Known issues
The following important issues remained open at the time of the latest release for each version:
AM 7.5
-
OPENAM-22151: Expiration of cache held in StatelessJWTCache could cause Internal Server Error
-
OPENAM-22067: Stateless Session denylist caching and bloomfilter layers removed on config change
-
OPENAM-22031: LDAP Decision node change of behavior when user is locked from password change screen
-
OPENAM-21820: Set policy result TTL to
0
when using Environment Policy Active Session -
OPENAM-21819: Default value for LinkedIn configuration uses out of data scopes
-
OPENAM-21683: AM lets you create anonymous user when it already exists
-
OPENAM-15948: Update DS profiles to add VLV indexes for CTS use
AM 7.4.1
-
OPENAM-22846: External application/policy store active/passive load balancing isn’t working
-
OPENAM-22795: SAML2 encryption method can’t be changed using IDP remote SP host settings
-
OPENAM-22674: Unable to create encrypted PEM that works for Secrets ENCRYPTED_PEM
-
OPENAM-22656: Setting
JWKs URI content cache timeout
to a small value throws an error -
OPENAM-22608: Non-extractable secrets in HSM fail to work on AM for SAML v2.0 XML signing
-
OPENAM-22479: LDAPv3 Userstore Connection doesn’t reconnect without Heartbeat enabled
-
OPENAM-22151: Expiration of cache held in StatelessJWTCache could cause Internal Server Error
-
OPENAM-22102: Adjusting
evalThreadSize
has no effect -
OPENAM-22009: Providing an invalid alias to a secret store mapping breaks AM
-
OPENAM-21959: Unable to create next-generation script in XUI if default script language is Groovy
-
OPENAM-21893: Configurator not releasing resources on failure
-
OPENAM-21823: Page node with Scripted Decision node doesn’t persist
withErrorMessage
value -
OPENAM-21741: SSOADM fails to install or run due to
mtlsAlias
field in boot.json -
OPENAM-21636: AM is unable to run in FIPS compliance mode due to RAW keys
-
OPENAM-19810: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey' or cannot work with unextractable key when using HSM
-
OPENAM-16797: Allow Custom OATH/Push/WebauthN device integrations to be managed by standard AM interface
-
OPENAM-15834: Access token call fails when an unsupported claim is requested
-
OPENAM-12197: Custom methods
postSingleSignOnSuccess
andpostSingleSignOnFailure
aren’t called by SAML Authentication module or node -
OPENAM-4201: XUI returning messages based on localized responses from REST authentication interface
AM 7.4
-
OPENAM-21609: OAuth2Provider service created immediately after install/restart isn’t available in code flow
-
OPENAM-21569: Rapid policy evaluation using token of deleted user leads to HTTP 500 error
-
OPENAM-21545: Unable to create a circle of trust in file-based configuration with external data store
-
OPENAM-21497: Editing the mappings for an existing secret store throws an exception
-
OPENAM-21441: Policy evaluation with LDAPFilter condition uses config store user instead of identity store user
-
OPENAM-21379: Unable to read SMS config when request is too quick after changing configuration
-
OPENAM-21363: Unable to modify an external data store configuration when set as a global default data store but not referenced in a realm
-
OPENAM-21311: XUI performs logout of newly created session when resuming authentication with no further callbacks
-
OPENAM-21294: Remove openam-core from Soap STS server
-
OPENAM-21284: AM returns a 500 Internal Server Error response when providing an invalid
client_id
to thedeleteUserPasswords
agent action -
OPENAM-21178: Social authentication "Secret" field not mandatory
-
OPENAM-20927: User info is still cached after removing privilege from group
-
OPENAM-15948: Update DS profiles to add VLV indexes for CTS use
