Fixes in AM 7.0.x
This page lists the cumulative fixes in AM 7.0.x releases:
AM 7.0.2
OPENAM-17689 |
LDAPv3PersistentSearch should log when psearch connection is lost |
OPENAM-17688 |
InMemoryCtsSessionCacheStep#cacheTrusted field should be marked volatile |
OPENAM-17683 |
Selfservice user registration auto login fails for a sub-realm |
OPENAM-17673 |
Nodes within a Page node do not have access to secure state |
OPENAM-17672 |
Page Node does not expose inner nodes inputs or outputs |
OPENAM-17630 |
JMS Audit logging broken and cannot start up |
OPENAM-17591 |
Session quota destroy next expiring action can fail when two new sessions attempt to read and update the same expiring session |
OPENAM-17587 |
OIDC bearer token authentication module requires context value setting for client secret |
OPENAM-17570 |
OIDC request parameter decryption fails to find any applicable keys |
OPENAM-17555 |
AM 7.x versions of Amster use Java 8 format of debug port |
OPENAM-17517 |
JS versions of Social Identity Provider Profile Transformation scripts do not work due to a casting error. |
OPENAM-17515 |
Sub attribute in access token can be in wrong casing |
OPENAM-17483 |
SecretsPlugin upgrade from 6.5.x failing |
OPENAM-17477 |
Thread-safety issue in AMAuthenticationManager |
OPENAM-17436 |
JS version of the OIDC Claims script does not work due to a casting error. |
OPENAM-17405 |
Token introspection response not spec compliant |
OPENAM-17397 |
ssoadm can fail for some cloud-based setups due to FileBasedConfiguration check |
OPENAM-17365 |
Checking agent type with caller token can cause deadlock |
OPENAM-17364 |
prompt login / session upgrade / OIDC ACR looping with trees |
OPENAM-17361 |
API Explorer Swagger Template body needs modified to include configExport, debugLogs and threadDump as per the API Documentation |
OPENAM-17357 |
Remote Consent Service RCS does follow RCS consented scope when authorization endpoint accessed without any scope |
OPENAM-17349 |
OIDC Refresh token - Ops token is deleted from the CTS during refresh |
OPENAM-17337 |
Access token passed in request body results in failure |
OPENAM-17324 |
Client credentials grant in FBC config with group inheritance causes User not Valid Error |
OPENAM-17322 |
SAML2 bearer grant returns NoUserExistsException |
OPENAM-17321 |
Prometheus Endpoint returns http 500 error when used with file based config |
OPENAM-17317 |
A realm without any modules can cause increased thread count and slow response. |
OPENAM-17310 |
'ssoadm list-datastore-types' sub-command broken |
OPENAM-17277 |
AM Recording with thread dump only shows depth of 8 |
OPENAM-17276 |
AM recorder does not record anymore |
OPENAM-17274 |
AM should not change the supported subject types for an existing install |
OPENAM-17271 |
Typo for Realm in SAML/Federation debug |
OPENAM-17265 |
Wrong authorized_keys file updated |
OPENAM-17242 |
OAuth2 Policy - Environment Condition AuthLevel >= doesn’t work for ROPC grant |
OPENAM-17220 |
OAuthLogout.jsp compilation error isGotoUrlValid method signature not found |
OPENAM-17199 |
Insufficient debug logging for 'DJLDAPv3Repo.getAssignedServices' |
OPENAM-17175 |
XUI OAuth2 consent page does not render when using themes |
OPENAM-17157 |
Password reset via admin console with Proxied Authorization enabled is not possible |
OPENAM-17156 |
Adaptive Risk checkGeoLocation null countryCode can cause module fail. |
OPENAM-17121 |
Inefficient synchronized block in OAuth2ProviderSettingsFactory |
OPENAM-17117 |
Service config XML dump consumes a lot of memory (whole config is read to memory) |
OPENAM-17114 |
Save Consent check box always shown, even when not configured |
OPENAM-17102 |
