Known Issues and Limitations
List. If you create two new organizations with the same name, the operation fails, but Access Manager displays the “organization already exists” message rather than the expected “attribute uniqueness violated” message.
Workaround: None. Ignore the incorrect message. Access Manager is functioning correctly.
Session and SSO Issues
■“System creates invalid service host name when load balancer has SSL termination (6245660)” on page 25
■“Using HttpSession with
System creates invalid service host name when load balancer has SSL termination (6245660)
If Access Manager is deployed with Web Server as the web container using a load balancer with SSL termination, clients are not directed to the correct Web Server page. Clicking the Sessions tab in the Access Manager Console returns an error because the host is invalid.
Workaround: In the following examples, Web Server listens on port 3030. The load balancer listens on port 80 and redirects requests to Web Server.
In the
For Web Server 6.1 Service Pack (SP) releases, edit the servername attribute as follows:
<LS id="ls1" port="3030" servername="loadbalancer.example.com:80"
acceptorthreads="1"/>
Web Server 6.1 SP2 (or later) can switch the protocol from http to https or https to http. Therefore, edit servername as follows:
<LS id="ls1" port="3030"
servername="https://loadbalancer.example.com:443"
security="false" ip="any" blocking="false" acceptorthreads="1"/>
Using HttpSession with third-party web containers
The default method of maintaining sessions for authentications is “internal session” instead of HttpSession. The default invalid session maximum time value of three minutes is sufficient. The amtune script sets the value to one minute for Web Server or Application Server. However,
Sun Java System Access Manager 7.1 Release Notes | 25 |