AM 7.3.1
-
OPENAM-21972: SAML Artifact Binding is failing in load-balanced deployments such as K18S
-
OPENAM-21820: Set policy result TTL to 0 when using Environment Policy Active Session
-
OPENAM-21802: Email Service value Transport type is overwritten in the static config export
-
OPENAM-21773: The Secondary Configurations tab is missing from the Global Email service
-
OPENAM-21772: No OAuth 2.0 clients displayed in the UI when AM has more than 1000 clients
-
OPENAM-21743: WebAuthN Node with AM XUI: Error is rendered along with Recovery code button
-
OPENAM-21734: WebAuthn Registration Node: UserNotVerifiedException not caught leading to Node failure
-
OPENAM-21683: AM lets you create anonymous user when it already exists
-
OPENAM-21682: OAuth 2.0: AM doesn’t redirect back to the client if consent is denied and no redirect_uri is present in the query parameters
-
OPENAM-21535: The logout at AM’s GUI only target the root realm instead of the respective sub realm
-
OPENAM-21466: AM using social OIDC authentication fails to verify
idtoken
if the remote JWK_URIs have duplicatekid
-
OPENAM-21441: Policy evaluation with LDAPFilter condition uses config store user instead of identity store user
-
OPENAM-21407: External data store config min connection pool can be set higher than the max connection pool and the config can still be persisted
-
OPENAM-21406: Realm services are no longer accessible after deleting the “External Data Stores” service
-
OPENAM-21379: Unable to read SMS config when request is too quick after changing configuration
-
OPENAM-21363: Unable to modify an external data store config when it is set as a global default datastore but not referenced in any realm
-
OPENAM-21354: OAuth2 provider: Insufficient debug logging for SAML bearer authorization grant
-
OPENAM-21327: Unable to specify property name with a '-' when configuring policy environment conditions
-
OPENAM-21322: AM Console allows Entity Provider to be created with space at end of the name
-
OPENAM-21319: Policy and Application Store Cache is not updated in multiple server deployment when changes are made
-
OPENAM-21309: DefaultDataStoreConfigurationManager shouldn’t establish DS connection in FBC mode
-
OPENAM-21305: Dynamic Client Registration does not permit setting Client ID Token Public Encryption key
-
OPENAM-21294: Remove openam-core from Soap-STS server
-
OPENAM-21273: TOTP Registration information no longer contains Issuer in the otpauth’s PATH
-
OPENAM-21270: OAuth2 resource owner password credential grant (ROPC) token response does not tell reason for failure
-
OPENAM-21204: Scripted node - idRepository.setAttribute does not execute catch block when setting userPassword attribute fails
-
OPENAM-21193: AM-Config-upgrader amupgrade cannot work on Windows
-
OPENAM-21191: In AM 7.3, web agent sessions have a lifetime of 42 years
-
OPENAM-21187: AM agent UI fails when an agent configuration present in FBC and external store is used,
-
OPENAM-21127: Config Upgrader Exception CreateSecretStores at 6.5.x-to-7.x.x on Windows 2019
-
OPENAM-21114: Trusted JWT Issuer does not provider correct error and lack information on defined behaviour
-
OPENAM-21085: Undefined bindings in Groovy scripts are evaluated as defined
-
OPENAM-21076: KerberosNode and Window SSO module uses System.setProperty to set kerberos realm
-
OPENAM-21055: Unable to get AMIdentityRepository in custom code in 7.3
-
OPENAM-21053: UserId is missing from
access.audit.json
for JWT client authentication flow usingorg.forgerock.security.oauth2.enforce.sub.claim.uniqueness=false
-
OPENAM-21046: Insufficient logging in Create and Patch Object nodes
-
OPENAM-21003: IE11 not working during SAML tree authentication due to use of Arrow function
