Sun Microsystems 819468310 Session and SSO Issues

List.If you create two new organizations with the same name, the operation fails, but Access

Managerdisplays the “organization already exists” message rather than the expected “attribute

uniquenessviolated” message.

Workaround:None. Ignore the incorrect message. Access Manager is functioning correctly.

Session and SSO Issues

■“Systemcreates invalid service host name when load balancer has SSL termination

(6245660)”on page 25

■“UsingHttpSession with third-party web containers ” on page 25

Systemcreates invalid service host name when load balancer has SSL

termination(6245660)

IfAccess Manager is deployed with Web Server as the web container using a load balancer with

SSLtermination, clients are not directed to the correct Web Server page. Clicking the Sessions

tabin the Access Manager Console returns an error because the host is invalid.

Workaround:In the following examples, Web Server listens on port 3030. The load balancer

listenson port 80 and redirects requests to Web Server.

Inthe web-server-instance-name/config/server.xml le, edit the servername attribute to

pointto the load balancer, depending on the release of Web Server you are using.

ForWeb Server 6.1 Service Pack (SP) releases, edit the servername attribute as follows:

<LS id="ls1" port="3030" servername="loadbalancer.example.com:80"

defaultvs="https-sample" security="false" ip="any" blocking="false"

acceptorthreads="1"/>

WebServer 6.1 SP2 (or later) can switch the protocol from http to https or https to http.

Therefore,edit servername as follows:

<LS id="ls1" port="3030"

servername="https://loadbalancer.example.com:443" defaultvs="https-sample"

security="false" ip="any" blocking="false" acceptorthreads="1"/>

UsingHttpSession with third-party web containers

Thedefault method of maintaining sessions for authentications is “internal session” instead of

HttpSession.The default invalid session maximum time value of three minutes is sucient.

Theamtune script sets the value to one minute for Web Server or Application Server. However,

KnownIssues and Limitations

SunJavaSystem Access Manager 7.1 Release Notes 25

Contents

Main Page Contents Page Sun Java System Access Manager 7.1 Release Notes Revision History About Sun JavaSystem Access Manager 7.1 WhatsNew in This Release JavaES Monitoring Framework Integration WebService Security Single AccessManager WAR le deployment Enhancementsto Core Services Page Page DeprecationNotic ationand Announcement Hardwareand Sof tware Requirements Page Supported Browsers General CompatibilityInformation AMSDK intersystemincompatibility with Access Manager server Upgradenot suppor ted for AccessManager HPUX version AccessManager Legacy Mode JavaES Silent Installation Using a State File CongureNow InstallationOption in Graphical Mode CongureNow InstallationOption in Text-Based Mode CongureLater Installation Option AccessManager Policy Agents Known Issues and Limitations InstallationIssues UpgradeIssues CompatibilityIssues AccessManager Single Sign-On fails on Universal Web Client (6367058, 6429573) StackOverowErroroccurs on Web Server 7.0 running in 64bit mode (6449977) Incompatibilitiesexist in core authentication module for legacy mode (6305840) DelegatedAdministrator commadmin utility does not create a user (6294603) DelegatedAdministrator commadmin utility does not create an organization(6292104) CongurationIssues PasswordReset service reports notication errors when a password is changed(6455079) Page AccessManager Console Issues AddContainerDefaultTemplateRole attribute after data migration (4677779) CommandLine Issue OrganizationAdmin role is fails to create a new user with the amadmin commandline utility (6480776) SDK and Client Issues Clientsdo not get notications after the server restarts (6309161) SDKclients need to restart after service schema change (6292616) AuthenticationIssues Attributeuniqueness broken in the top-level organization for naming attributes(6204537) Session and SSO Issues Systemcreates invalid service host name when load balancer has SSL termination(6245660) UsingHttpSession with third-party web containers PolicyIssues Server Startup Issues Debugerror occurs on Access Manager startup (6309274, 6308646) AMSDK Issues Errordisplayed when performing AMIdentity.modifyService (6506448) Groupmembers don't show up in selected list (6459598) AccessManager Login URL Returns Message "No such Organization found"(6430874) Sub-orgcreation not possible from Access Manager when using amadmin(5001850) SSL Issue Theamcong script fails when SSL certicate is expired. (6488777) Samples Issue Clientsdksamples directory contains unwanted makele (6490071) Linux OS Issues JVMproblems occur when running Access Manager on Application Server(6223676) Windowsand HP-UX Issues AccessManager auto conguration failed when installing on zh_TW andes locales (6515043) HP-UXneeds gettext binary with AM while installing JES full stack (6497926) Federationand SAML Issues Federationfails when using Artifact prole (6324056) Globalization(g11n) Issues Administrationconsole components displayed in English in the zh locale(6470543) CurrentValue and New value are incorrectly displayedin the console (6476672) Policycondition date must be specied according to English custom (6390856) RemovingUTF-8 is not working in Client Detection (5028779) Multi-bytecharacters are displayed as question marks in log les (5014120) DocumentationIssues Documentthe roles and ltered roles support for LDAPv3 plug-in (6365196) Documentunused properties in the AMConfig.properties le (6344530) Documenthow to enable XML encryption (6275563) Documentation Updates Redistributable Files How toRepor t Problems and ProvideFeedback SunWelcomes YourComments AdditionalSun Resources AccessibilityFeatures for People With Disabilities RelatedThird-Party Web Sites