Fixes in AM 8.0.x
This page lists the cumulative fixes in AM 8.0.x releases:
AM 8.0.1
AME-31120 |
Prevent using library scripts in Node Designer scripts |
AME-31114 |
Change the case of the SNS push message |
AME-31109 |
Amster 8.0 import fails with |
OPENAM-23770 |
WebAuthn node flow causes exception instead of |
AM 8.0
OPENAM-23581 |
Configuration Provider node doesn’t accept duration values as integers |
OPENAM-23537 |
Configuration Provider node fails to get inputs for Inner Tree node |
OPENAM-23519 |
Android devices without a screen lock throw an error with WebAuthn registration |
OPENAM-23518 |
AuthenticateToTreeConditionAdvice doesn’t work with Inner Tree as first node |
OPENAM-23516 |
Timeout node configuration properties no longer accept negative numbers |
OPENAM-23441 |
Enabling OAuth2 client option "Allow wildcard ports in redirect URIs" prevents application URIs from working |
OPENAM-23427 |
Composite advice with Auth Level fails when the realm contains a broken journey |
OPENAM-23228 |
Fix file leak when receiving large response from next-generation scripting |
OPENAM-23095 |
Reduced default OAuth2 denylist poll interval to ensure access token is correctly reported invalid |
OPENAM-23091 |
Fix for |
OPENAM-23077 |
The |
OPENAM-23059 |
|
OPENAM-22988 |
Failover doesn’t occur when heartbeat interval is set to 0 |
OPENAM-22966 |
AM should accept |
OPENAM-22955 |
Set Persistent Cookie node before tree failure causes 500 error instead of 401 |
OPENAM-22865 |
Stateful refresh token revoke race condition |
OPENAM-22846 |
External app/policy store active/passive LB isn’t working |
OPENAM-22811 |
Unable to modify |
OPENAM-22708 |
Loop back to the same node causes exception when the journey runs |
OPENAM-22688 |
Page node localization for header, description and footer isn’t working as expected |
OPENAM-22675 |
Next-generation scripting |
OPENAM-22657 |
JWT validation fails when signed using the RS256 algorithm |
OPENAM-22652 |
Some authentication nodes missing from am-external after IDM node seperation |
OPENAM-22630 |
Empty webhooks property key results in NullPointerException |
OPENAM-22608 |
Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing |
OPENAM-22298 |
NullPointerException in |
OPENAM-22297 |
Saml2Node doesn’t log whether SP and IDP descriptor were retrieved |
OPENAM-22270 |
No OAuth clients shown when scalable agents enabled |
OPENAM-22264 |
AM doesn’t use global service schema properties set by |
OPENAM-22171 |
Forgotten Password flow fails when AM searches for the identity to modify |
OPENAM-22146 |
Request object failure not logged even when debug logging is set to highest level |
OPENAM-22120 |
Backchannel logout tokens now include the |
OPENAM-22009 |
Providing an invalid alias to a secret store mapping breaks AM |
OPENAM-21974 |
Social Identity Provider Service: LinkedIn template is out of date |
OPENAM-21913 |
When doing Session upgrade the Session property |
OPENAM-21617 |
Exception thrown by scope validator script not whitelisted in script engine configuration |
OPENAM-21545 |
Unable to create a circle of trust in file-based configuration with external data store |
OPENAM-21003 |
IE11 not working during SAML tree authentication due to use of Arrow function |
OPENAM-18252 |
Let nodes update the universal ID for impersonation and peer authentication |
OPENAM-15834 |
Access token call fails when an unsupported claim is requested |
OPENAM-15410 |
Audience claim not able to customize if scope with openid and profile |
OPENAM-14438 |
Ensure OAuth2ClientAgentGroups are imported before OAuth2ClientAgents in Amster |
OPENAM-14217 |
Add more debug when getSessionInfo v2.1 fails with Internal Server Error |
AM 7.5.x
AM 7.5.2
OPENAM-24543 |
The PingOne Protect Initialization node displays an unnecessary form to the end user |
OPENAM-24349 |
"Unable to determine key size for key" error occurs when signing an assertion with an explicit signing algorithm configured in the SP |