OAuth2 client bearer authentication has insufficient logs for troubleshooting failing client authentication |
OPENAM-17097 |
Inconsistent scope policy evaluation between authorize and ROPC |
OPENAM-17089 |
Forgot password flow not working after initial attempt to reset password fails |
OPENAM-17081 |
OAuth2 client agent group settings are not taken into account |
OPENAM-17079 |
Identities and Session: unexpected returned error when trying to request for unexisting identity |
OPENAM-17070 |
SAML2 SP intiated SSO with AM as idp Proxy, RelayState is not returned from proxy after idp authentication |
OPENAM-17066 |
Unable to add server to existing deployment through UI |
OPENAM-17042 |
User Self Registration REST API does not generate SSO token |
OPENAM-17019 |
Allowing wildcards in OAuth 2.0 clients prevents exact matching from working |
OPENAM-17017 |
REST STS fails with unable get get sub-schema if cache is refreshed while updating REST config |
OPENAM-16998 |
Poor logging around failures "Invalid Assertion Consumer Location specified" |
OPENAM-16997 |
Device code grant implied consent fails if access_token request performed before user authenticates |
OPENAM-16955 |
When setCookieToAllDomains=false is used, a non matching request from other domain will fail |
OPENAM-16944 |
LDAP Decision node fails if inetuserstatus does not exist |
OPENAM-16932 |
PageNode does not pick up outcomes if ScriptedDecisionNode is used inside |
OPENAM-16910 |
Can not create SAML entity with entity id including a semicolon ';' |
OPENAM-16904 |
OIDC bearer module fails with NPE when id_token does not contain kid |
OPENAM-16883 |
AM ignores AuthnRequestsSigned property during SSO |
OPENAM-16881 |
SAML federation library stopped supporting ACS URLs with query parameters |
OPENAM-16876 |
Default ACR values on OIDC client profile is not honoured in order of preference |
OPENAM-16849 |
WeChat Social Auth module broken (regression) |
OPENAM-16801 |
SAML2 SP init SSO fails after upgrade to 7.0.0 |
OPENAM-16726 |
Insufficient debug logging for OAuth2 error 'invalid_client Server does not support this client’s subject type' |
OPENAM-16651 |
Default configuration fails if the trust store type JVM property is not defined for the JVM |
OPENAM-16638 |
AM with embedded DS setup fails when Java system keystore properties is set |
OPENAM-16608 |
AM with embedded DS setup fails with permission denied for truststore |
OPENAM-16581 |
SAML Authentication Module on hosted SP gets SAML No authentication context error |
OPENAM-16556 |
Radius Server’s does not log IP address into AM Audit logs |
OPENAM-16515 |
Social auth - insufficient debug logging for troubleshooting |
OPENAM-16472 |
Proxied Authentication fallback may not work when user entry lack some attributes |
OPENAM-16364 |
Macaroon access tokens don’t work with the new any-realm token introspection |
OPENAM-16262 |
Javadocs for IdUtils needs updating |
OPENAM-15963 |
Historical retention files ( csv ) were not deleted |
OPENAM-15214 |
Auth Tree - Clicking save with no changes causes render problem with node attributes inside page node |
OPENAM-14240 |
FMSigProvider.verify does not tell if certificates are provided |
OPENAM-13783 |
REST STS: Cannot add or modify nameID format in SAML config, and default value stated in help is incorrect |
OPENAM-13575 |
Unhelpful log message when OIDC public client wants to use HMAC id token signing |
AM 7.0.1
OPENAM-16935 |
Logout issue after logging into AM with 'Remember my username' selected with iOS 14.0.1 |
OPENAM-16934 |
sm.getSchemaManager has a typo including a comma |
OPENAM-16907 |
Kerberos Node in 7.0 does not work |
OPENAM-16877 |
Error when creating AM "Self-service Trees" service in native admin ui |
OPENAM-16848 |
