PingAM release notes

Known issues

The following important issues remained open at the time of the latest release for each version.

Releases are cumulative, so if an issue in a previous version isn’t listed as fixed, it remains open in the latest version.

AM 8.1.x

AM 8.1.1

There are no new issues identified in AM 8.1.1.

AM 8.1.0

AME-33815

Persistent Cookie tree generates a new cookie with different setup on success

AME-31157

OAuth 2.0 /access_token endpoint respects response_mode for error responses

OPENAM-23778

AM issues unindexed search when ttlsupport.enabled=true

OPENAM-23703

Custom and native claims in a refreshed, stateless access token don’t match the parent modified stateless access token

OPENAM-23680

Server default settings may not be correctly updated on upgrade

OPENAM-23607

Composite advice AuthenticateToTreeConditionAdvice not behaving as expected

OPENAM-21682

OAuth 2.0: AM doesn’t redirect back to the client if consent is denied and no redirect_uri is present in the query parameters

OPENAM-18544

AM access audit logging incorrectly reports a failure for responses that return an HTTP 302 redirect

AM 8.0.x

AM 8.0.2

OPENAM-25535

FBC to FBC upgrade requires manual copy of noninteractive-install.properties file

OPENAM-25326

Successful login with unknown user causes error when account lockout enabled

OPENAM-24327

Server name not set as cookie domain when cookie domain global setting is empty

OPENAM-23940

Safari displays Server Error page using authentication tree with SAML2 Authentication node

OPENAM-23680

Upgrades may overwrite changes to server default properties

OPENAM-23573

Amster exports only specific UMA server settings, not the server defaults

OPENAM-23565

Global services requests fail after Amster import

OPENAM-21100

SAML 2.0 IDP SLO using HTTP redirect not working as expected on AM cluster

OPENAM-20226

The Agent Admin privilege doesn’t allow creating/updating/reading of Agent profiles

AM 8.0.1

There are no new issues identified in AM 8.0.1.

AM 8.0.0

AME-31109

Amster 8.0 import fails with NoSuchMethodError

OPENAM-25462

In Node Designer, the defaultValue property doesn’t work for custom nodes when using AM 8.0.0 or 8.0.1 with Java 21

OPENAM-23960

Unable to build AM 8.0 or 8.0.1 due to click-nodeps:2.3.0-forgerock-jakarta-2 dependency on commons-fileupload SNAPSHOT version

OPENAM-23851

The AM-8.0.0.zip (and AM-8.0.1.zip) Distribution Kits are missing several files required to build the sample base Docker image (am-empty). As a result, the steps to build your own AM Docker images will fail.

+ NOTE: This issue only affects self-managed Docker environments where you’re attempting to build your own AM image.

OPENAM-23770

WebAuthn node flow causes exception instead of Client Error outcome when passkey prompt cancelled

OPENAM-23763

Next button not enabled on Configuration Data Store Settings page of install wizard

OPENAM-23717

Access token requests fail when default tree uses Set Persistent Cookie node

OPENAM-23595

A redirect_uri using a URN results in a malformed redirect location

OPENAM-23582

WebAuthn’s pubKeyCredParams sequence isn’t honored and changes on AM restart

OPENAM-23322

Formatting errors in SAML metadata certificate export

OPENAM-23155

Agent group inheritance settings are lost during Amster export/import

OPENAM-17819

AM admin UI doesn’t show leading . for cookie domains

OPENAM-17818

Domain cookie with leading . is configured although no cookie domain is specified during install

AM 7.5.x

AM 7.5.2

OPENAM-23998

RhinoJS Date() doesn’t calculate DaylightSavingTime correctly in a next-generation script

OPENAM-23481

Token is allowed in raw JSON in introspect request

OPENAM-23227

OIDC ID Token Validator node doesn’t work with proxy settings

OPENAM-23035

AM should preserve setAttribute multivalue update order

OPENAM-22967

Config upgrader uses OS file encoding causing issues with special characters

OPENAM-22952

SMSEntry class should throw exception to avoid NullPointerException

OPENAM-22812

Create Object node logs failure at debug level instead of error/warning

OPENAM-22777

Deploying AM 7.5.0 on Wildfly 26.x with JDK 17 fails

OPENAM-22770

Configuring AES Key Wrap encryption for Tomcat doesn’t work

OPENAM-22700

OAuth 2.0 introspect: Multi-audience token only checks against first value

OPENAM-22670

DJLDAPv3Repo getDN may return broken cached DN

OPENAM-22663

WS-Federation SLO calls cleanup directive if issued

OPENAM-22530

OAUTH_REQUEST_ATTRIBUTES cookie is set for HTTP GET /authorize requests

OPENAM-22505

Scripted policy condition fails with "Exception from invocation expected to be handled by promise"

OPENAM-22386

Next-generation idRepository binding doesn’t return null if identity isn’t found

OPENAM-22031

LDAP Decision node no longer displays locked account message but redirects to failed login

OPENAM-19968

IdP-initiated SAML SLO doesn’t invalidate SP-side session using integrated mode

AM 7.5.1

OPENAM-23045

Performance degradation and WS-Federation issues with Java 17

OPENAM-23022

Transaction condition for policy evaluation fails with JWT subject

OPENAM-22927

WebAuthn Registration node should be able to use user.name as display attribute

OPENAM-22616

Upgrade from AM 6.5.5 to 7.5 using external CTS fails with error "Message:Service does not exist: GoogleSecretManagerSecretStoreProvider"

OPENAM-22457

Amster doesn’t delete all default scripts when using --clean true flag

OPENAM-22406

Product ZIP file contains files prefixed with openam

OPENAM-19453

CTS authentication sessions may cause tree to fail if AM server is not configured for sticky load balancing

OPENAM-14790

OAuth 2.0 scope policy set fails with LDAP filter environment condition

AM 7.5.0

OPENAM-22151

Expiration of cache held in StatelessJWTCache could cause Internal Server Error

OPENAM-22067

Stateless Session denylist caching and bloomfilter layers removed on config change

OPENAM-22031

LDAP Decision node change of behavior when user is locked from password change screen

OPENAM-21820

Set policy result TTL to 0 when using Environment Policy Active Session

OPENAM-21819

Default value for LinkedIn configuration uses out of data scopes

OPENAM-21683

AM lets you create anonymous user when it already exists

OPENAM-15948

Update DS profiles to add VLV indexes for CTS use