OPENAM-24335 |
The |
OPENAM-24125 |
OAuth 2.0 or agent service fails to recover after schema reload required for external app store |
OPENAM-24109 |
LDAPFilterCondition uses search time limit for request timeout |
OPENAM-23716 |
Policy lookup doesn’t error when cache isn’t populated and policy store is down |
OPENAM-23595 |
Redirect using a URN loses the scheme-specific part |
OPENAM-23767 |
The |
OPENAM-23766 |
Adapter Environment under SP role in the GUI isn’t working properly |
OPENAM-23519 |
Android devices without a screen lock not working with WebAuthn registration |
OPENAM-23518 |
AuthenticateToTreeConditionAdvice does not work with innerTree as first node |
OPENAM-23441 |
Enabling OAuth 2.0 client option "Allow wildcard ports in redirect URIs" prevents application URIs from working |
OPENAM-23341 |
AM doesn’t log errors for OIDC or OAuth 2.0 failures |
OPENAM-23283 |
SecretReferenceCache not used for |
OPENAM-23091 |
Fix for |
OPENAM-22988 |
Failover doesn’t occur when heartbeat interval is set to |
OPENAM-22846 |
External app/policy store active/passive LB isn’t working |
OPENAM-22657 |
JWT validation fails when signed using the RS256 algorithm |
OPENAM-22654 |
BooleanAttributeInputCallback renders an enabled checkbox in AM XUI |
OPENAM-22630 |
Empty webhooks property key results in a NullPointerException |
OPENAM-22608 |
Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing |
OPENAM-22520 |
WebAuthN (FIDO Certification): TPM attestation failing when |
OPENAM-22346 |
The RP |
OPENAM-22298 |
NullPointerException in |
OPENAM-22281 |
NameIdFormat values populated for remote IdP |
OPENAM-22120 |
Backchannel logout tokens now include the |
OPENAM-20776 |
Enable private key jwt audience to be configurable |
OPENAM-20239 |
Setting the |
OPENAM-20089 |
Configuration Provider nodes don’t take integer values |
OPENAM-15834 |
Access token call fails when an unsupported claim is requested |
OPENAM-15410 |
Audience claim not customizable when scope set to |
AM 7.5.1
IAM-5473 |
Always save UI environment variables to |
IAM-6429 |
Failure URL node not working as expected on Safari when used with a Message node |
OPENAM-23059 |
SSOADM doesn’t work for realm defaults |
OPENAM-22955 |
Set Persistent Cookie node causes 500 error before failure |
OPENAM-22847 |
Nodes that use a tree hook with an injection annotation cause an error when the tree fails |
OPENAM-22836 |
Unable to update KBA security questions using XUI |
OPENAM-22753 |
Destroy All session may fail to work |
OPENAM-22717 |
SP-initiated SSO fails with "Illegal character in scheme name" when the IdP entity name has a special character |
OPENAM-22715 |
|
OPENAM-22708 |
Loop back to the same node causes exception when tree is executed |
OPENAM-22696 |
Persistent search notification invalidation on AD identity store doesn’t invalidate user cached attributes |
OPENAM-22676 |
|
OPENAM-22675 |
Unable to set a default value for NameCallback in next-generation |
OPENAM-22672 |
Configuring SAML entities with invalid secret label mappings break SAML flows for other entities |
OPENAM-22656 |
Setting |
OPENAM-22632 |
|
OPENAM-22620 |
Slow response from access token endpoint using client credentials grant |
OPENAM-22602 |
OIDC ID Token Validator Node isn’t using inbuilt |
OPENAM-22465 |
Unexpected error when |
OPENAM-22391 |
Issues with |
OPENAM-22322 |
ArtifactResponse Assertion that is signed cannot be verified and fails |
OPENAM-22318 |
OAUTH_REQUEST_ATTRIBUTES cookie isn’t getting deleted after authentication |
OPENAM-22289 |
Session quota action may fail when the session is not updateable but should be fine to proceed. |
OPENAM-22281 |
NameIdFormat values populated for remote IdP |
OPENAM-22181 |
Approve UMA request fails with 500 error when AM deployed as a platform |
OPENAM-22171 |
Forgotten password fails when AM searches for the identity to modify |
OPENAM-22146 |