-
OPENAM-20976: Consent Collector node "Next" button text localization not working
-
OPENAM-20975: OATH Registration node "Next" button text localization not working
-
OPENAM-20937: Migration from OATH module to Auth Tree using OATH Token Verifier causes OathVerificationException: null
-
OPENAM-20920: NPE in
SPSSOFederate#getSingleSignOnServiceEndpoint
when binding is null and SSO endpoint list contains non-SAML2 entries -
OPENAM-20899: ConfigurationAttributes class is exposed but there is no class file or Javadoc available for it
-
OPENAM-20896: Supported AMIdentity API getMembership and others changed
-
OPENAM-20809: IE11 doesn’t work with AM 7.2.1-RC1 and AM 7.3.0
-
OPENAM-20766: Insufficient debug logging to troubleshoot WS-Federation issuing party issue
-
OPENAM-20314: Social Provider Handler Node / Social Identity Provider Service - the search for existing link is hard coded to Sub claim (regression)
-
OPENAM-18111: Next attempt in InnerTreeEvaluatorNode will get previous transient state
-
OPENAM-17679: User text not showing up for IDM Provisioning Service
-
OPENAM-17340: AM 7 lack of integration for logger from config for logback
-
OPENAM-15948: Update DS profiles to add VLV indexes for CTS use
-
OPENAM-15410: Enable modifying Access Token audience claim in OIDC
AM 7.3
-
OPENAM-20751: Authentication errors with AM on Windows and connection errors in session log
-
OPENAM-20703: Tree secure state retained unnecessarily long
-
OPENAM-20647: Incorrect exception thrown when trying to access the static method of a non-allowlisted class
-
OPENAM-20572: End user password reset email field is not validated
-
OPENAM-20557: OATH recovery codes are not displayed if Registration node is followed by OATH Token Verifier node
-
OPENAM-20556: OATH recovery codes are not displayed if
Store device data in shared state
is selected in OATH Registration node -
OPENAM-20543: Display page node header, description, and footer, in correct default language
-
OPENAM-20520: HttpClient sent request is not returning the correct response object
-
OPENAM-20517: Acceptable variance configuration not working for Device Match node
-
OPENAM-20516: Create tree command fails when using POST with
_action=create
-
OPENAM-20515: Delete fails for Authentication node, when its
_id
is not a UUID -
OPENAM-20513: Random login failure when using registration tree
-
OPENAM-20496: Null
refresh_token
for OAuth 2.0 token exchange delegation case -
OPENAM-20324: Default install of AM does not have the updated identity classes in the policy script whitelist
-
OPENAM-20299:
com.iplanet.am.session.agentSessionIdleTime
is not honored using Agent authentication tree -
OPENAM-20188: Using session cookie created before AM is restarted
-
OPENAM-20077: Access token modification script does not have access to client for client_credential grant flow if realm configured to ignore profile
-
OPENAM-19988: Using an
id_token
generated by AM in a policy condition does not work -
OPENAM-19878: ArrayIndexOutOfBoundsException in SAML2
-
OPENAM-19829: Build fails on module
openam-encryption-support
when using JDK 18
AM 7.2.2
-
OPENAM-21441: Policy evaluation with LDAPFilter condition is done with config store user instead of identity store user
-
OPENAM-21683: AM lets you create anonymous user when it already exists
-
OPENAM-21682: OAuth 2.0: AM doesn’t redirect back to the client if consent is denied and no redirect_uri is present in the query parameters
-
OPENAM-21074: Amazon SNS client code doesn’t support external proxy authentication
-
OPENAM-20927: User info is still cached after removing privilege from group
-
OPENAM-20754: SAML pages saml2-write.js and saml2-read.js can cause error due to javascript
