Fixes in 7.0.x

OPENAM-14572: prompt=login destroys and creates new session

OPENAM-14516: Attempt to resolve a named secret containing : character on Windows fail if the filesystem secret store is involved

OPENAM-14505: Agent sessions are constrained by Session Quota

OPENAM-14427: Certificate Module with option "Match Certificate in LDAP" does not work in AM 6.5.0

OPENAM-14425: JwkSetSecretStore does not reload the SecretStore when it has expired

OPENAM-14393: CTS Operation Fails Entry Already Exists logged for SAML2 Authentication is done

OPENAM-14386: JWK keyuse can be customised

OPENAM-14378: 'Set Persistent Cookie' node sets domain cookies in only one domain despite multiple Cookie Domains set

OPENAM-14353: Error Message not Displayed when Change Password does not Meet Password Policy

OPENAM-14336: Unable to use Signed Metadata to Re-Import

OPENAM-14308: LDAP Connection Pool Minimum Size for Identity Store missing from XUI

OPENAM-14307: ConcurrentModificationException when creating resource_set

OPENAM-14281: IdP Proxy relays wrong AuthnContextClassRef

OPENAM-14222: Amster fails exporting Secret Store Mappings in sub-realms

OPENAM-14212: SAML redirect to login page fails if AM installed into the root context

OPENAM-14200: Social auth modules do not work when AM is installed into the root context

OPENAM-14189: effectiveRange of Time environment has issue

OPENAM-14147: arg=newsession in XUI does shows just the "Loading…​" page

OPENAM-14111: Refresh Token flow not enabled on OAuth2 Client can still use Refresh Token flow

OPENAM-14082: Authentication Chains will not open using IE11

OPENAM-14050: LDAP should reestablish connection to the orignal server after it has recovered

OPENAM-14009: Authtree does not proceed for missing Authorization Header

OPENAM-13896: Comparison method violates its general contract! seen during amster import

OPENAM-11523: Using the LDAP/AD auth module, the change password on next login, if current password is empty it displays the wrong error messag

OPENAM-10127: SessionMonitoringStore should only be instantiated when monitoring is enabled

OPENAM-14165: ThemeConfiguration is Not Exposed in Final UI Production Build

OPENAM-14092: Custom node can prevent all default nodes appearing in admin view

OPENAM-14080: LDAP Decision Node returns incorrect user attribute to search for in user store

OPENAM-14058: Cannot create Elasticsearch audit handler configuration through admin console UI

OPENAM-14053: Cannot build AM UI in Windows for Yarn using mvn

OPENAM-14049: Amster export failure

OPENAM-13991: 'issuer' value in .well-known/openid-configuration response is incorrect for a sub-realm

OPENAM-13940: Session quota limits not applied when using trees

OPENAM-13900: OAuth2 Device flow - duplicate user_code error after authenticating user

OPENAM-13720: Public API method LDAPUtils.convertToLDAPURLs can not handle IPv6 literals

OPENAM-13446: Social Auth Service doesn’t redirect if already using another chain

OPENAM-12965: httpClient not exposed to OIDC Claim Script

OPENAM-12498: Authorization Grant response returns scope(s) in the URL

OPENAM-13842: OAuth 2.0 Device flow - can no longer use user_code more than once.

OPENAM-13786: REST policy evaluation throws 500 Internal Error due to stateless ssotoken encryption alg conflict.

OPENAM-13774: SOAP STS for Delegation RelationShip Supported is always false on XUI.

OPENAM-13732: Session Remaining Time is displayed with more precision and not rounded up.

OPENAM-13712: Unknown Signing Algorithm when Client Based Session set Signing to NONE.

OPENAM-13670: Selfservice password reset token doesn’t work in site due to OPENAM-6426.

OPENAM-13604: IdP Proxy relays wrong AuthnContextClassRef if the AuthLevel requested by the SP is not 0.

OPENAM-13577: The xmlsec 2.1.1.jar had issues when linebreaks were enabled.

OPENAM-13573: Concurrent changePassword requests to LDAPAuthUtils may cause "insufficient access rights" failures.

OPENAM-13531: LDAP Decision node removed username from shared state when it is not found.

OPENAM-13530: Datastore Decision node removed username from shared state when it is not found.