OAuth 2.0 request object failure not logged for POST requests even when full debug logging is enabled |
OPENAM-22120 |
Backchannel logout tokens now include the |
OPENAM-22109 |
The expiry time of OPS token in 7.x fails to update correctly |
OPENAM-22009 |
Providing an invalid alias to a secret store mapping breaks AM |
OPENAM-21972 |
SAML artifact binding is failing in load-balanced deployments |
OPENAM-21951 |
No option to set the |
OPENAM-21897 |
Creation order determines policy evaluate and evaluateTree results |
OPENAM-21864 |
No option to enable the |
OPENAM-21852 |
Failure when reading input from next-generation SelectIDPCallback |
OPENAM-21609 |
OAuth2Provider service created immediately after install/restart isn’t available in code flow |
OPENAM-21191 |
Web agent sessions have a long session lifetime of 42 years |
OPENAM-21158 |
Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2 |
OPENAM-20945 |
Unable to trace token revocation back to resource owner because of missing |
OPENAM-20609 |
Inconsistent error message getting access token when using refresh token after changing username |
OPENAM-20314 |
Social Provider Handler node and Social IdP service use the |
OPENAM-14438 |
Ensure OAuth2ClientAgentGroups are imported before OAuth2ClientAgents in Amster |
AM 7.5
OPENAM-22206 |
AM upgrade fails for 7.1.4 and older: Creating UMA PCT Encryption Secret Failed |
OPENAM-22191 |
JUnit jars are bundled in the AM.war release |
OPENAM-22119 |
"Access to Java class ScriptedLoggerWrapper prohibited" exception |
OPENAM-22101 |
UI admin tests are failing since updating secret ID to secret label |
OPENAM-22060 |
am-config-upgrader: poor performance |
OPENAM-22035 |
Page Nodes don’t delete contained nodes when a tree is deleted |
OPENAM-22017 |
ConfigProviderNode creates node class dynamically leading to native memory leak |
OPENAM-21976 |
Single point of locking contention when doing Client-based session logout |
OPENAM-21941 |
Unable to edit policies in the UI |
OPENAM-21937 |
Quota Enforcement affecting agents sessions that authenticate by tree |
OPENAM-21936 |
Unable to use Legacy and Next Generation Script in the same authentication tree |
OPENAM-21912 |
OAuth2/OIDC signing slow with RSA keys when using Google Secret Manager |
OPENAM-21856 |
Introspecting stateless token with IG/Web agents will cause OAuth2ChfException |
OPENAM-21854 |
TermsAndConditionsCallback fails with error on XUI |
OPENAM-21840 |
Warning for missing mapping in dynamic secret doesn’t warn for missing secret label identifier |
OPENAM-21803 |
CertificateUserExtractorNode cannot resolve wrong name when UPN SubjectAltNameExt |
OPENAM-21780 |
Next generation scripting |
OPENAM-21748 |
Next generation scripting missing "get" wrapper function for HiddenValueCallback |
OPENAM-21747 |
Amster not working after connecting when AM REST call has extra |
OPENAM-21739 |
Running the am-config-upgrader on an empty directory results in unexpected addition of library scripting service |
OPENAM-21707 |
file-functional-tests: OAuth2Provider doesn’t allow setting of default consent agent when scalableAgents are enabled |
OPENAM-21693 |
Remove default global library script |
OPENAM-21664 |
Upgrade fails to AM 7.4 with an uncaught exception when initialising the PrivilegeIndexStore class |
OPENAM-21506 |
Inner Evaluator Tree with Data Store Decision node fails with correct password on first pass when used with Retry Decision node |
OPENAM-21484 |
OAuth2 tokenintrospection response has different claim value types when refresh tokens are introspected |
OPENAM-21473 |
Certificate collector node: getPortalStyleCert throws exception when cert/header not present |
OPENAM-21389 |
Searching algorithm for calculating the reachability of a node in a tree returns incorrect result |
OPENAM-21277 |
Running Amster in debug mode doesn’t work on Windows |
OPENAM-21053 |
User ID is missing from access.audit.json for JWT client authentication flow using |
OPENAM-20924 |