Choice Collector and WDSSO node combination does not work if whitelisting is enabled |
OPENAM-16847 |
AM email service failing with 'Start TLS' option |
OPENAM-16838 |
AuthenticationApproachChecker does not handle session upgrade modules |
OPENAM-16823 |
IDM Nodes does not send or propagate transactionId tracking when contacting IDM |
OPENAM-16802 |
Upgrade from OpenAM 7.0 to 7.1.0 SNAPSHOT causes NPE |
OPENAM-16794 |
Google KMS options missing after upgrade from 6.5 |
OPENAM-16791 |
AMAccessAuditEventBuilder#forRequest can generate an entry with |-1 for the port |
OPENAM-16769 |
Enabling Auto-federation when User Profile is Dynamic on SP causes SP to hang during SAML flow |
OPENAM-16759 |
Amster on windows AM does not restart properly after setup |
OPENAM-16758 |
Cannot install AM 7 on Windows |
OPENAM-16745 |
client_id in access token ignores what’s been registered when idm cache is disabled |
OPENAM-16703 |
OAuth2 Access token obtained from refresh token is certificate-bound regardless of "Certificate-Bound Access Tokens" configuration (when client_secret_basic used for credentials) |
OPENAM-16702 |
Saving engine configuration in FBC mode makes that config non-readable |
OPENAM-16701 |
The authorize endpoint with a service parameter will cause the parameter to appear as a PAP claim in the agent’s ID token |
OPENAM-16697 |
Case mismatch for realm (when using legacy realm identifier format) on well-known endpoint results in issuer with incorrect path format |
OPENAM-16686 |
Cannot create a User after upgrade from 6.5.2 to 7.0.1 |
OPENAM-16684 |
OIDC Dynamic Registration client_description cannot take String type |
OPENAM-16669 |
IdentityGateway Agent entry missing attribute required to support org.forgerock.openam.agent.TokenRestrictionResolver#getAgentInfo |
OPENAM-16650 |
Authz Policy Subjects Policy.title is showing property name text |
OPENAM-16641 |
OAuth2 provider supported grant types attribute missing localization property on XUI |
OPENAM-16606 |
Missing "org.forgerock.openam.saml2.authenticatorlookup.skewAllowance" property in server defaults |
OPENAM-16594 |
ssoadm help should be updated to reflect changes in AME-18650 / OPENAM-16155 |
OPENAM-16583 |
Crucial information is missing when encountering LDAP connections issue. |
OPENAM-16555 |
(audit) logging does not tell which policy allowed or denied a resource request |
OPENAM-16551 |
Scalar String in OAuth2 Access Token Modification Script result in Unable to Obtain Access Token |
OPENAM-16545 |
Upgrade to AM 7.0.0 can cause problems with properties being overriden for some web agents |
OPENAM-16485 |
'Failed Login URL' is not picked up from the auth chain |
OPENAM-16483 |
XUI - Typo in SAML SP "Default Relay State Url" label |
OPENAM-16368 |
Settings of Mail and Scripting global service properties are overwritten at upgrade |
OPENAM-16367 |
OIDC request_uri response causes NPE while debug logging |
OPENAM-16354 |
Concurrency bug in OAuth2ProviderSettingsFactory |
OPENAM-16338 |
Failing REQUISITE module after SUFFICIENT Device Match doesn’t fail chain properly |
OPENAM-16157 |
Session Property Whitelist Service allows case variant Property Names but DS is not case sensitive |
OPENAM-16152 |
After upgrade, new Identity page has duplicate 'new identity' field and email address does not save |
OPENAM-16006 |
Device Code Grant does not work with Implied Consent as Authorization is not approved even after consented |
OPENAM-15671 |
LoginContext is missing debug logging for troubleshooting |
OPENAM-15663 |
UserInfoClaims is not part of public API |
OPENAM-14682 |
Microsoft Social Auth fails when creating an Microsoft account (Legacy OAuth2) |
OPENAM-14527 |
Microsoft Social Auth does not work with latest MS endpoints (Legacy OAuth2) |