-
OPENAM-20442: Trim whitespace at the end of email input before validation in Attribute Collector node
AM 7.2.1
-
OPENAM-20546: Ensure AM handles an empty value for the authorization JWT response signing algorithm
-
OPENAM-20479: OIDC authentication request fails if request is sent as unsecured JWS
-
OPENAM-20457: DeviceLocationMatchNode fails when location service is disabled in browser and is unable to collect location information
-
OPENAM-20396: Authentication tree is selected by order of
acr
to tree mapping, not the default values and order is not preserved -
OPENAM-20104: The
fragment
response_mode for the /oauth2/authorize endpoint is not working
AM 7.2
-
OPENAM-19619: NodeState keys API does not return all keys using a wildcard (*)
-
OPENAM-19613: PSearch is already removed error message should be warning
-
OPENAM-19567: InvalidCount variable does not update after successive failed attempts
-
OPENAM-19480: 500 Internal Server Error on /json/scripts with "not equal" CREST filter
-
OPENAM-19476: AbstractUpgradeHelper#updateChoiceValues does not handle i18nKey values
-
OPENAM-19451: When using Chrome WebAuthn simulator and WebAuthn set with attestation DIRECT fails
-
OPENAM-19422: KeepAlive search filter shouldn’t be Absolute True and False Filters
-
OPENAM-19375: Searching JavaDoc does not function correctly
-
OPENAM-19371: Updating an auth tree over REST requires all the nodes to be listed in the payload
-
OPENAM-19261: Introspect call for tokens obtained via the client credentials grant produces error, warning
-
OPENAM-19213: AM doesn’t work in Tomcat 10
-
OPENAM-19187: Unable to remove Saml2 IDP Attribute Mapper scripts using UI
-
OPENAM-19139: AM reports authorization errors using fragments on form_post requests
-
OPENAM-19118: Authentication audit events not logged when ScriptedDecisionNode script contains a syntax error
-
OPENAM-19084: Response does not comply to Standard when Requesting Claim that are Unavailable
-
OPENAM-19081: Modules of type OpenID Connect id_token bearer are not correctly handled in UI and in datastore
-
OPENAM-19030: AM Logs an Error if Resource Type cannot be found
-
OPENAM-19008: AuthTreesSecretsApiStep creates a potentially invalid secret mapping
-
OPENAM-18961: BasicOAuth2RequestImpl throws error at "ERROR" level
-
OPENAM-18935: Inconsistent behavior in ConfigProviderNode when omitting config properties
-
OPENAM-18544: AM Access Auditing Reports FAILURE on 302
-
OPENAM-18512: UMA resource set endpoint doesn’t list all relevant resource sets
-
OPENAM-18481: OIDC client mandates kid value in JOSE header
-
OPENAM-18469: Persistent Claims doc string references "RFC 123"
-
OPENAM-18394: Bazel fails to download Maven dependencies on first compilation
-
OPENAM-18375: Common password policy validation fails when using Registration Tree
-
OPENAM-18351: Form parameter is not recognized in access_token endpoint
-
OPENAM-18254: Attempting to create a user via Registration Tree fails after scaling up ds pods
-
OPENAM-18122: FBC rule written to remove reference to MAY_ACT default script set null instead of [Empty]
-
OPENAM-17957: Identify Existing User node fails with exception when more than one user is found
-
OPENAM-13329: Trees Display Character Encoding in Settings Dropdown Menu
-
OPENAM-12492: Identities: 500 Error when switch to Services tab on anonymous profile
AM 7.1.4
-
OPENAM-21180: Amster should set file encoding to UTF-8 internally
-
OPENAM-21158: Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2
-
OPENAM-21155: Unable to remove OAuth 2.0 client with name that includes a period (
.
) in XUI -
OPENAM-21100: SAML v2.0 IDP single logout (SLO) using HTTP redirect needs Request stickiness and HA.