Reentry cookie when set causes the user to redirect to an incorrect IdP |
OPENAM-20490 |
AESWrapEncryption shows "WARN: AESWrap-encrypted data is less than 16 bytes" |
OPENAM-20329 |
Forgerock JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) not spec compliant |
OPENAM-19999 |
ID token as AM session doesn’t work with |
OPENAM-19889 |
Policy evaluation fails with Agent access token JWT as subject |
OPENAM-17816 |
500 Internal Server Error (from NPE) returned for a missing Content-Type header |
OPENAM-17315 |
Update defaults scripts with the change introduced in COMMONS-628 |
AM 7.4.x
AM 7.4.2
OPENAM-23441 |
Enabling OAuth2 client option "Allow wildcard ports in redirect URIs" prevents application URIs from working |
OPENAM-23091 |
Fix for |
OPENAM-23059 |
|
OPENAM-22988 |
Failover doesn’t occur when |
OPENAM-22846 |
External app/policy store active/passive LB isn’t working |
OPENAM-22836 |
Unable to update KBA security questions using XUI |
OPENAM-22717 |
SP-initiated SSO fails with "Illegal character in scheme name" when the IdP entity name has a special character |
OPENAM-22657 |
JWT validation fails when signed using the RS256 algorithm |
OPENAM-22632 |
AMSetupServlet install error with Windows multi-domain environment |
OPENAM-22608 |
Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing |
OPENAM-22465 |
Unexpected error when request_uri client doesn’t match request parameter client in PAR authorise request |
OPENAM-22391 |
Issues with |
OPENAM-22346 |
The RP |
OPENAM-22322 |
Signed ArtifactResponse Assertion can’t be verified and fails |
OPENAM-22318 |
OAUTH_REQUEST_ATTRIBUTES cookie isn’t getting deleted after authentication |
OPENAM-22298 |
NullPointerException in |
OPENAM-22264 |
Add global attribute handling to |
OPENAM-22120 |
Backchannel logout tokens now include the |
OPENAM-21951 |
No option to set the |
OPENAM-21926 |
Lockout message is not applied when using Identity Store Decision node |
OPENAM-21897 |
Creation order determines policy |
OPENAM-21864 |
No option to enable the |
OPENAM-21748 |
Next-generation scripting missing "get" wrapper function for HiddenValueCallback |
OPENAM-21609 |
OAuth2Provider service created immediately after install/restart isn’t available in code flow |
OPENAM-21545 |
Unable to create a circle of trust in file-based configuration with external data store |
OPENAM-20945 |
Unable to trace token revocation back to resource owner because of missing |
OPENAM-20314 |
Social Provider Handler node and Social IdP service use the |
OPENAM-20239 |
Setting the |
OPENAM-15834 |
Access token call fails when an unsupported claim is requested |
OPENAM-14438 |
Ensure OAuth2ClientAgentGroups are imported before OAuth2ClientAgents in Amster |
AM 7.4.1
OPENAM-22753 |
Destroy All session may fail to work |
OPENAM-22715 |
PlaceholderAnnotationUtils.insertDefaultValueIntoPlaceholder is not escaping values correctly |
OPENAM-22696 |
Persistent search notification invalidation on AD identity store doesn’t invalidate user cached attributes |
OPENAM-22620 |
Slow response from access token endpoint using client credentials grant |
OPENAM-22602 |
OIDC ID Token Validator node uses own httpClient settings to connect to JWK or well-known URL |
OPENAM-22421 |
Webauthn: Windows Hello TPM Attestation failing for Windows 11 22H2 |
OPENAM-22289 |
Session quota action may fail when the session isn’t updatable but should be fine to proceed |
OPENAM-22181 |
Approve UMA request fails with 500 error when AM deployed as a platform |
OPENAM-22171 |
Forgotten password fails when AM searches for the identity to modify |
OPENAM-22119 |
"Access to Java class ScriptedLoggerWrapper prohibited" exception |
OPENAM-22109 |
The expiry time of OPS token in 7.x doesn’t change with the time of tokens created |
OPENAM-22017 |
Configuration Provider node creates node class dynamically leading to native memory leak |
OPENAM-21976 |
Single point of locking contention when doing client-based session logout |