OPENAM-11706 |
Policies in a policy set are not visible in Internet Explorer IE |
AM 7.0
OPENAM-16433 |
Audit Logging change of behaviour when capturing "principals" and "userid" data for each authentication entry. |
OPENAM-16425 |
AM does not handle malformed/incorrect signature correctly |
OPENAM-16402 |
The passwordpolicy.allowDiagnosticMessage should be applicable to admin and selfservice password change. |
OPENAM-16379 |
URL fragments like # cause forbidden login in the XUI |
OPENAM-16284 |
XUI does not handle Special Chars / UTF-8 in realms properly. |
OPENAM-16279 |
AgentsRepo cannot recover when it fails especially on external Application store. |
OPENAM-16251 |
OIDC authentication request with parameters 'prompt=none' and 'acr_values=' triggers authentication |
OPENAM-16240 |
REST STS under subrealm cannot generate id_token with realm claim |
OPENAM-16233 |
Policy evaluation fails when subject not found (even in ignore profile) |
OPENAM-16214 |
Push Authentication Module does not work on Session Upgrade when User Cache disabled |
OPENAM-16184 |
Zero Page Login Collector does not work with UTF-8 base 64 encoded usernames and passwords |
OPENAM-16165 |
social authmodule causes NullPointerException |
OPENAM-16164 |
social authmodule fails if OIDC provider uses algorithm RS256 to sign Id Token |
OPENAM-16136 |
queryFilter only matches against first entry in array |
OPENAM-16132 |
When TtlSupport is enabled, Stateless OAuth2 Refresh token and JWT whitelist fails on synchroniseExpiryDates |
OPENAM-16032 |
Unable to delete devices with Recovery Code Collector Decision Node |
OPENAM-16031 |
Intermittent error message when concurrent obtain SSO Token ID with session quota constraints |
OPENAM-16014 |
An invalid user passed to any WebAuthn node throws NPE and breaks the Tree flow |
OPENAM-16013 |
Mismatched kid from Json Web Key URI when Specified Encryption Algorithm |
OPENAM-16009 |
Windows Desktop SSO node full adoption and compliance with tree node specifications |
OPENAM-15989 |
OAuth2 client_id should be url-decoded when using basic auth |
OPENAM-15982 |
OIDC - JWT Request Parameter returns errors in query, not in the fragment when consent is denied |
OPENAM-15970 |
Access Token introspect Fails in subrealm after root realm modified |
OPENAM-15944 |
WS-Federation - RPSignin Request fails because config data is used unchecked |
OPENAM-15905 |
Login failure with Post Authentication Plugin on timed out Authentication session throws NullPointerException |
OPENAM-15900 |
Kerberos fails when used with IBM JDK |
OPENAM-15896 |
WS-Federation relying party initiated passive request - stuck at Account Realm selection |
OPENAM-15881 |
Custom AM User (amUser.xml) field does not use default values from the schema |
OPENAM-15858 |
Auth Tree fails before 'Max Authentication Time' is reached if authentication session state management scheme CTS is used |
OPENAM-15853 |
External UMA store fails on resource creation |
OPENAM-15805 |
idtokeninfo endpoint gives invalid signature error when ID Token is expired |
OPENAM-15785 |
OIDC spec violation - HTTP POST can not be used to send Authentication Request |
OPENAM-15784 |
Form elements in policy environment condition tab are displayed twice |
OPENAM-15766 |
LoginState - account lockout is checkout although AM AccountLockout is disabled |
OPENAM-15758 |
KeyStore Secret Store fails to start due to secretId having some characters. |
OPENAM-15750 |
ERROR |
OAuth2Monitor |
Unable to increment "oauth2.grant" metric for unknown grant type BACK_CHANNEL |
OPENAM-15724 |
SAML2 entities do not set amlbcookie if there is only one server |
OPENAM-15713 |
AM SP drop the 80 characters RelayState silently for HTTP Redirect |