-
OPENAM-21031: Google KMS secret store configured in AM exceeds the rate limit
-
OPENAM-20927: User info is still cached after removing privilege from group
-
OPENAM-20766: Insufficient debug logging to troubleshoot WS-Federation issuing party issue
-
OPENAM-20761: Create EngineConfiguration fails when using POST with
action=create
-
OPENAM-20754: SAML v2.0 pages
saml2-write.js
andsaml2-read.js
can error out due to javascript -
OPENAM-20753: With the LDAP authentication node, the
username
is incorrectly set for multi-valued attributes -
OPENAM-20745: Insufficient debug logging to troubleshoot JWK_URI keys issue
-
OPENAM-20742: WS-Federation entities can not be manged through the AM UI
-
OPENAM-20728: Push log is noisy even when the Push Service is not used
-
OPENAM-20706: Unnecessary config store queries for services that don’t exist
-
OPENAM-20705: SAML v2.0 circle of trust status has no effect
-
OPENAM-20683: UI does not handle multi-valued attributes
-
OPENAM-20645: JWK_URI endpoint is not thread safe
-
OPENAM-20582: JWT client authentication:
iss
claim value must matchsub
claim value -
OPENAM-20581: JWT Client authentication fails but the root cause can not be determined from the logs
-
OPENAM-20570: NullPointerException is thrown when
searchAttribute
is not available in the user identity -
OPENAM-20539: Access Token to OIDC Id Token exchange fails for
pairwise
subject type -
OPENAM-20505: OAuth 2.0 clients / groups list sort function is not working
-
OPENAM-20480: FBC/Amster config upgrade rules are missing for removed properties
-
OPENAM-20441: OATH Registration node generates Base32 padded secret
-
OPENAM-20405: Transient state that is populated in an inner tree is not available in the parent tree
-
OPENAM-20379: REST STS doesn’t work with
com.iplanet.am.cookie.encode=true
-
OPENAM-20333: The Enable Cookies Message is inconsistent
-
OPENAM-20332: When the
requested
scope andconsent
scope are different, a server error occurs during JWT Bearer Authorization policy evaluation -
OPENAM-20331: Policy scope evaluator does not work well with JWT Bearer Authorization grant
-
OPENAM-20308: Access token with auth_level changes does not persist after refreshing token
-
OPENAM-20271: Certificate Validation node fails when optional properties are not configured
-
OPENAM-20261: Problem with User/CTS affinity failover when the DS disk volume is detached
-
OPENAM-20254: When Hosted SP Default RelayState is specified, you shouldn’t need an entry in the Relay State URL List
-
OPENAM-20242: Certification Validation node: Certificate-based authentication requires LDAP
-
OPENAM-20239: Setting the
keepalive
orheartbeat
interval to a negative value in the IdRepo config causes an error -
OPENAM-20234: Setting the LDAP Connection Heartbeat Interval to zero breaks persistent search
-
OPENAM-20231: OAuth 2.0 token introspection - stacktrace is withheld
-
OPENAM-20216: Fixed size LDAP connection pool not properly established
-
OPENAM-20202:
org.forgerock.services.cts.store.root.suffix
CTS setting is used when CTS store mode is default -
OPENAM-20177: Insufficient information in warning message to troubleshoot root cause
-
OPENAM-20143: Unnecessary ERRORs logged when adding pointers in the
Field
allowlist filters
AM 7.1.3
-
OPENAM-19749: Authentication failure when using a specific locale containing a
_
character in Message node -
OPENAM-19743: Message node allows empty value for locale name
-
OPENAM-18818: Persistent search error message shows wrong DS identifier
-
OPENAM-18613: Web upgrader fails during second instance upgrade
-
OPENAM-18558: OIDC Client Group Inheritance not honoured immediately
-
OPENAM-17768: Enabling allowlisting in trees causes an infinite redirect loop in the registration tree
-
OPENAM-17687: XUI selects wrong partials if a new partial exists with the same prefix
-
OPENAM-17418: OpenId account mapping fails because userInfo subject claim has value
usr!demo
-
OPENAM-17315: Update defaults scripts with the change introduced in COMMONS-628
-
OPENAM-16449: Filter fields on the Scripts admin page do not work
AM 7.0.2
-
OPENAM-17663: Improve the error response code for "Failed to revoke access token"
-
OPENAM-17452: SAML bearer grant flow using signed assertions fails - signature validation failure