OPENAM-21972 |
SAML artifact binding is using crosstalk for artifact resolution |
OPENAM-21941 |
Unable to edit policies in the UI |
OPENAM-21937 |
Quota enforcement affects agent sessions that authenticate by tree |
OPENAM-21936 |
Unable to use legacy and next-generation scripts in the same authentication tree |
OPENAM-21868 |
ssoadm |
OPENAM-21854 |
TermsAndConditionsCallback fails with error on XUI |
OPENAM-21803 |
Certificate User Extractor node cannot resolve wrong name when UPN SubjectAltNameExt |
OPENAM-21780 |
Next-generation |
OPENAM-21747 |
Amster not working after connecting when AM REST call has extra |
OPENAM-21664 |
Upgrade fails to AM 7.4.0 with an uncaught exception when initializing the PrivilegeIndexStore class |
OPENAM-21484 |
OAuth 2.0 token introspection response has different claim value types when introspecting refresh tokens |
OPENAM-21473 |
Certificate Collector node: getPortalStyleCert throws exception when cert/header not present |
OPENAM-21466 |
AM using OIDC social authentication fails to verify ID token if remote JWK_URIs have duplicate KID |
OPENAM-21277 |
Running Amster in debug mode doesn’t work on Windows |
OPENAM-21191 |
Web agent sessions have a long session lifetime of 42 years |
OPENAM-20609 |
Inconsistent error message when generating access token using refresh token after changing username |
OPENAM-19999 |
ID token as AM session doesn’t work with |
OPENAM-19889 |
Policy evaluation fails with agent access token JWT as subject |
OPENAM-17816 |
500 Internal Server Error (from NPE) returned for a missing Content-Type header |
AM 7.4
OPENAM-21476 |
Persistent Cookie isn’t created when using Configuration Provider node |
OPENAM-21421 |
Scripting logger name isn’t based on logging hierarchy convention |
OPENAM-21390 |
Fix caching error when a journey switches backend instances to correctly provide data to |
OPENAM-21360 |
Add |
OPENAM-21323 |
LDAP (inline) upgrade fails due to policy creation of UssSelfWriteAttributes |
OPENAM-21304 |
Retain request URI values specified during dynamic client registration |
OPENAM-21164 |
Fix type issue of XML String in SAML responses when using a custom adapter |
OPENAM-21160 |
Make sure secure state values are retained when navigating the authentication tree |
OPENAM-21158 |
Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2 |
OPENAM-21085 |
Undefined bindings are incorrectly evaluated in Groovy scripts |
OPENAM-21069 |
WindowsDesktopSSO authentication is failing |
OPENAM-21053 |
Missing |
OPENAM-21030 |
Amster CLI doesn’t work on Windows |
OPENAM-21010 |
Social authentication user profile corrupted when remote OIDC server provides non-English identity claims |
OPENAM-21004 |
AM will always look for valid session when |
OPENAM-21001 |
SAML IdPAccountMapper isn’t correctly determined |
OPENAM-20980 |
OIDC social provider uses configured issuer instead of wellknown endpoint issuer when using regex comparison |
OPENAM-20953 |
Return subject attributes correctly when evaluating a policy using a |
OPENAM-20920 |
Improve handling of SAML2 IDP metadata that uses SSO endpoint entries other than HTTP-POST or HTTP-Redirect bindings when binding is null |
OPENAM-20897 |
Debug logs not showing info for ERROR: Unsupported Callback, "{0}" and others |
OPENAM-20895 |
Newly created Maven archetype project for building custom authentication nodes fails to build |
OPENAM-20851 |
Existing registered devices unable to use push notifications when AWS SNS credentials are updated |
OPENAM-20784 |
TestUMAPolicy fails for users that will cause LocalizedIllegalArgumentException |
OPENAM-20756 |
Social authentication request for Apple fails due to duplicated |
OPENAM-20691 |
Fix rare race condition in session quota destroy next expiring action that can lead to the oldest session not being destroyed |
OPENAM-20682 |
Unable to encrypt from |
OPENAM-20490 |
AESWrapEncryption shows "WARN: AESWrap-encrypted data is less than 16 bytes" |
