chap-issues.xml revision 6ce3dabbba7e4e63677d017240c4bbb31d083469
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! CCPL HEADER START
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! This work is licensed under the Creative Commons
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! To view a copy of this license, visit
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! http://creativecommons.org/licenses/by-nc-nd/3.0/
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! or send a letter to Creative Commons, 444 Castro Street,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! Suite 900, Mountain View, California, 94041, USA.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! You can also obtain a copy of the license at
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! src/main/resources/legal-notices/CC-BY-NC-ND.txt.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! See the License for the specific language governing permissions
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! and limitations under the License.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! If applicable, add the following below this CCPL HEADER, with the fields
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! enclosed by brackets "[]" replaced with your own identifying information:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! Portions Copyright [yyyy] [name of copyright owner]
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! CCPL HEADER END
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ! Copyright 2011-2014 ForgeRock, Inc.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xsi:schemaLocation='http://docbook.org/ns/docbook
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <title>OpenAM Fixes, Limitations, & Known Issues</title>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina OpenAM 11.0.1 together with OpenAM web policy agents 3.3.1
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina address backward compatibility for policy evaluation.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina For details, make sure that you read the release notes section on <link
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xlink:role="http://docbook.org/xlink/role/olink"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ><citetitle>Important Changes to Existing Functionality</citetitle></link>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina OpenAM issues are tracked at
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <link xlink:href='https://bugster.forgerock.org/jira/browse/OPENAM' />.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina This chapter covers the status of key issues and limitations
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina in this release.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina The following bugs were fixed in release ${serverDocTargetVersion}.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina >OpenAM issue tracker</link>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <!-- List generated at 08:03:55 20140326 using http://bugster.forgerock.org/jira/rest/api/2/search?jql=project+%3D+OpenAM+AND+fixVersion+%3D+"11.0.1"+AND+resolution+%3D+Fixed+AND+labels+%3D+release-notes&startAt=0&maxResults=500&fields=summary-->
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <itemizedlist>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3742" xlink:show="new">OPENAM-3742</link>: Large amount of invalid search requests made against IdRepo</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3740" xlink:show="new">OPENAM-3740</link>: HttpOnly and Secure cookie flags not always honored in multiserver deployments</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3707" xlink:show="new">OPENAM-3707</link>: Error while retrieving NameIDKeyMap</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3678" xlink:show="new">OPENAM-3678</link>: OAuth2 restlet extension doesn't populate name and description on the OAuth2 consent page</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3666" xlink:show="new">OPENAM-3666</link>: In-memory account lockout does not work when using Data Store authentication module</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3648" xlink:show="new">OPENAM-3648</link>: SAML 1.x authenticationMethod should escape "|" characters</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3639" xlink:show="new">OPENAM-3639</link>: WS-Fed IP sends incorrectly encoded unicode characters</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3638" xlink:show="new">OPENAM-3638</link>: Policy rule with trailing wildcard denies access to a valid resource URL</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3632" xlink:show="new">OPENAM-3632</link>: Adaptive module does not honor httpOnly Secure cookie settings</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3623" xlink:show="new">OPENAM-3623</link>: LDAP auth-module connection pool does not correctly recover</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3607" xlink:show="new">OPENAM-3607</link>: Adaptive IP check fails when message level debug enabled</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3573" xlink:show="new">OPENAM-3573</link>: IDP Initiated federation with missing SPNameQualifier result in exception</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3572" xlink:show="new">OPENAM-3572</link>: MailServerImpl not properly handling mailservers without authentication</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3561" xlink:show="new">OPENAM-3561</link>: Special characters are incorrectly handled when using LDAP auth