OPENAM-13511: DN Cache should be cleared after idRepo config change.

OPENAM-13496: Unable to view Services when some services have invalid attribute.

OPENAM-13481: Stateless OAuth 2.0 Client_credential grant/implicit type has long CTS token timeout.

OPENAM-13457: AM XUI favicon icon not being recognised.

OPENAM-13456: AM XUI custom FooterTemplate.html and LoginHeaderTemplate.html was not being applied.

OPENAM-13414: Upgrade fails if OAuth2 Provider service lacks tokenSigningHmacSharedSecret.

OPENAM-13407: AMIdentitySubject.isMember should not check privilege for group in different realm.

OPENAM-13359: P11RSAPrivateKey failed RSA key check.

OPENAM-13318: Blank passwords using PageNode Auth Tree prevents log in.

OPENAM-13316: LDAP Decision Node does not return Inactive Account result correctly in eDirectory.

OPENAM-13308: LdapDecisionNode fails when Return UserDN to Datastore is set to false.

OPENAM-13302: AM Self-registration kba threw an error when a user inputs an answer and pressed the enter key.

OPENAM-13291: Create Identities Page appears broken after upgrade from 5.5 (to 6.0 or 6.5).

OPENAM-13255: DefaultIDPAccountMapper does not append domain value for UPN.

OPENAM-13249: AM did not recognize custom templates and partials.

OPENAM-13183: Concurrent changePassword requests to the "users" REST endpoint caused "insufficient access rights" failures.

OPENAM-13162: Policy evaluation returned 403 with expired stateless app token.

OPENAM-13154: Lockout Duration Multiplier had no effect.

OPENAM-13151: OAuth 2.0 Dynamic Registration did not accept Private-Use URI (for native apps) as redirect_uri.

OPENAM-13128: Invalid error message was returned when user with expired password authenticated with persistent cookie module.

OPENAM-13112: The showServerConfig.jsp page threw NullPointerException NPE when accessed using Site or LB URL.

OPENAM-13100: LDAP Decision node fails with NPE when used with Active Directory.

OPENAM-13087: ClassNotFound Exception thrown after upgrade.

OPENAM-13085: WSFederation Active Request Profile authentication request hangs on input-less scripted modules.

OPENAM-13082: Address claim in default OIDC claims script output non-spec compliant format.

OPENAM-13080: Resource owners sharing resources to themselves caused an error message.

OPENAM-13079: Importing SAML2 MetaData for RoleDescriptor for AttributeQueryDescriptor failed.

OPENAM-13075: Incorrect message displayed when resource is being shared.

OPENAM-13072: Case-sensitive usernames resulted in listing UMA resource incorrectly.

OPENAM-13053: ScriptingService did not add the new values to whitelist during upgrade.

OPENAM-12997: Consent for default scopes were not saved.

OPENAM-12985: Debug log files were swamped with message 'LDAPUtils.isDN: Invalid DN' in 'error' level.

OPENAM-12984: Access Token Endpoint issued search request against datastore for OAuth Client.

OPENAM-12867: IdP-Proxy - Single Logout failed as LogoutResponse was not signed.

OPENAM-12866: Subsequent idpSSOInit calls after the first will fail if custom IDPAdapter forces auth step up.

OPENAM-12856: User authentication configuration not migrated to XUI.

OPENAM-12847: Public API broken - SSOTokenManager.getValidSessions(SSOToken requester, String server).

OPENAM-12801: OAuth 2.0 token signing forced PKCS#11 keys to have specific attributes.

OPENAM-12784: ProviderConfiguration was not spec compliant.

OPENAM-12770: Some SAML assertions were not deserialized from a SAML2 Token.

OPENAM-12690: XUI theme configuration realm mapping was case sensitive.

OPENAM-12625: JWT OIDC Token could not be valid for over 86400 seconds.

OPENAM-12514: IdP initiated SSO - NumberFormatException was raised in session upgrade case.

OPENAM-12506: Upgrade could fail with RemoveReferralsStep having too broad base DN.

OPENAM-12419: Policy rules not updated when external configuration store connection restarted.

OPENAM-12403: LDAP response controls are not logged which complicates troubleshooting.

OPENAM-12401: DJLDAPv3Repo - insufficient debug logging to troubleshoot membership issues.