OPENAM-20451 |
Fix to display user-friendly account name during WebAuthn device registration |
OPENAM-20299 |
Fix to make agent authentication honor |
OPENAM-20230 |
Class allowlisting denies access to permitted classes after running for an extended period of time |
OPENAM-20026 |
Social IDP with trailing whitespace in the name can’t be deleted using the UI |
OPENAM-20024 |
Improve debug logging when login to XUI fails with HTTP 404 JsonValueException from endpoint |
OPENAM-19282 |
Recovery Code Display Node works only immediately after Registration node |
OPENAM-19261 |
Fix incorrectly logged errors when introspecting tokens using OAuth 2.0 client credentials grant |
OPENAM-18709 |
New |
OPENAM-18685 |
New realm-level configuration setting to remove or skip |
OPENAM-18004 |
Support sequential transaction IDs to improve audit logging for HTTP requests to IDM |
OPENAM-17331 |
Push Notifications: User with disabled endpoint is not able to login |
OPENAM-17179 |
Deleting an authentication tree leaves orphaned nodes that prevent deletion of referenced scripts |
AM 7.3.x
AM 7.3.3
OPENAM-23519 |
Android devices without a screen lock not working with WebAuthn registration |
OPENAM-23518 |
AuthenticateToTreeConditionAdvice doesn’t work with Inner Tree as first node |
OPENAM-23441 |
Enabling OAuth2 client option "Allow wildcard ports in redirect URIs" prevents application URIs from working |
OPENAM-22846 |
External app/policy store active/passive LB isn’t working |
OPENAM-22654 |
BooleanAttributeInputCallback renders an enabled checkbox in AM XUI |
OPENAM-22608 |
Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing |
OPENAM-21026 |
OAuth Clients don’t work when the redirect uri list contains an invalid uri |
OPENAM-20451 |
Fix to display user-friendly account name during WebAuthn device registration |
OPENAM-15834 |
Access token call fails when an unsupported claim is requested |
AM 7.3.2
OPENAM-22836 |
Unable to update KBA Security questions using XUI |
OPENAM-22753 |
Destroy All session may fail to work |
OPENAM-22717 |
SP-initiated SSO fails with "Illegal character in scheme name" when IdP name contains a special character |
OPENAM-22696 |
Persistent search notification invalidation on AD identity store doesn’t invalidate user cached attributes |
OPENAM-22656 |
Setting |
OPENAM-22632 |
AMSetupServlet install error with Windows multi-domain environment |
OPENAM-22602 |
OIDC ID Token Validator node uses own |
OPENAM-22421 |
Webauthn: Windows Hello TPM Attestation failing for Windows 11 22H2 |
OPENAM-22391 |
Issues with |
OPENAM-22322 |
Unable to verify signed ArtifactResponse Assertion leading to failure |
OPENAM-22318 |
OAUTH_REQUEST_ATTRIBUTES cookie isn’t getting deleted after authentication |
OPENAM-22289 |
Session quota action may fail when the session isn’t updatable but should be fine to proceed |
OPENAM-22288 |
Amster upgrade 7.3.0-to-7.3.x fails with Groovy Exception |
OPENAM-22181 |
Approve UMA request fails with 500 error when AM deployed as a platform |
OPENAM-22120 |
Backchannel logout token doesn’t contain |
OPENAM-21972 |
SAML artifact binding is failing in load-balanced deployments |
OPENAM-21937 |
Quota enforcement affects agent sessions that authenticate by tree |
OPENAM-21897 |
Creation order determines policy evaluate and evaluateTree results |
OPENAM-21473 |
Certificate collector node: |
OPENAM-21322 |
AM console allows creation of entity provider with space at the end of the name |
OPENAM-21191 |
Web agent sessions have a long session lifetime of 42 years |
OPENAM-21085 |
Undefined bindings are incorrectly evaluated in Groovy scripts |
OPENAM-20945 |
Unable to trace token revocation back to resource owner because of missing |
OPENAM-20314 |
Social Provider Handler node and Social IdP service use the |
OPENAM-20299 |
Fix to make agent authentication honor |
OPENAM-19261 |
Fix incorrectly logged errors when introspecting tokens using OAuth 2.0 client credentials grant |