OPENAM-15698 |
IdP-initiated SSO fails with error 'Error processing AuthnRequest. IDP Session is NULL' |
OPENAM-15697 |
Default ACR values from OAuth2 provider not taken into account |
OPENAM-15694 |
RestSTSServiceHttpRouteProvider causes memory leak by adding route for every access |
OPENAM-15679 |
The option "com.sun.am.ldap.connnection.idle.seconds" has a misspelling |
OPENAM-15670 |
DeviceIdSave auth module initialization fails if username is null |
OPENAM-15667 |
AM debug log does not tell which auth-module was handled - needed for troubleshooting |
OPENAM-15645 |
The &refresh=true|false parameter for _action=validate is not working as expected |
OPENAM-15632 |
OAuth2 Refresh token lifetime with -1 (never expires) cannot work with CTS TTL support |
OPENAM-15628 |
Grant-Set Storage Scheme for CTS does not work with CIBA Flow |
OPENAM-15627 |
Switching CTS Storage Scheme to "Grant-set" fails with stateless refresh-tokens created with "One-To-One" |
OPENAM-15579 |
AM cookies are not set after successful SP-initiated SSO flow if SP Adapter calls 'response.sendRedirect(String)' |
OPENAM-15559 |
OATH module broken in Japanese locale |
OPENAM-15533 |
WS-Federation doesn’t work with Authentication Trees |
OPENAM-15530 |
OAuth2/OIDC - Resource Owner Password flow with a public client creates an AM session in CTS |
OPENAM-15520 |
XUI Localisation Falls Back To AM-Default "EN" Instead Of Language-Default |
OPENAM-15508 |
moduleMessageEnabledInPasswordGrant does not apply to Trees |
OPENAM-15507 |
500 error when calling /revoke or /refresh endpoint with wrong token |
OPENAM-15501 |
Xml encryption 1.1 namespaces aren’t always mapped to prefixes correctly |
OPENAM-15494 |
AM expects nonce request parameter in authorize request when no id_token will be returned |
OPENAM-15491 |
Self service password reset returns 500 Internal Server Error, when new password rejected by datastore password policies. |
OPENAM-15489 |
WebAuthN Auth Node Doesn’t Respect UV=Discouraged During AuthN |
OPENAM-15465 |
Sending HTTP Callback from Inner Tree Evaluator Fails Authentication |
OPENAM-15459 |
When Encrypted Attributes on SP is set only with AutoFederation enabled, the attributes get decryption error |
OPENAM-15425 |
OIDC endsession - encrypted id_tokens are not supported |
OPENAM-15374 |
OpenID Client authentication with private_key_jwt and client_secret_jwt does not enforce required jti claims |
OPENAM-15355 |
PageNode with multiple InputNodes without value throws Unsupported InputOnlyPasswordCallback |
OPENAM-15349 |
Access Token request returns a 500 error |
OPENAM-15345 |
at_hash value generated does not take the latest modified access token |
OPENAM-15323 |
ROPC with tree throws "Internal Server Error (500)" when user credentials are incorrect using AuthTree |
OPENAM-15307 |
Trees Example is not working as expected OOTB to ?service=Example |
OPENAM-15303 |
Claims with multiple values in issued_token from REST STS represented inconsistently. |
OPENAM-15244 |
AM configuration does not perform schema extension for identity store although it has the permissions |
OPENAM-15210 |
Authentication nodes that is assigned AuthType values may not work in Session Upgrade case with custom modules |
OPENAM-15164 |
CDSSO with "ignore profile" throws "No OpenID Connect provider" |
OPENAM-15160 |
LDAP Decision Node throws NPE when custom ldap server returns LDAP code 50 on bind |
OPENAM-15150 |
Upgrade fails when there is a bad Token Signing ECDSA public/private key pair alias field |
OPENAM-15147 |
HTTP 500 upon accessing openam/json/ |
OPENAM-15145 |
OpenAM Scope Validator calls getUserInfo twice when creating IdToken |
OPENAM-15121 |
Persistent Cookie Auth Tree does not work after the second relogin ( with browser closed ) |