OPENAM-12301: Account lockout logs ERROR: ISAccountLockout.getAcInfo: acInfo: null.

OPENAM-12293: Audit logging no longer logs REST operation details.

OPENAM-12209: The 'acr' and 'acr_sig' parameters can become duplicated during step-up authn, should not be present in url.

OPENAM-12174: XUI - Deleting a built-in authentication module will delete any other created by it.

OPENAM-12096: API explorer example for PUT on /global-config/services/scripting/contexts/{contexts}/engineConfiguration fails.

OPENAM-11962: Calling Logout and passing a goto URL parameter with an expired session, goto URL is ignored.

OPENAM-11665: Unable to login in XUI with users endpoint getting 404 due to KBA attribute issues.

OPENAM-11642: CustomProperties do not work when creating J2EE/Web Agents via REST.

OPENAM-11473: NumberFormatException on startup for External configuration setup.

OPENAM-11407: An extra space in the CTS store connection string " openam.internal.example.com:50389" caused OpenDJ-SDK log to grow.

OPENAM-11355: Missing Service tab when trying to configure dashboard with Active Directory datastore.

OPENAM-11225: During single logout idpSingleLogoutRedirect threw 500 error.

OPENAM-11177: Scripted auth module can not be used in auth chain if the username in shared state map does not 'match' the search attribute of the data store.

OPENAM-11167: <ActualLockoutDuration> is not updated in the attribute sunStoreInvalidAttemptsData.

OPENAM-11048: account lockout did not work when naming attribute and LDAP Users Search Attribute are different.

OPENAM-10467: RFC7662: oauth2/introspect returned token_type not as Bearer.

OPENAM-10296: Session UI only allows searching for users in datastore.

OPENAM-9783: The json/users changePassword option returned the wrong error message with multiple datastores configured.

OPENAM-8296: OAuth 2.0 consent screen does not use XUI theme configuration.

OPENAM-4040: SSO failed between SPs in separate CoTs with same hosted IDP.

OPENAM-14581: handling ManageNameID fails if NameID does not include SPNameQualifier

OPENAM-14573: amlbcookie is not secure when authenticating with trees

OPENAM-14548: consent page still shows what’s been granted/removed as a result of OAuth2 scope policy evaluation

OPENAM-14505: Agent sessions are constrained by Session Quota

OPENAM-14427: Certificate Module with option "Match Certificate in LDAP" does not work

OPENAM-14393: CTS Operation Fails Entry Already Exists logged for SAML2 Authentication is done

OPENAM-14369: Upgrading from OpenAM 13.5.0 to AM 6.0.0.x with custom PAPs causes NPE failure

OPENAM-14353: Error Message not Displayed when Change Password does not Meet Password Policy

OPENAM-14308: LDAP Connection Pool Minimum Size for Identity Store missing from XUI

OPENAM-14307: ConcurrentModificationException when creating resource_set

OPENAM-14281: IdP Proxy relays wrong AuthnContextClassRef

OPENAM-14189: effectiveRange of Time environment has issue

OPENAM-14174: AM shows Ldapter.delete exception when session expires is triggered

OPENAM-14147: arg=newsession in XUI does shows just the "Loading…​" page

OPENAM-14080: LDAP Decision Node returns incorrect user attribute to search for in user store

OPENAM-14053: Cannot build AM UI in Windows for Yarn using mvn

OPENAM-14050: LDAP should reestablish connection to the orignal server after it has recovered

OPENAM-13991: 'issuer' value in .well-known/openid-configuration response is incorrect for a sub-realm

OPENAM-13896: Comparison method violates its general contract! seen during amster import

OPENAM-13892: Erroneous "Response’s InResponseTo attribute is not valid error "SAML2 failover is enabled" when it is not

OPENAM-13851: Rest STS cannot be created in the Console when upgrading to 6

OPENAM-13302: AM Self-registration kba throws an error when a user inputs an answer and presses the enter key.