-
OPENAM-17394: Callback types should be part of the supported API
-
OPENAM-17256: Text is overlapping buttons in configuration UI in Firefox while adding new server
-
OPENAM-16939: IDM nodes does not follow proxy settings
-
OPENAM-16561: OAuth Consent screen does not apply theming
-
OPENAM-16554: Misplaced bufferingEnabled checkbox in New Syslog configuration
-
OPENAM-16539:
userinfo
endpoint does not return expected user attributes -
OPENAM-16522: Device Save Node failed on Platform environment
-
OPENAM-16491: SAML Update introduces javascript calls that aren’t available in IE8 and below (or IE11 using Enterprise mode)
-
OPENAM-16280: German login page translation is not complete
-
OPENAM-16261: Node dev guide - CoreWrapper is not supported API
-
OPENAM-16258: Resource login fails to work to Authenticate to Module instance
-
OPENAM-16229: Exceptions logged while upgrading to AM7
-
OPENAM-16202: Deleting SAML2 entities in console does not remove them from COT
-
OPENAM-16197: social authmodule does not send activaion email if un-authenticated SMTP server is used
-
OPENAM-16105: AM Login UI cannot handle self service and SDK authentication callbacks
-
OPENAM-16076: An auth node config marked @password (type char[]) cannot also be Optional
-
OPENAM-16068: Annotation based service implementation provides no way to deregister service listeners
-
OPENAM-15892: ScriptingSchemaStep clears whitelist customisations on upgrade
-
OPENAM-15879: openam > ui-admin > entire sessions view disappears when querying with asterisk
-
OPENAM-15861: NullPointerException in CollectionHelper.getServerMapAttrs
-
OPENAM-15860: IdP Init SAML SSO results in two set-cookie: amlbcookie headers in SP Consumer response
-
OPENAM-15812: WebAuthN Node for a user with a webauthn profile for another site causes authenticator to complain using wrong security key
-
OPENAM-15791: The /json/groups endpoint is not accessible to the Agents
-
OPENAM-15727: JWT minted by oauth2/authorize does not have correct acr claim when an upgraded SSO token is used
-
OPENAM-15699: _fields query parameter for API "Action" end point eg _action=refresh does not work as documented
-
OPENAM-15609: CorsService API Descriptor text doesn’t match functionality
-
OPENAM-15534: LDAP connection errors when using DS7 and rest2ldap test
-
OPENAM-15351: During Upgrade Scripts are not updated
-
OPENAM-15253: Upgrade fails if external data store for Applications and Policies is used
-
OPENAM-15037: React-select-multi component - when key pressed to add an entry the previously selected entry remains highlighted
-
OPENAM-15027: React-select-multi component - when enter is clicked on the 'x' of selected entry to delete, form is submitted
-
OPENAM-14897: Default values for JWKs URI content cache timeout and miss timeout are not set on upgrade
-
OPENAM-14887: TimerPool logs error during AM graceful shutdown
-
OPENAM-14882: OAuth2 do not log scopes while using device code flow
-
OPENAM-14838: Trusted JWT issuer cache is refreshed inefficiently affecting other lookups
-
OPENAM-14837: Trusted Issuer lookup does not pick up modified issuer values
-
OPENAM-14834: JWT bearer grant implementation finds trusted JWT issuers by performing an unindexed search
-
OPENAM-14755: NullPointerException if auth module callback xml file can not be retrieved by ResourceLookup
-
OPENAM-14666: XUI - InternalError: "too much recursion" error can appear when Adding/Viewing/Updating realms
-
OPENAM-14602: The API documentation for some Node API is missing methods/fields in 6.5/7
-
OPENAM-14594: Possible thread-safety issue in OIDC pairwise subject identifiers
-
OPENAM-14576: Configuration LDAP accessed when users endpoint accessed
-
OPENAM-14500: SAML SP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded
-
OPENAM-14499: SAML IdP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded
-
OPENAM-14494: In Firefox the text is cropped inside of the realm’s card on Dashboard
-
OPENAM-14404: Multiple calls being made to session endpoint by XUI when session cookie lost
-
OPENAM-14343: AM console - localisation issue for algorithms in global Common Federation Configuration
-