OPENAM-15117 |
KeyVault KeyStoreType not supported |
OPENAM-15116 |
Auth ID jwt can be modified to determine whether a realm exists or not |
OPENAM-15105 |
Unable to get trusted devices using REST API |
OPENAM-15101 |
Remove the ability to disable XUI |
OPENAM-15089 |
SAML SLO - Allow RelayState to be a path-relative URL |
OPENAM-15076 |
webAuthn config does not allow for multiple origins under the same rpId |
OPENAM-15044 |
OpenID connect id_token bearer Module Unable to obtain SSO Token due to OpenIDResolver Caching |
OPENAM-15036 |
Cannot view/manage SAML IdP entity in console, imported from schema compliant meta data file |
OPENAM-15028 |
Cannot load metadata in ssoadm without extended metadata |
OPENAM-15012 |
OIDC - JWT Request Parameter returns errors in query, not in the fragment |
OPENAM-14995 |
IdP Initiated single logout only performs local logout if IdP session cannot be found in cache |
OPENAM-14991 |
Changes to boot.json are overwritten |
OPENAM-14979 |
NPE in UtilProxySAMLAuthenticatorLookup if there is a failure to find cached oldSession in sessionUpgrade |
OPENAM-14977 |
PKCE Code challenge method for Authorization Code if not set should use plain |
OPENAM-14966 |
Performing access_token with arbitrary text as trusted cert header causes server error |
OPENAM-14919 |
Unncessary 'Unable to parse packet received from RADIUS client' log entries in log file |
OPENAM-14901 |
XUI - SAML2 module doesn’t redirect to IDP if it’s 2nd in the chain |
OPENAM-14895 |
user identity creation fails with "Identity |" of type user not found. |
OPENAM-14893 |
XUI displays multiple error messages when an authentication session times out |
OPENAM-14889 |
Upgrade of Peristent Cookie auth module fails |
OPENAM-14883 |
OAuth2/OIDC - Issuing client secret to Public clients during registration |
OPENAM-14881 |
AM Proxied authorization feature on DataStore does not work with locked or expired DJ accounts for password change (gives errorcode=123) |
OPENAM-14867 |
AuthType is not set for Authentication Tree (AnyKnownUserAuthzModule fails in AuthTree) |
OPENAM-14859 |
ROPC throws "Internal Server Error (500)" when 'Password Grant authentication service' is empty |
OPENAM-14858 |
When NameIDPolicy does not contain |
OPENAM-14848 |
Insufficient debug logging in OpenID Connect authentication module |
OPENAM-14845 |
user info endpoint does not correctly handle Certificate Bound Access Tokens |
OPENAM-14829 |
AuthSchemeCondition doesn’t return realm aware policy condition advice |
OPENAM-14825 |
OAuth2 Dynamic Registration with Software Statement triggers objectClass=| search |
OPENAM-14804 |
Memory leak when running UMA RPT soak test |
OPENAM-14799 |
Unable to update Agent profile using REST |
OPENAM-14794 |
User privileges are removed from group if another group is given same privilege |
OPENAM-14786 |
idpSingleLogoutPOST throws error 500 IllegalStateException on SLO |
OPENAM-14783 |
PKCS11 KeyStore does not work on IBM JVM |
OPENAM-14782 |
AuthTree created Session does not use per User Session Service settings |
OPENAM-14766 |
introspect and tokeninfo endpoints return Internal Server Error 500 in some invalid tokens |
OPENAM-14717 |
mailto attribute have space between '|' and mail address |
OPENAM-14694 |
Consent page still shows claim values even when supported claim description is omitted |
OPENAM-14651 |
OAuth2 GrantSet E-Tag Assertion Failures due to Stale Reads |
OPENAM-14581 |
handling ManageNameID fails if NameID does not include SPNameQualifier |
OPENAM-14578 |
WDSSO failing but no fallback… |
OPENAM-14573 |
amlbcookie is not secure when authenticating with trees |
OPENAM-14572 |
prompt=login destroys and creates new session |