OPENAM-13268: Initial authz eval request for a given realm takes a long time when there are many policies

OPENAM-13247: Token info endpoint throwing 401

OPENAM-13187: OAuth2 DeviceCode flow does not work with stateless encryption enabled

OPENAM-12965: httpClient not exposed to OIDC Claim Script

OPENAM-11523: Using the LDAP/AD auth module, the change password on next login, if current password is empty it displays the wrong error message

OPENAM-11048: OpenAM account lockout does not work when naming attribute and LDAP Users Search Attribute are different

OPENAM-10127: SessionMonitoringStore should only be instantiated when monitoring is enabled

OPENAM-13814: User Self Service reCAPTCHA Feature Broken

OPENAM-13762: Improve caching of ServiceConfigImpl instances

OPENAM-13604: IdP Proxy relays wrong AuthnContextClassRef if the AuthLevel requested by the SP is not 0

OPENAM-13291: Create Identities Page appears broken after upgrade from 5.5 (to 6.0 or 6.5)

OPENAM-12789: Data store with identities that do not match user search attr cause server error

OPENAM-11665: Improve debug logging when unable to login in XUI with users endpoint getting 404 due to KBA attribute issues

OPENAM-11177: Scripted auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

OPENAM-13670: Selfservice password reset token doesn’t work in site due to OPENAM-6426

OPENAM-13649: SuccessUrl redirects not working in Safari

OPENAM-13581: "Try Resetting Your Password Again" Link fails if the Single use Token is expired/used

OPENAM-13578: KBA are not updatable after upgrade

OPENAM-13577: xmlsec 2.1.1.jar used in AM6 have issues when linebreaks enabled

OPENAM-13573: Concurrent changePassword requests to LDAPAuthUtils may cause "insufficient access rights" failures

OPENAM-13563: Help link on the "Services" XUI page points to out of date documentation

OPENAM-13506: OAuth2 Provider Service REST defaultACR input data not validated.

OPENAM-13499: Incorrect transaction ID used in access events for CREST endpoints

OPENAM-13457: AM 6 XUI favicon icon not being recognised

OPENAM-13438: Setting org.forgerock.openam.ldap.heartbeat.timeout=-1 makes AM unusable

OPENAM-13414: Upgrade to AM6 fails if OAuth2 Provider service lacks tokenSigningHmacSharedSecret

OPENAM-13359: P11RSAPrivateKey fails RSA key check.

OPENAM-13350: Upgrade from 12.0.x to 6.0.0.2 fails with embedded user store

OPENAM-13315: OIDC no longer supports prompt=consent parameter

OPENAM-13310: Allow id tokens to be issued when no datastore configured

OPENAM-13301: When creating Java/Web agent groups, some properties are not tag-swapped

OPENAM-13183: Concurrent changePassword requests to the "users" REST endpoint causes "insufficient access rights" failures

OPENAM-11225: idpSingleLogoutRedirect throws 500 error SLO

OPENAM-8296: OAuth consent screen does not use XUI theme configuration

OPENAM-13456: AM 6 XUI custom FooterTemplate.html and LoginHeaderTemplate.html not being applied

OPENAM-13426: EncryptSAMLIDPSPBasicAuthPwdStep fails in upgrade

OPENAM-13347: Inner Tree Node "tree" choice field not populated after upgrade

OPENAM-13330: Improve SessionResource Authz Module processing

OPENAM-13316: LDAP Decision Node does not return Inactive Account result correctly in eDirectory

OPENAM-13308: LdapDecisionNode failes when Return UserDN to Datastore is set to false

OPENAM-13245: Omitting Node.Metadata annotation kills the loading of all plugins in AM

OPENAM-13236: Amster tries to load custom service subconfiguration before loading realm level configurations

OPENAM-13128: invalid error message returned when user with expired password authenticates with persistent cookie module

OPENAM-13085: WSFederation Active Request Profile authentication request hangs on input-less scripted modules

OPENAM-13031: Failed search for non-existent user in datastore when fetching session properties and user profile is set to ignore

OPENAM-12984: Access Token Endpoint issues search request against datastore for OAuth Client

OPENAM-12173: NumberFormatException for AuthLevel in OAuth2 logs

OPENAM-11642: CustomProperties do not work when creating J2EE/Web Agents via REST

OPENAM-11407: extra space in the CTS 's connection string " openam.internal.example.com:50389" cause OpenDJ-SDK log to grow

OPENAM-10532: SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?