AM 7.3.1
OPENAM-22017 |
ConfigProviderNode creates node class dynamically leading to native memory leak |
OPENAM-21976 |
Single point of locking contention when performing client-based session logout |
OPENAM-21941 |
Unable to edit policies in the UI |
OPENAM-21854 |
TermsAndConditionsCallback fails with error on XUI |
OPENAM-21747 |
Rest SDK and Amster send cookies if request has cookie header |
OPENAM-21728 |
Certificate module fails using JDK 11.0.21 and later with undefined access to private method |
OPENAM-21484 |
Introspecting OAuth 2.0 refresh tokens results in different claim value types in the response |
OPENAM-21421 |
Scripting logger name isn’t based on logging hierarchy convention |
OPENAM-21390 |
ConsumedStateDataCache can cache an incomplete set of reachability data when on multi-AM environment |
OPENAM-21304 |
OAuth 2.0 dynamic client registrations don’t retain |
OPENAM-21277 |
Running Amster in debug mode doesn’t work on Windows |
OPENAM-21164 |
Calling |
OPENAM-21160 |
Inconsistent values in secure state when navigating an authentication tree |
OPENAM-21158 |
Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2 |
OPENAM-21069 |
WindowsDesktopSSO authentication is failing |
OPENAM-21030 |
Amster 7.3.0 CLI isn’t working on Windows |
OPENAM-21010 |
Social authentication for remote OIDC server for user profile non-english words corrupted |
OPENAM-21004 |
AM will always look for valid session when scope=openid |
OPENAM-21001 |
IdPAccountMapper is not correctly determined |
OPENAM-20980 |
Unable to use issuer comparison check regex in oidc social provider |
OPENAM-20897 |
Debug logs not showing info for |
OPENAM-20895 |
Newly-created Maven archetype project fails to build |
OPENAM-20756 |
OIDC social authentication request (Apple) fails due to duplicate |
OPENAM-20691 |
Destroy oldest session may fail to work |
OPENAM-20682 |
Unable to encrypt from |
OPENAM-20490 |
AESWrapEncryption shows "WARN: AESWrap-encrypted data is less than 16 bytes" |
OPENAM-20026 |
Trailing whitespace prevents social provider deletion via UI |
OPENAM-19999 |
ID token as AM session doesn’t work with |
OPENAM-19889 |
Policy evaluation fails with agent access token JWT as subject |
OPENAM-19282 |
Recovery Code Display Node works only immediately after Registration node |
OPENAM-18599 |
Allow for custom error message if user account is locked |
AM 7.3
OPENAM-20396 |
Authentication tree is selected by order of acr to tree mapping, not the default values, and order is not preserved |
OPENAM-20360 |
Ampersand is double encoded in the Destination of a SAML Assertion |
OPENAM-20260 |
Unable to log into AM when external application store is down |
OPENAM-20230 |
Class allowlisting fails with permission denied after an extended period |
OPENAM-20181 |
AD account notification fails |
OPENAM-20159 |
Upgrader adds requestObjectProcessing to OAuth2Provider subconfigs |
OPENAM-20104 |
The |
OPENAM-20085 |
STS token generation does not work with clustered docker pods |
OPENAM-20082 |
Locked out users are shown a misleading error message |
OPENAM-19868 |
Correctly handle multi-line text in Email Suspend nodes |
OPENAM-19866 |
Excessive logging when accessing protected resources |
OPENAM-19726 |
The |
OPENAM-19665 |
Wrong Java version in Amster README file |
OPENAM-19515 |
Unable to update session service with read only identity store |
OPENAM-19411 |
Amster installation failure with authorizedKey parameter when trying to overwrite an existing configuration |
OPENAM-18818 |
Persistent search error message shows wrong DS identifier |
OPENAM-18488 |
Windows Hello with TPM/platform authenticator returns two certificates |
OPENAM-18172 |
Multiple instances of "No Social Authentication Service found for realm" logged at WARNING level |
OPENAM-17215 |
Policy debug log fills up at very high pace if the config store is not found |
OPENAM-13766 |
No configuration found for login with SessionConditionAdvice=deny |