OPENAM-14570 |
OAuth mTLS DN comparison fails when DER-encoding is different |
OPENAM-14548 |
consent page still shows what’s been granted/removed as a result of OAuth2 scope policy evaluation |
OPENAM-14546 |
SSOADM access not audited to the ssoadm.access logs anymore |
OPENAM-14539 |
SAML SLO with multi protocols |
OPENAM-14529 |
UMA RPT expiry time incorrect in CTS |
OPENAM-14523 |
NullPointerException in IdP-initiated ManageNameIDRequest using SOAP Binding |
OPENAM-14503 |
SAML2 - Key Transport Algorithm - RSA OAEP must be supported |
OPENAM-14483 |
If there is no token, then landing on the AM login page will result in 2 getSessionInfo Requests = 401 UnAuthZ |
OPENAM-14480 |
AuthLoginException is lost |
OPENAM-14471 |
Failed to create root realm for data store (External Policy |
Application) |
OPENAM-14465 |
SAML2 Artifact binding fails on multi-instance / multiserver IDP setup with SAML2 Failover on |
OPENAM-14464 |
XUI sends the following message "Loading custom partial "${partialPath}" failed. Falling back to default." to the browser console when a custom theme is used |
OPENAM-14450 |
userinfo typo in Claims.java |
OPENAM-14426 |
Unable to add external data store in AM (Policy | Application) when using TLS/SSL |
OPENAM-14419 |
Policy evaluation returns search results for all policies that match outside of specified application |
OPENAM-14393 |
CTS Operation Fails Entry Already Exists logged for SAML2 Authentication is done |
OPENAM-14391 |
Self Service Link not Display when Using Authentication Tree |
OPENAM-14378 |
'Set Persistent Cookie' node sets domain cookies in only one domain despite multiple Cookie Domains set |
OPENAM-14369 |
Upgrading from OpenAM 13.5.0 with custom PAPs causes NPE failure |
OPENAM-14362 |
UMA load test fails with Invalid resource type error |
OPENAM-14353 |
Error Message not Displayed when Change Password does not Meet Password Policy |
OPENAM-14337 |
Fail gracefully when request OIDC token using "Pairwise" Subject Type and no Redirection URI is configured in client |
OPENAM-14313 |
Audit Logging - STS transformations create duplicate entries |
OPENAM-14310 |
CheckSession page indicates the session is not valid |
OPENAM-14294 |
am-external Git repository 6.5 have bad source |
OPENAM-14281 |
IdP Proxy relays wrong AuthnContextClassRef |
OPENAM-14239 |
FMSigProvider.verify NPE with null input for certificates |
OPENAM-14233 |
updated_at claim in the ID Token is returned as a string and not a number |
OPENAM-14232 |
Performance issue when creating resource_set in UMA with many existing resource_set |
OPENAM-14229 |
custom AuthorizeTemplate under theme not used |
OPENAM-14213 |
Cannot view SAML SP entity imported with missing AuthnRequestsSigned attribute |
OPENAM-14212 |
SAML redirect to login page fails if AM installed into the root context |
OPENAM-14200 |
Social auth modules do not work when AM is installed into the root context |
OPENAM-14189 |
effectiveRange of Time environment has issue |
OPENAM-14175 |
CTS updates on multivalue attributes may throws Duplicate values exception |
OPENAM-14174 |
AM shows Ldapter.delete exception when session expires is triggered |
OPENAM-14167 |
HTML tags are shown part of the messages in Change Password section of AD Authentication module. |
OPENAM-14147 |
arg=newsession in XUI just shows the "Loading…" page |
OPENAM-14115 |
Sample Auth module does not work in a chain when used with Shared-state |
OPENAM-14112 |
Using client-based sessions when acting as SP can lead to an out-of-date client-based session cookie |
OPENAM-14111 |
Refresh Token flow not enabled on OAuth2 Client can still use Refresh Token flow |
OPENAM-14062 |
Redirect to Failure URL does not occur when authentication tree is not interactive |