OPENAM-13298: OIDC requests with claims request parameter fail

OPENAM-13249: AM 6 doesn’t recognize custom templates and partials

OPENAM-13157: DCustom Authentication Nodes not being exported correctly

OPENAM-13144: DeviceID Profiles are not saved

OPENAM-13138: 500 internal server error if user does not have a session when providing user code in OAuth2 device flow

OPENAM-13102: Device Match - Server side script fails when error level logging is enabled.

OPENAM-13090: Social Authentication Implementations UI does not accept an auth tree

OPENAM-13078: ScriptedDecisionNode exposes headers in a case sensitive map

OPENAM-13053: ScriptingService doesn’t add the new values to whitelist during upgrade

OPENAM-12338: policies?_action=evaluate checks all policy sets

OPENAM-12209: 'acr' and 'acr_sig' parameters can become duplicated during step-up authn, should not be present in url

OPENAM-11962: Calling Logout and passing a goto URL parameter with an expired session, goto URL is ignored

OPENAM-11240: "Skip This Step" button on the ForgeRock Authenticator (OATH) screen is missing (HOTP)

OPENAM-10296: Session UI only allows searching for users in datastore

OPENAM-13100: LDAP Decision node fails with NPE when used with Active Directory

OPENAM-13083: Profile KBA: custom questions are not displayed

OPENAM-13082: address claim in default OIDC claims script outputs non-spec compliant format

OPENAM-12912: Upgrade 5.5.x -→ 6.x fails if Amster has been used at some point to export/import

OPENAM-12867: IdP-Proxy - Single Logout fails as LogoutResponse is not signed

OPENAM-12784: ProviderConfiguration is not spec compliant

OPENAM-12419: Policy rules not updated when external configuration store connection restarted

OPENAM-13103: AM Overview Sample Monitoring Dashboard policy throughput metrics not grouped by AM instance

OPENAM-13099: AM Overview Sample Monitoring Dashboard session metrics also count changes to authentication sessions

OPENAM-13084: Entity Import ordering in amster

OPENAM-13074: Fix UI sections for authentication modules

OPENAM-13068: Sample Facebook-ProvisionIDMAccount auth tree has wrong "connections"

OPENAM-13008: Occasional shutdown error for AM

OPENAM-13006: Missing upgrade steps for OAuth2 ID Token SIgning and Encryption Algorithms

OPENAM-12938: ODSEE fails to load identities

OPENAM-4040: SSO failure between SPs in separate CoTs with same hosted IDP

OPENAM-12703: UnsupportedOperationException seen on SAML related session logout

OPENAM-12626: OIDC endSession endpoint does not call post authentication plugin onLogout functions

OPENAM-12553: IdP Logout is ignored when using SAML2 Auth module and trying to use a goto

OPENAM-12477: id_token requested using grant_type=authorization_code returns auth_time in milliseconds

OPENAM-12418: Unable to access Forgerock OATH for users with Profile when caching disable

OPENAM-12415: Self-Service KBA questions of TopLevel Realm(or Global Service) override SubRealm’s

OPENAM-12413: Enabled "'Return User DN to DataStore" of LDAP auth-module is resulting in one redundant search for "uid=uid=demo" in the configuration store

OPENAM-12412: Multi-valued LDAP attributes are not added to the OIDC id_token as expected

OPENAM-12380: Client ip audit logging is not storing as IP but a list of IPs

OPENAM-12377: WS-Fed extended metadata with unknown COT value should generate an error

OPENAM-12370: JWT verification fails when token idle time is too long

OPENAM-12357: ssoadmin tools distro include release canditate libraries

OPENAM-12333: AMIdentitySubject policy evaluation not cache when a lot of groups and datatsore is use with delegated admin

OPENAM-12252: Delegated admin with Stateless Session, causes Admin Console failure.

OPENAM-12245: "Authentication by Module Instance" policy env condition doesn’t work in session upgrade case

OPENAM-12244: Monitoring services unable to connect to Port

OPENAM-12234: Values for objects of type com.sun.xml.bind.util.ListImpl are not printed in debug logs

OPENAM-12226: Device Match - server side script fails

OPENAM-12219: Resource leak in MonitoringAdapters#getMonAuthList

OPENAM-12194: SLO with the SAML2 Auth Module PAP redirects to 'XUI/nullnull' when IDP has no SingleLogoutService defined

OPENAM-12166: Resource #3.0 logoutByHandle request fail with status 500 error

OPENAM-12161: Expires attribute in WS-Fed Active Requestor Profile is expected but is optional

OPENAM-12144: getSessionInfo endpoint _fields parameter doesn’t work

OPENAM-12135: OIDC token generated with datastore module takes case from request rather than from the datastore

OPENAM-12109: Syslog Audit Event Handler buffer size should be configurable

OPENAM-12082: Outlook with WS-Fed uses cached credential after AD password change.

