Sun Microsystems 819468310 manual Session and SSO Issues

Page 25

Known Issues and Limitations

List. If you create two new organizations with the same name, the operation fails, but Access Manager displays the “organization already exists” message rather than the expected “attribute uniqueness violated” message.

Workaround: None. Ignore the incorrect message. Access Manager is functioning correctly.

Session and SSO Issues

“System creates invalid service host name when load balancer has SSL termination (6245660)” on page 25

“Using HttpSession with third-party web containers ” on page 25

System creates invalid service host name when load balancer has SSL termination (6245660)

If Access Manager is deployed with Web Server as the web container using a load balancer with SSL termination, clients are not directed to the correct Web Server page. Clicking the Sessions tab in the Access Manager Console returns an error because the host is invalid.

Workaround: In the following examples, Web Server listens on port 3030. The load balancer listens on port 80 and redirects requests to Web Server.

In the web-server-instance-name/config/server.xml file, edit theservername attribute to point to the load balancer, depending on the release of Web Server you are using.

For Web Server 6.1 Service Pack (SP) releases, edit the servername attribute as follows:

<LS id="ls1" port="3030" servername="loadbalancer.example.com:80"

defaultvs="https-sample" security="false" ip="any" blocking="false"

acceptorthreads="1"/>

Web Server 6.1 SP2 (or later) can switch the protocol from http to https or https to http. Therefore, edit servername as follows:

<LS id="ls1" port="3030"

servername="https://loadbalancer.example.com:443" defaultvs="https-sample"

security="false" ip="any" blocking="false" acceptorthreads="1"/>

Using HttpSession with third-party web containers

The default method of maintaining sessions for authentications is “internal session” instead of HttpSession. The default invalid session maximum time value of three minutes is sufficient. The amtune script sets the value to one minute for Web Server or Application Server. However,

Sun Java System Access Manager 7.1 Release Notes

25

Image 25
Contents Sun Java System Access Manager 7.1 Release Notes 070301@16599 Contents Contents Sun Java System Access Manager 7.1 Release Notes Revision History About Sun Java System Access ManagerWhat’s New in This Release Java ES Monitoring Framework IntegrationSingle Access Manager WAR file deployment Web Service SecurityEnhancements to Core Services Authentication module Service Management module Deprecation Notification and Announcement Hardware and Software RequirementsHardware and Software Requirements RAM Supported BrowsersGeneral Compatibility Information Upgrade not supported for Access Manager Hpux versionJava ES Silent Installation Using a State File Access Manager Legacy ModeConfigure NowInstallation Option in Graphical Mode Configure NowInstallation Option in Text-Based ModeConfigure LaterInstallation Option Access Manager Policy AgentsDetermining the Access Manager Mode Installation Issues Known Issues and LimitationsUpgrade Issues Compatibility IssuesKnown Issues and Limitations Workaround None Configuration Issues Data validation for required attributes in the services Access Manager Console Issues Command Line Issue Authentication Issues SDK and Client IssuesSDK clients need to restart after service schema change Clients do not get notifications after the server restartsApplicationuser Using HttpSession with third-party web containers Session and SSO IssuesServer Startup Issues Policy IssuesDebug error occurs on Access Manager startup 6309274 Error displayed when performing AMIdentity.modifyService Amsdk IssuesGroup members dont show up in selected list SSL Issue Linux OS Issues Samples IssueAmconfig script fails when SSL certificate is expired Clientsdk samples directory contains unwanted makefileFederation and Saml Issues Windows and HP-UX IssuesFederation fails when using Artifact profile Globalization g11n IssuesLogout error occurs in Federation Removing UTF-8 is not working in Client Detection Document unused properties in the AMConfig.properties file Documentation IssuesDocument how to enable XML encryption Redistributable Files Documentation UpdatesAdditional Sun Resources How to Report Problems and Provide FeedbackSun Welcomes Your Comments Related Third-Party Web Sites Accessibility Features for People With Disabilities