module</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3542" xlink:show="new">OPENAM-3542</link>: Possible NPE when sending SAML request without isPassive attribute</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3531" xlink:show="new">OPENAM-3531</link>: new_org.jsp doesn't work when SAML request was sent using HTTP-POST binding</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3522" xlink:show="new">OPENAM-3522</link>: Special LDAP characters in the data store's naming attribute are not escaped</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3520" xlink:show="new">OPENAM-3520</link>: OAuth2 read/delete throws NPE if SSOToken doesn't belong to the same realm as token's realm</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3509" xlink:show="new">OPENAM-3509</link>: PolicyEvaluation strips off trailing '/' from resource resulting in wrong enforcement on agent side</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3506" xlink:show="new">OPENAM-3506</link>: OAuth2 grant_type=client_credentials read/delete fail with NPE</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3499" xlink:show="new">OPENAM-3499</link>: LoginServlet is NOT enforcing strict session timeouts on DAS</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3482" xlink:show="new">OPENAM-3482</link>: ForgotPassword REST API should escape username used in confirmationLink</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3465" xlink:show="new">OPENAM-3465</link>: Parsing output of Embedded OpenDJ dsconfig list-replication-server command fails due to change since v2.6.0</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3458" xlink:show="new">OPENAM-3458</link>: SAML federation can fail in multiserver deployments</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3444" xlink:show="new">OPENAM-3444</link>: Incorrect NameIdentifier generated when using both default and non-default NameIDFormat with SAML 1.x</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3437" xlink:show="new">OPENAM-3437</link>: RelayState validation fails during SLO</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3428" xlink:show="new">OPENAM-3428</link>: DJLDAPv3Repo breaks Active Directory when using sAMAccountName as naming attribute with the DN being the CN</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3413" xlink:show="new">OPENAM-3413</link>: Update federation attribute mapping documentation with details of new binary attribute mapping feature</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3408" xlink:show="new">OPENAM-3408</link>: Fix for OPENAM-2626 leads to concurrent modification exception</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3401" xlink:show="new">OPENAM-3401</link>: The token generated by the forgotPassword REST API should be a one time password</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3385" xlink:show="new">OPENAM-3385</link>: DJLDAPv3Repo Error Unexpected Results Returned when searching Active Directory users from the root</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3353" xlink:show="new">OPENAM-3353</link>: LDAP auth does not set operation timeout; OpenAM freeze</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3269" xlink:show="new">OPENAM-3269</link>: create-agent-grp or adding groupconfig in OpenAM console fails with NPE for subrealms</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3259" xlink:show="new">OPENAM-3259</link>: StackOverflowError when invalid pcookie is presented</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3252" xlink:show="new">OPENAM-3252</link>: LoginServlet reroute logic should consider AMAuthCookie as request parameter</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3237" xlink:show="new">OPENAM-3237</link>: Updating a user entry with an empty attribute fails if the attribute didn't exist in the entry before</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3230" xlink:show="new">OPENAM-3230</link>: When I make Upgrade from AM 955 to AM 11 upgrade report show me incorrect version of an existing instance</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3227" xlink:show="new">OPENAM-3227</link>: OAuth2 Authentication Module does not utilise com.sun.identity.shared.encode.CookieUtils when creating new cookies.</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3226" xlink:show="new">OPENAM-3226</link>: Creating a realm may cause duplicate delegation privilege entries to be written to datastore if multiple servers are running</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3225" xlink:show="new">OPENAM-3225</link>: SAML authentication throws NPE with IDP metadata showing certain characteristics</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3210" xlink:show="new">OPENAM-3210</link>: In CDSSO scenario no Logout is triggered when choosing 'yes' on 'new_org.jsp'</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3204" xlink:show="new">OPENAM-3204</link>: Goto URL validation can choke on relative URLs</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3202" xlink:show="new">OPENAM-3202</link>: RelayState is validated as a URL</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3190" xlink:show="new">OPENAM-3190</link>: IdP Adapter should have an extension point that can manipulate the SAML response</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3189" xlink:show="new">OPENAM-3189</link>: IdP Proxy should invoke SP Adapter when sending the proxied SAML request</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3165" xlink:show="new">OPENAM-3165</link>: NPE during export-svc-cfg</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3160" xlink:show="new">OPENAM-3160</link>: AuthContext