OPENAM-14054 |
XUI Custom templates and Partials not applied consistently |
OPENAM-14053 |
Cannot build AM UI in Windows for Yarn using mvn |
OPENAM-14040 |
LdifUtils debug logging prints out wrong classname |
OPENAM-14018 |
Radius Authentication Module Primary and Secondary Radius Server help button shows server:port when it should be server |
OPENAM-13999 |
Custom node containing ConfirmationCallbacks fails when dropped in a page node. |
OPENAM-13991 |
'issuer' value in .well-known/openid-configuration response is incorrect for a sub-realm |
OPENAM-13978 |
Session Upgrade - AuthLevel format changes |
OPENAM-13942 |
SAML2 Circle of Trust - REST Update doesn’t update the metadata of the provider |
OPENAM-13934 |
saml2error.jsp fails with exception when malformed SAML2 response given |
OPENAM-13900 |
OAuth2 Device flow - duplicate user_code error after authenticating user |
OPENAM-13892 |
Erroneous "Response’s InResponseTo attribute is not valid error "SAML2 failover is enabled" when it is not |
OPENAM-13890 |
Install.log logs AMLDAPUSERPASSWD for unprivileged demo user in plaintext |
OPENAM-13851 |
Rest STS cannot be created in the Console when upgrading to 6 |
OPENAM-13831 |
RP-Initiated Logout does not handle state parameter |
OPENAM-13779 |
Session API - _action=refresh requires an admin token |
OPENAM-13764 |
Monitoring logs in ERROR for "Agent.configAgentsOnly |
agent type = OAuth2Client" |
OPENAM-13720 |
Public API method LDAPUtils.convertToLDAPURLs can not handle IPv6 literals |
OPENAM-13490 |
Software Publisher Agent - Secret is not saved when creating an Agent |
OPENAM-13465 |
Dynamic client registration sets wrong subjectType |
OPENAM-13446 |
Social Auth Service doesn’t redirect if already using another chain |
OPENAM-13419 |
LDAPPolicyFilterCondition doesn’t set request timeout |
OPENAM-13324 |
/users/{user}/devices/trusted REST queryFilter expression does not work and acts as "true" |
OPENAM-13064 |
OAuth2 - SAML v.2.0 Bearer Assertion Grant - SubjectConfirmationData element should be optional |
OPENAM-13000 |
Custom authentication module with a single ChoiceCallback value is processed without confirmation |
OPENAM-12955 |
Resource Owner Password Credentials Grant does not work with trees |
OPENAM-12759 |
max_age should a number, not a string |
OPENAM-12574 |
SAML2Utils.sendRequestToOrigServer throws NullPointerException on processing Cookies |
OPENAM-12498 |
Authorization Grant response returns scope(s) in the URL |
OPENAM-12228 |
WebAgent REST API queryFilter expression does not work and acts all "true" |
OPENAM-12186 |
Introspect endpoint for RPT does not check the authorization scheme |
OPENAM-11921 |
Incorrect NameId Format offered for SAML2 auth module in console |
OPENAM-11863 |
CORSFilter position in web.xml should come before most filters |
OPENAM-11778 |
Getting accessToken using authorization_code result in Unhandled exception |
OPENAM-11338 |
OpenID Connect id_token bearer auth module mixes up aud, azp during verification |
OPENAM-10869 |
SAML2 Authentication module return "Unable to link local user to remote user" ambiguous. |
OPENAM-10843 |
When generating an OIDC token through STS a "kid" value is not specified |
OPENAM-10127 |
SessionMonitoringStore should only be instantiated when monitoring is enabled |
OPENAM-9931 |
Global Session Service - two fields with the exact same name (Redundant 'Global Attributes' setting should be removed) |
OPENAM-9777 |
Json Web Key URI in OAuth2 OpenID connect client config pre-populated incorrectly |
OPENAM-9459 |
500 Internal Server Error from changePassword endpoint with AD repo |
OPENAM-5867 |
Data Store LDAP server (admin-ordered) list is reordered by OpenAM |