.171214
Webgate Release Number | Base Bug Number | Description |
---|---|---|
12.2.1.3.171214 |
26389702 |
DCC WEBGATE NEED TO SEND DYNAMIC CONTEXT TO SERVER FOR AUTHENTICATE PROCESSING Note: This fix works along with other Server side fixes (included in 12.2.1.3.171121 OAM BP) to improve dynamic authentication support in DCC. |
26256956 |
WNA-DCC, USER BEING CHALLENGED POST CONFIGURED IDLE TIME |
|
25765974 |
Fix for Bug 25765974 |
Known Issues
Known issues and their workarounds in Oracle Access Management Release 12.2.1.3 are described in the Oracle Access Management chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:
https://docs.oracle.com/middleware/12213/idmsuite/IDMRN/toc.htm
Note:
Some known issues listed in the Release Notes for Oracle Identity Management may have been resolved by this Bundle Patch. Compare the issues listed in Resolved Issues in 12.2.1.3.171214of this document when reviewing the Release Notes for Oracle Identity Management
Documentation
This section describes the documentation that is available to support the latest bundle patch and the original release. This section provides the following topics:
Oracle Access Manager Manuals and Release Notes
You can find release notes and manuals on Oracle Technology Network (OTN). If you already have a user name and password for OTN, you can go directly to the documentation section of the OTN Web site at:
http://www.oracle.com/technetwork/indexes/documentation/index.html
Oracle Access Manager 12c documentation link:
Patch Set Notes and Bundle Patch Notes
You can download notes with software patches and bundle patches from My Oracle Support (formerly MetaLink) at:
http://support.oracle.comThis document, Oracle Access Manager WebGate Release Notes Bundle Patch 12.2.1.3.181207 for All Server Platforms, provides the following information for this specific bundle patch release:
-
General information about bundle patches.
-
General WebGate bundle patch requirements and installation details.
-
Details about what is included in the Webgate bundle patch.
The Oracle Access Manager WebGate Release Notes Bundle Patch 12.2.1.3.181207 for All Server Platforms is available in HTML format, as readme.htm, that you can view without downloading the zip file.
The companion, Oracle Access Management Release Notes, Bundle Patch 12.2.1.3.181207 Generic for All Server Platforms, provides the following information for this specific bundle patch release:
-
General information about bundle patches
-
General bundle patch requirements and installation details
-
Details about what is included in this bundle patch
The companion Oracle Access Management Release Notes, Bundle Patch 12.2.1.3.181207 Generic for All Server Platforms readme file is available in HTML format, as readme.htm, that you can view without downloading the zip file.
Certification Documentation
Support Information | Sites |
---|---|
Certification Matrix |
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html |
Oracle Fusion Middleware Requirements |
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html |
Oracle Fusion Middleware Downloads |
http://www.oracle.com/technetwork/middleware/downloads/index-087510.html |
Documentation Accessibility
Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology.
This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Deaf/Hard of Hearing Access to Oracle Support Services
To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html
Oracle Access Management Webgate Release Notes, Bundle Patch 12 c (12.2.1.3.181207)
F12498-01
Copyright © 2019, , Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.