failover doesn't work</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3156" xlink:show="new">OPENAM-3156</link>: web.xml should not have <distributable/></para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3113" xlink:show="new">OPENAM-3113</link>: DJLDAPv3Repo should properly set the LDAP error codes on IdRepoException</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2922" xlink:show="new">OPENAM-2922</link>: SP initiated SLO can fail with IllegalStateException</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2760" xlink:show="new">OPENAM-2760</link>: Validation of gotoOnFail URLs</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2327" xlink:show="new">OPENAM-2327</link>: OpenAM JSP violate JSP 2.0 spec</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2322" xlink:show="new">OPENAM-2322</link>: NULL pointer exception in windowsdesktopsso.java file when doing kerberos service ticket authenticaiton with Openssoclientsdk.jar client program - backward compatibility broken</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2294" xlink:show="new">OPENAM-2294</link>: Errors during federation can result in displaying Redirect.jsp</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2273" xlink:show="new">OPENAM-2273</link>: Help text on console for auto federation is misleading</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2145" xlink:show="new">OPENAM-2145</link>: Possible memory leaks around remote Session objects</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1957" xlink:show="new">OPENAM-1957</link>: NPE ERROR: Error creating logFailed message</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1739" xlink:show="new">OPENAM-1739</link>: HOTP module may ignore SMTP settings in the configuration</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1109" xlink:show="new">OPENAM-1109</link>: AdminTokenAction doesn't clear invalid SSOToken</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1012" xlink:show="new">OPENAM-1012</link>: IDP initiated SAML2 SLO error when SP does not have SLO binding</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-688" xlink:show="new">OPENAM-688</link>: REOPEN -LDAP Error 80 can result in build up of LDAPv3EventService::RetryTask objects</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-119" xlink:show="new">OPENAM-119</link>: Concurrent access of non-thread safe objects possible in IdRepoJAXRPCObjectImpl</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </itemizedlist>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <!-- For OPENAM-1886 TODO: Remove when this is fixed after 10.1.0-Xpress -->
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>When session failover is configured to use external OpenDJ directory
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina servers, OpenAM must access those directory servers through an LDAP load
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina balancer that can fail over connections from OpenAM whenever a directory
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina server goes offline. Otherwise, sessions could continue to persist after
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina users logout of OpenAM.</para>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>Do not run different versions of OpenAM together in the same OpenAM
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>When deploying OpenAM components on Microsoft Windows in an IPv6 environment,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina you must use the Java 7 Development Kit on Windows (due to <link xlink:show="new"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xlink:href="http://bugs.sun.com/view_bug.do?bug_id=6230761">JDK-6230761</link>,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina which is fixed only in Java 7).</para>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>The Database Repository type of data store is experimental and not
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina supported for production use.</para>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <!-- Fix for OPENAM-1032: Add details to the release notes and documentation of OpenAM (for 875) -->
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>By default OpenAM does not enforce session quotas when running in Site
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina mode without session failover. To work around this behavior, set the server
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina configuration property
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <literal>openam.session.useLocalSessionsInMultiServerMode=true</literal>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina You can set this property in OpenAM console under Configuration > Servers
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina and Sites > Servers > Server Name > Advanced.</para>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <para>The XUI is experimental and not supported for production use. The only
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina language locale available for the XUI at this time is US English, in the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <filename>/path/to/openam/webapps/XUI/locales</filename> directory.</para>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina On hosts with pure IPv6 networks, OpenAM configuration has been seen to fail
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina while starting the embedded OpenDJ directory server
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3008"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina >OPENAM-3008</link>).