OPENAM-12075: OIDC without a datastore returns "User must be authenticated to issue ID tokens"

OPENAM-12062: XUI DashBoard does not show trusted devices etc if user search attribute of the data store is not 'uid'

OPENAM-12054: Cumulative upgrades of OpenAM (e.g. 5.1.0 to 5.5.0 to 5.5.1) fail with "Writing Backup; Failed!" error

OPENAM-12026: Self-service user registration gets "Bad Request" on LDAP error 19

OPENAM-12022: Self-service registration for existing user displays "Detected conflict in request"

OPENAM-12011: Session is not refreshed reliably when using oauth2/authorize endpoint

OPENAM-11994: NullPointerException in ResourceOwnerOrSuperUserAuthzModule.getUserIdFromUri

OPENAM-11988: HTTP 500 when validating SSO tokens if API version is omitted in AM 5.5

OPENAM-11980: Social OIDC wizards do not work when provisioning accounts locally

OPENAM-11976: XUI Session query session by username does not work with

OPENAM-11968: SAML2 Auth Module does not accept SAML2 AuthResponse with no SessionIndex

OPENAM-11966: saml2 SSO 'better' auth’n comparison fails with 'Invalid status code in response'

OPENAM-11961: KBA update fails if Self-service is configured in sub-realm and root realm has no datastore

OPENAM-11956: SAML2 RelayState values are seen as invalid if they are not a URL which appears to go against the spec

OPENAM-11944: REST OAuth2 creation triggers objectClass=* search

OPENAM-11937: Federation UI does not allow empty NameIDMappingService

OPENAM-11925: CORSFIlter causings failures after moving to 5.x from 13.5.x

OPENAM-11909: Demo user creation is based on whether a userCfg is specified, rather than when it’s set to embedded

OPENAM-11829: SSOToken idletime reset even when it shouldn’t be

OPENAM-11818: Oauth2 authn module incorrectly POST state parameter to token endpoint

OPENAM-11789: User remains on 'Loading' page with 'OAuth2.0/OIDC' auth module if authId token expires before entering credentials

OPENAM-11759: Memory leak affecting policy evaluation for stateless sessions

OPENAM-11746: Syslog data is not fully RFC compliant

OPENAM-11678: 'Oldest' REST passwordreset selfservice unusable

OPENAM-11673: Policy evaluation response is incorrect if the URL query string sent for evaluation contains the string ://

OPENAM-11661: Prevent Restlet from adding the Server header

OPENAM-11548: Improve Scope validator class loading error handling

OPENAM-11547: Missing entry or corrupted value in "com.iplanet.am.version" causes upgrade failure

OPENAM-11491: Upgrading OpenAM results in failure due to restSMS.xml

OPENAM-11477: SLO through IDP Proxy loses the RelayState

OPENAM-11432: Extra space in Policy 's Resource Type will cause policy evaluation to fails

OPENAM-11402: OpenAM does not enforce OAuth2 spec for "Resource Owner Password Credentials Grant" flow

OPENAM-11398: OpenAM ACI installation instruction does not work for OpenDJ productionMode

OPENAM-11157: Oauth2/OIDC Authentication redirect goto value wrong when behind reverse proxy

OPENAM-10673: SAML2 authentication module fails to redirect to IDP after failing DeviceID match module

OPENAM-10619: Post Authentication Plugin not run during session upgrade

OPENAM-10591: Generate more debug details about the JSON that is failing when JsonPolicyParser throws a UNABLE_TO_SERIALIZE_OBJECT exception

OPENAM-9717: TimerPool deadlock on ssoadm shutdown (client SDK)

OPENAM-9629: OAuth2 flow creates GENERIC CTS tokens that never expire

OPENAM-8264: Insufficient validator for service property 'iplanet-am-auth-hmac-signing-shared-secret'

OPENAM-7911: Improve Error Message: "Invalid Suffix"

OPENAM-5991: IP Address logging in SAML2 audit logs is not consistent

OPENAM-5865: AuthLevelCondition will not retrieve request auth level for a capital-letter realm.

