docbkx/release-notes/chap-issues.xml

	chap-issues.xml revision 5a64c6fb8734b97ed6cb1476c473ba81b44954c2
<?xml version="1.0" encoding="UTF-8"?>
<!--
  ! CCPL HEADER START
  !
  ! This work is licensed under the Creative Commons
  ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
  ! To view a copy of this license, visit
  ! http://creativecommons.org/licenses/by-nc-nd/3.0/
  ! or send a letter to Creative Commons, 444 Castro Street,
  ! Suite 900, Mountain View, California, 94041, USA.
  !
  ! You can also obtain a copy of the license at
  ! src/main/resources/legal-notices/CC-BY-NC-ND.txt.
  ! See the License for the specific language governing permissions
  ! and limitations under the License.
  !
  ! If applicable, add the following below this CCPL HEADER, with the fields
  ! enclosed by brackets "[]" replaced with your own identifying information:
  !      Portions Copyright [yyyy] [name of copyright owner]
  !
  ! CCPL HEADER END
  !
  !      Copyright 2011-2014 ForgeRock, Inc.
  !
-->
<chapter xml:id='chap-issues'
 xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
 xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
 xsi:schemaLocation='http://docbook.org/ns/docbook
                     http://docbook.org/xml/5.0/xsd/docbook.xsd'
 xmlns:xlink='http://www.w3.org/1999/xlink'>
 <title>OpenAM Fixes, Limitations, &amp; Known Issues</title>

 <para>OpenAM issues are tracked at <link
 xlink:href='https://bugster.forgerock.org/jira/browse/OPENAM'
 >https://bugster.forgerock.org/jira/browse/OPENAM</link>. This chapter
 covers the status of key issues and limitations at release
 <?eval ${serverDocTargetVersion}?>.</para>

 <!-- TODO: Note for the final release
 <important>
  <para>This release resolves a number of issues, including security issues in
  OpenAM. It is strongly recommended that you update to this release to make
  your deployment more secure, and to take advantage of important functional
  fixes. ForgeRock customers can contact support for help and further
  information.</para>
 </important>
 -->

 <section xml:id="fixes">
  <title>Key Fixes</title>

  <para>The following bugs were fixed in release
  <?eval ${serverDocTargetVersion}?>. For details, see the <link
  xlink:show="new" xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM"
  >OpenAM issue tracker</link>.</para>

  <itemizedlist>
   <listitem>
    <para>
     TODO: Update for the next release
    </para>
   </listitem>
  </itemizedlist>

 </section>

 <section xml:id="limitations">
  <title>Limitations</title>

  <itemizedlist>
   <listitem>
    <para><emphasis role="bold">Different OpenAM Version within a Site</emphasis>.
     Do not run different versions of OpenAM together in the same OpenAM
     site.</para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">Deleting Referral Policy</emphasis>.
     OpenAM allows you to delete a referral policy
     even if policies depending on the referral still exist in the target realm.
     Deleting a referral policy that other policies depend on
     can cause problems during policy evaluation.
     You must therefore make sure that no policies
     depend on any referrals that you delete.
    </para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">Avoid Use of Special Characters in Policy or
     Application creation</emphasis>.
     Do not use special characters within policy, application or referral names
     (for example, "my+referral") using the Policy Editor or REST endpoints as
     OpenAM returns a 400 Bad Request error.
     The special characters are: double quotes ("), plus sign (+), command (,),
     less than (&lt;), equals (=), greater than (&gt;), backslash (\), and null (\u0000).
     (<link xlink:show="new"
            xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-5262"
      >OPENAM-5262</link>)
    </para>
   </listitem>
   <!-- OPENAM-5314 -->
   <listitem>
    <para><emphasis role="bold">Avoid Using REST Endpoint Names for
     Realm Names</emphasis>.
     Do not use the names of OpenAM REST endpoints as the name of a realm.
     The OpenAM REST endpoint names that should not be used includes: "users",
     "groups", "realms", "policies" and "applications".
     (<link xlink:show="new"
            xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-5314"
      >OPENAM-5314</link>)
    </para>
   </listitem>

   <listitem>
    <para><emphasis role="bold">Deploying OpenAM on Windows in an IPv6 Network</emphasis>.
     When deploying OpenAM components on Microsoft Windows in an IPv6 environment,
     you must use the Java 7 Development Kit on Windows (due to
     <link xlink:show="new"
           xlink:href="http://bugs.sun.com/view_bug.do?bug_id=6230761">JDK-6230761</link>,
     which is fixed only in Java 7).</para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">Database Repository Type is Experimental</emphasis>.
     The Database Repository type of data store is experimental and not
     supported for production use.</para>
   </listitem>
   <listitem>
    <!-- Fix for OPENAM-1032: Add details to the release notes and documentation of OpenAM (for 875) -->
    <para><emphasis role="bold">Enforcing Session Quotas with Session Failover</emphasis>.
     By default OpenAM does not enforce session quotas when running in Site
     mode without session failover. To work around this behavior, set the server
     configuration property
     <literal>openam.session.useLocalSessionsInMultiServerMode=true</literal>.
     You can set this property in OpenAM console under Configuration &gt; Servers
     and Sites &gt; Servers &gt; Server Name &gt; Advanced.</para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">OpenAM with Embedded Directory Server in IPv6 Networks</emphasis>.
     On hosts with pure IPv6 networks, OpenAM configuration has been seen to fail
     while starting the embedded OpenDJ directory server
     (<link xlink:show="new"
            xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3008"
     >OPENAM-3008</link>).
    </para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">JBoss 6.3 Support for Java 8</emphasis>.
     As of this writing, JBoss 6.3/AS 7.4.0 does not support Java 8.
     Until JBoss 6.3 fully supports Java 8, you can use JDK 1.7.0_56
     (<link xlink:show="new"
            xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-4876"
      >OPENAM-4876</link>).
    </para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">Note about HttpServletResponse &amp; HttpServletRequest</emphasis>.
     The <literal>HttpServletRequest</literal> instance passed to
     <literal>AMPostAuthProcessInterface#onLogout</literal> will be null.
     The <literal>HttpServletResponse</literal> instance passed to
     <literal>AMPostAuthProcessInterface#onLogout</literal> is not the actual
     <literal>HttpServletResponse</literal> corresponding to the request but a
     faux instance whose only purpose is to transfer headers back to the actual
     <literal>HttpServletResponse</literal>
     (<link xlink:show="new"
            xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-4045"
     >OPENAM-4045</link>).
    </para>
   </listitem>
   <listitem>
    <para><emphasis role="bold">XACML Policy Import and Export</emphasis>.
     OpenAM can only import XACML 3.0 files that were either created by an
     OpenAM instance, or that have had minor manual modifications, due to the
     reuse of some XACML 3.0 parameters for non-standard information.
    </para>
   </listitem>
  </itemizedlist>

 </section>

 <section xml:id="known-issues">
  <title>Known Issues</title>

  <para>The following important known issues remained open at the time
  release <?eval ${serverDocTargetVersion}?> became available. For details and
  information on other issues, see the <link xlink:show="new"
  xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM">OpenAM issue
  tracker</link>.</para>

  <itemizedlist>
   <listitem>
    <para>
     TODO: Update for the next release
    </para>
   </listitem>
  </itemizedlist>

 </section>
</chapter>