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina The following important known issues remained open
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina at the time release ${serverDocTargetVersion} became available.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina For details and information on other issues, see the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina >OpenAM issue tracker</link>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <!-- List generated at 13:37:16 20140326 using http://bugster.forgerock.org/jira/rest/api/2/search?jql=project+%3D+OpenAM+AND+%28component+not+in+%28"j2ee+agents"%2C+"web+agents"%29+OR+component+is+EMPTY%29+AND+%28resolution+%3D+Unresolved+OR+%28affectedVersion+%3D+"11.0.1"+AND+fixVersion+%21%3D+"11.0.1"%29%29+AND+labels+%3D+release-notes&startAt=0&maxResults=500&fields=summary-->
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <itemizedlist>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3466" xlink:show="new">OPENAM-3466</link>: LDAP authentication module does not apply the change of the password for the bind DN user until restart</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3270" xlink:show="new">OPENAM-3270</link>: openam/.version not updated after upgrade</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3243" xlink:show="new">OPENAM-3243</link>: The Core Auth Module persistent cookie options are different from the Persistent Cookie Module</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3239" xlink:show="new">OPENAM-3239</link>: OAuth 2 client properties randomly disappears after upgrade from OpenAM 10.1 to OpenAM 11</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3223" xlink:show="new">OPENAM-3223</link>: Policy Wildcard Matches doesn't work after OpenAM upgrade with an ODSEE</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3207" xlink:show="new">OPENAM-3207</link>: PLLRequestServlet should log an error if the configured maximum request size is exceeded</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3184" xlink:show="new">OPENAM-3184</link>: Insufficient error logging when 'agent profile' can not be found by CDCServlet</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3109" xlink:show="new">OPENAM-3109</link>: Token conflicts can occur if OpenDJ servers are replicated</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3065" xlink:show="new">OPENAM-3065</link>: Misconfiguring CTS causes issues with IDRepo unable to read realms</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3056" xlink:show="new">OPENAM-3056</link>: Retrieving roles may fail when using more than one data store</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-3048" xlink:show="new">OPENAM-3048</link>: RESTful authentication using curl doesn't work on the WebLogic 12c (12.1.1.0) </para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2715" xlink:show="new">OPENAM-2715</link>: Mandatory OAuth2 Provider settings not enforced in the UI</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2712" xlink:show="new">OPENAM-2712</link>: Adaptive.getIdentity prints 'More than one user found' when no user was found</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2656" xlink:show="new">OPENAM-2656</link>: PrefixResourceName#compare() strips off trailing '/' in PathInfo</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2608" xlink:show="new">OPENAM-2608</link>: Restricted Token validation does not work in legacy REST API</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2564" xlink:show="new">OPENAM-2564</link>: resource-based authentication with DistAuth not working</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2537" xlink:show="new">OPENAM-2537</link>: SAML AuthContext mapper auth level setting inconsistencies</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2469" xlink:show="new">OPENAM-2469</link>: IdP initiated SSO endpoints should honor RelayState even when they're POSTed</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2460" xlink:show="new">OPENAM-2460</link>: Policy evaluation may hang with large number of matching referral privileges</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2404" xlink:show="new">OPENAM-2404</link>: new_org.jsp is displayed from the original realm in case of session upgrade</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2262" xlink:show="new">OPENAM-2262</link>: Configure OAuth2 wizard always enables refresh tokens</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2170" xlink:show="new">OPENAM-2170</link>: Configure OAuth2 wizard fails to create policy in sub-realm</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2168" xlink:show="new">OPENAM-2168</link>: Authentication Success Rate and Authentication Failure Rate are always 0</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2155" xlink:show="new">OPENAM-2155</link>: Non printable characters in some files. Looks like most should be copyright 0xA9</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2137" xlink:show="new">OPENAM-2137</link>: DSConfigMgr can hide exception root causes</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2085" xlink:show="new">OPENAM-2085</link>: Unreliable policy evaluation results with com.sun.identity.agents.config.fetch.from.root.resource enabled</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-2023" xlink:show="new">OPENAM-2023</link>: