Fixes in AM 7.3.x

OPENAM-23519

Android devices without a screen lock not working with WebAuthn registration

OPENAM-23518

AuthenticateToTreeConditionAdvice doesn’t work with Inner Tree as first node

OPENAM-23441

Enabling OAuth2 client option "Allow wildcard ports in redirect URIs" prevents application URIs from working

OPENAM-22846

External app/policy store active/passive LB isn’t working

OPENAM-22654

BooleanAttributeInputCallback renders an enabled checkbox in AM XUI

OPENAM-22608

Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing

OPENAM-21026

OAuth Clients don’t work when the redirect uri list contains an invalid uri

OPENAM-20451

Fix to display user-friendly account name during WebAuthn device registration

OPENAM-15834

Access token call fails when an unsupported claim is requested

OPENAM-22836

Unable to update KBA Security questions using XUI

OPENAM-22753

Destroy All session may fail to work

OPENAM-22717

SP-initiated SSO fails with "Illegal character in scheme name" when IdP name contains a special character

OPENAM-22696

Persistent search notification invalidation on AD identity store doesn’t invalidate user cached attributes

OPENAM-22656

Setting JWKs URI content cache timeout to a small value throws an error

OPENAM-22632

AMSetupServlet install error with Windows multi-domain environment

OPENAM-22602

OIDC ID Token Validator node uses own httpClient settings to connect to JWK or well-known URL

OPENAM-22421

Webauthn: Windows Hello TPM Attestation failing for Windows 11 22H2

OPENAM-22391

Issues with evaluateTree when using wildcard policies

OPENAM-22322

Unable to verify signed ArtifactResponse Assertion leading to failure

OPENAM-22318

OAUTH_REQUEST_ATTRIBUTES cookie isn’t getting deleted after authentication

OPENAM-22289

Session quota action may fail when the session isn’t updatable but should be fine to proceed

OPENAM-22288

Amster upgrade 7.3.0-to-7.3.x fails with Groovy Exception

OPENAM-22181

Approve UMA request fails with 500 error when AM deployed as a platform

OPENAM-22120

Backchannel logout token doesn’t contain exp claim

OPENAM-21972

SAML artifact binding is failing in load-balanced deployments

OPENAM-21937

Quota enforcement affects agent sessions that authenticate by tree

OPENAM-21897

Creation order determines policy evaluate and evaluateTree results

OPENAM-21473

Certificate collector node: getPortalStyleCert throws exception when cert/header not present

OPENAM-21322

AM console allows creation of entity provider with space at the end of the name

OPENAM-21191

Web agent sessions have a long session lifetime of 42 years

OPENAM-21085

Undefined bindings are incorrectly evaluated in Groovy scripts

OPENAM-20945

Unable to trace token revocation back to resource owner because of missing trackingID field

OPENAM-20314

Social Provider Handler node and Social IdP service use the sub claim to search for links to existing accounts

OPENAM-20299

Fix to make agent authentication honor com.iplanet.am.session.agentSessionIdleTime

OPENAM-19261

Fix incorrectly logged errors when introspecting tokens using OAuth 2.0 client credentials grant

OPENAM-22017

ConfigProviderNode creates node class dynamically leading to native memory leak

OPENAM-21976

Single point of locking contention when performing client-based session logout

OPENAM-21941

Unable to edit policies in the UI

OPENAM-21854

TermsAndConditionsCallback fails with error on XUI

OPENAM-21747

Rest SDK and Amster send cookies if request has cookie header

OPENAM-21728

Certificate module fails using JDK 11.0.21 and later with undefined access to private method

OPENAM-21484

Introspecting OAuth 2.0 refresh tokens results in different claim value types in the response

OPENAM-21421

Scripting logger name isn’t based on logging hierarchy convention

OPENAM-21390

ConsumedStateDataCache can cache an incomplete set of reachability data when on multi-AM environment

OPENAM-21304

OAuth 2.0 dynamic client registrations don’t retain request_uri values when creating

OPENAM-21277

Running Amster in debug mode doesn’t work on Windows

OPENAM-21164

Calling toXMLString in custom SAML adapter can return incorrectly formatted XML leading to invalid signature

OPENAM-21160

Inconsistent values in secure state when navigating an authentication tree

OPENAM-21158

Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2

OPENAM-21069

WindowsDesktopSSO authentication is failing

OPENAM-21030

Amster 7.3.0 CLI isn’t working on Windows

OPENAM-21010

Social authentication for remote OIDC server for user profile non-english words corrupted

OPENAM-21004

AM will always look for valid session when scope=openid

OPENAM-21001

IdPAccountMapper is not correctly determined

OPENAM-20980

Unable to use issuer comparison check regex in oidc social provider

OPENAM-20897

Debug logs not showing info for ERROR: Unsupported Callback, "{0}" and others

OPENAM-20895

Newly-created Maven archetype project fails to build

OPENAM-20756

OIDC social authentication request (Apple) fails due to duplicate response_mode=form_post request parameter

OPENAM-20691

Destroy oldest session may fail to work

OPENAM-20682

Unable to encrypt from jwk_uri when there are duplicate kid

OPENAM-20490

AESWrapEncryption shows "WARN: AESWrap-encrypted data is less than 16 bytes"

OPENAM-20026

Trailing whitespace prevents social provider deletion via UI

OPENAM-19999

ID token as AM session doesn’t work with /authorize when openid scope is requested

OPENAM-19889

Policy evaluation fails with agent access token JWT as subject

OPENAM-19282

Recovery Code Display Node works only immediately after Registration node

OPENAM-18599

Allow for custom error message if user account is locked

OPENAM-20396

Authentication tree is selected by order of acr to tree mapping, not the default values, and order is not preserved

OPENAM-20360

Ampersand is double encoded in the Destination of a SAML Assertion

OPENAM-20260

Unable to log into AM when external application store is down

OPENAM-20230

Class allowlisting fails with permission denied after an extended period

OPENAM-20181

AD account notification fails

OPENAM-20159

Upgrader adds requestObjectProcessing to OAuth2Provider subconfigs

OPENAM-20104

The fragment response_mode for the /oauth2/authorize endpoint is not working

OPENAM-20085

STS token generation does not work with clustered docker pods

OPENAM-20082

Locked out users are shown a misleading error message

OPENAM-19868

Correctly handle multi-line text in Email Suspend nodes

OPENAM-19866

Excessive logging when accessing protected resources

OPENAM-19726

The par endpoint doesn’t return a request_uri when using JAR and claims are provided

OPENAM-19665

Wrong Java version in Amster README file

OPENAM-19515

Unable to update session service with read only identity store

OPENAM-19411

Amster installation failure with authorizedKey parameter when trying to overwrite an existing configuration

OPENAM-18818

Persistent search error message shows wrong DS identifier

OPENAM-18488

Windows Hello with TPM/platform authenticator returns two certificates

OPENAM-18172

Multiple instances of "No Social Authentication Service found for realm" logged at WARNING level

OPENAM-17215

Policy debug log fills up at very high pace if the config store is not found

OPENAM-13766

No configuration found for login with SessionConditionAdvice=deny