OPENAM-1167: WindowsDesktopSSOConfig ClassCastException on saving configuration in admin UI == 5.5.0

OPENAM-11834: Passwords being set to empty strings in tabbed forms in XUI

OPENAM-11646: Cookie values wrapped in double quotes

OPENAM-11632: CDCServlet does not work with realm

OPENAM-11610: WindowSSO module broken in AM 5.5 after upgrade

OPENAM-11526: Realm Authentication chain post authentication classes PAP not triggered on chains with multiple modules

OPENAM-11391: Requesting 'OAuth2.0/OIDC' auth module a second time results in display of AM’s "Authentication Failed" page

OPENAM-11300: OIDC request parameter is failing when message level is enabled

OPENAM-11280: authentication with noSession=true fails if post authentication plugin class is present

OPENAM-11218: OpenAM throws service error for Application Module

OPENAM-11217: SAML2 Authentication module is not invoking custom SP Adapter class implementing a preSingleSignOnRequest() method

OPENAM-11196: Incorrect debug logging level used in FMEncProvider.getEncryptionKey

OPENAM-11154: Memory leak in SMSEventListenerManager#subNodeChanges

OPENAM-11115: Push authentication should use alias attributes to find identities

OPENAM-11101: Social Auth links do not contain the goto url

OPENAM-11070: Need OAuth2 authentication to work in Android with implied consent

OPENAM-11057: Global User Self Service UI does not display values

OPENAM-11015: ForceAuth session upgrade does not work

OPENAM-10971: FR-OATH auth module can not be used in auth chain if the username in sharedstate map does not 'match' the search attribute of the data store

OPENAM-10970: logout response binding should be selected based on the capabilities of the SP

OPENAM-10965: Stateless OAuth2 can’t verify access and refresh token

OPENAM-10931: IdentitySubject not adding isMember() result to cache after entry has changed

OPENAM-10782: endSession with an id_token generated from a refresh_token request does not destroy the session

OPENAM-10756: setSucessModuleNames in AMLoginModule calls AuthModule’s getPrincipal multiple times

OPENAM-10585: The "claims" Request Parameter from the openid standard isn’t functional

OPENAM-10578: Stateless access token doesn’t contain the grant type

OPENAM-10562: Audit log 'Configuration' entries are not written when using external configuration store

OPENAM-10332: Quota constraints exceeded - Interim Fix

OPENAM-10129: OAuth2 Device flow - user code verification is case-insensitive

OPENAM-10103: output from re-indexing action during initial configuration is lost

OPENAM-10102: insufficient progress information during configuration

OPENAM-10013: HOTP session upgrade not possible in XUI if the wrong code is entered first time

OPENAM-9979: Authentication chain post authentication classes are not used if realm level PAP setting exists

OPENAM-9885: Oauth2 load: Tomcat keeps logging "WARNING: Addition of the standard header "Pragma" is discouraged as a future version of the Restlet API will directly support it"

OPENAM-9156: 'Not Found' error in UI when opening a custom auth module created with ssoadm with the name the same as type

OPENAM-8771: "Unknown Error: Please contact your administrator", shown with FacebookSocialAuthentication option "Prompt for password setting and activation code" (org-forgerock-auth-oauth-prompt-password-flag)

OPENAM-8270: Using client_credentials Grant type with openid scope returns User must be authenticated to issue ID tokens

OPENAM-8063: Merge Debug Files feature does not work correctly

OPENAM-7781: persistent cookie auth module does not allow to change cookie name by default

OPENAM-7437: Finish button of Identity Provider wizard doesn’t work

OPENAM-5864: Quota constraints exceeded in multi-instance with LB and CTS enabled

OPENAM-5153: Auth modules should call setAuthLevel after successful login

OPENAM-5152: AMAuthLevelManager miscalculates auth level

OPENAM-3679: IDP Finder fails to validate relaystate

OPENAM-1325: OpenAM fails to setup when deployed under the root uri ( '/' )