Federation Connectivity Test fails with Account termination is not working </para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1946" xlink:show="new">OPENAM-1946</link>: Password change with AD does not work when old password is provided</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1945" xlink:show="new">OPENAM-1945</link>: Default Configuration create invalid domain cookie</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1921" xlink:show="new">OPENAM-1921</link>: REST GET for user "*" returning first user listed</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1892" xlink:show="new">OPENAM-1892</link>: Only Accept certificate for authentication if KeyUsage is correct</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1886" xlink:show="new">OPENAM-1886</link>: Session invalidated on OpenAM server is not deleted from SFO datastore</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1852" xlink:show="new">OPENAM-1852</link>: Oauth2 auth-module can not be used with DistAuth</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1839" xlink:show="new">OPENAM-1839</link>: LDAPConnectionPool is not recovered</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1831" xlink:show="new">OPENAM-1831</link>: OpenAM 10.0 subrealm DNS alias doesn't work as expected unless setting com.sun.identity.server.fqdnMap</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1811" xlink:show="new">OPENAM-1811</link>: DAS response serialization is not working as expected when using PAP</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1660" xlink:show="new">OPENAM-1660</link>: Read-access to SubjectEvaluationCache is not synchronized</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1659" xlink:show="new">OPENAM-1659</link>: Default Authentication Locale is not used as fallback</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1655" xlink:show="new">OPENAM-1655</link>: AttributeQueryUtil ignores configured SPAttributeMapper</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1642" xlink:show="new">OPENAM-1642</link>: Chain based UI customization is not case insensitive</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1563" xlink:show="new">OPENAM-1563</link>: Servers and Sites pages may display password in clear text</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1505" xlink:show="new">OPENAM-1505</link>: LogoutViewBean does not use request information for finding the correct template</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1456" xlink:show="new">OPENAM-1456</link>: Change of the agent group in the J2EE policy agent profile causes profile corruption</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1330" xlink:show="new">OPENAM-1330</link>: 'sharedState' in LoginContext should be thread safe </para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1323" xlink:show="new">OPENAM-1323</link>: Unable to create session service when no datastore is available</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1317" xlink:show="new">OPENAM-1317</link>: With ssoadm create-agent, default values are handled differently for web agents and j2ee agents</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1269" xlink:show="new">OPENAM-1269</link>: Entitlements are incorrectly converted to policies</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1237" xlink:show="new">OPENAM-1237</link>: Property 'noSubjectKeyIdentifier' is missing in fmWSSecurity.properties</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1219" xlink:show="new">OPENAM-1219</link>: SAML 2 metadata parsing breaks in glassfish 3.1.2</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1194" xlink:show="new">OPENAM-1194</link>: Unable to get AuthnRequest error in multiserver setup</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1181" xlink:show="new">OPENAM-1181</link>: Improperly defined applications cause the policy framework to throw NPE</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1137" xlink:show="new">OPENAM-1137</link>: Error message raised when adding a user to a group</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1111" xlink:show="new">OPENAM-1111</link>: Persistent search in LDAPv3EventService should be turned off if caching is disabled</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-1105" xlink:show="new">OPENAM-1105</link>: Init properties sometimes don't honor final settings</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-774" xlink:show="new">OPENAM-774</link>: Invalid characters check not performed.</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-752" xlink:show="new">OPENAM-752</link>: AgentsRepo#getAttributes fails to get agent information occasionally leading to server restart</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-294" xlink:show="new">OPENAM-294</link>: ssoadm: create and update </para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-291" xlink:show="new">OPENAM-291</link>: SelfWrite permissions are denied to sub realms</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <listitem><para><link xlink:href="https://bugster.forgerock.org/jira/browse/OPENAM-71" xlink:show="new">OPENAM-71</link>: SAML2 error handling in HTTP POST and Redirect bindings</para></listitem>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </itemizedlist>