OPENAM-14322: Servers → Directory Configuration API Can Be Broken With Crafted Payload
-
OPENAM-14290: Caching issue for 'users' REST endpoint
-
OPENAM-14263: Bad title for External Data Stores secondary configuration page
-
OPENAM-14207: NullPointerException AM Console if IDPSSODescriptor is missing attribute 'WantAuthnRequestsSigned'
-
OPENAM-13962: Errors during shutdown of AM
-
OPENAM-13513: Call Authentication Tree in a Radius Client
-
OPENAM-12207: Created OAuth2 client using curl request with defined scopes breaks the AM UI
-
OPENAM-11737: http.response.headers not populating in audit logs
-
OPENAM-11083: Delegated Admin cannot create Oauth2 Provider in realm
-
OPENAM-10696: Login screen does not show mobile users feedback on failure
-
OPENAM-10554: AM installation fails if BASE_DIR is different from the path in .openamcfg
-
OPENAM-10427: LDAP connections created by the configurator wizard are never closed
-
OPENAM-71: SAML2 error handling in HTTP POST and Redirect bindings
AM 6.5.5
-
OPENAM-18283: If IDP session is no longer valid, IDPSLO does not redirect to RelayState
-
OPENAM-18268: webauthnDeviceProfiles is not multi value for AD
-
OPENAM-18245: Creating a SAML2 entity with a double space results in SAML2 entity with a single space
-
OPENAM-18039: WebAgent groups with 'Custom Properties' can not be managed via XUI-based AM console after upgrade
-
OPENAM-18034: Unable to set OAuth2Provider service attributes with ssoadm
-
OPENAM-17375: Social Auth Provider links only show on login page if using ldapService
-
OPENAM-17246: LDAP IdRepo - it’s not possible to change the value of the 'LDAP Users Search Attribute' of an user identity subject via identity REST API
-
OPENAM-17245: 'User Attribute Mapping to Session Attribute' does not work for authentication trees
-
OPENAM-17203: With the OIDC Hybrid flow and implied consent on, scopes added by a customer scope validator are not available in claims script
-
OPENAM-17198: "Illegal character in scheme name" error when creating client-based access and refresh tokens with client ID that contains special chars
-
OPENAM-16976: Resource-based authentication does not evaluate policies in new policy set (not in default iPlanetAMWebAgentService)
-
OPENAM-16745: client_id in access token ignores what’s been registered when idm cache is disabled
-
OPENAM-16712: Importing SAML2 Metadata with both IDP and SP with cot ends up with duplicated extended metadata
-
OPENAM-16703: OAuth2 Access token obtained from refresh token is certificate-bound regardless of "Certificate-Bound Access Tokens" configuration (when client_secret_basic used for credentials)
-
OPENAM-16669: IdentityGateway Agent entry missing attribute required to support org.forgerock.openam.agent.TokenRestrictionResolver#getAgentInfo
-
OPENAM-16540: Issues with Social Login URLs when navigating quickly between providers
-
OPENAM-16282: Upgrade may fails during upgrading SAML2 secret
-
OPENAM-16223: Product nodes and marketplace/community/custom node cause naming clashes and prevent nodes with same name coinciding together
-
OPENAM-16067: Potential memory leak when OAuth2 provider config changes
-
OPENAM-15900: Kerberos fails when used with IBM JDK.
-
OPENAM-15809: Update CORS service for IE11 compatibility
-
OPENAM-15785: OIDC spec violation - HTTP POST can not be used to send Authentication Request
-
OPENAM-15784: Form elements in policy environment condition tab are displayed twice. Workaround Ignore the repeated form field.
-
OPENAM-15659: WS-Federation IP incorrectly determines login URL when AM is deployed to root context
-
OPENAM-15501: Xml encryption 1.1 namespaces aren’t always mapped to prefixes correctly
-
OPENAM-15431: Incorrect SHA-256 and DSA config in xml-security-config.xml
-
OPENAM-15371: ssoadm import-svc-cfg fails with unable to recognize the data store type error
-
OPENAM-15370: ssoadm import-svc-cfg fails with Unable to obtain Server URL
-
OPENAM-15297: AM with Embedded DS - baseDN is hard-coded as dc
-
OPENAM-15154: Update supported ID token encryption algorithms to include ECDH-ES
-
OPENAM-15101: Remove the ability to disable XUI
-
OPENAM-15065: HTTP 500 authentication error in CIBA workflow when user deny request
-
OPENAM-15064: HTTP 500 authentication error in CIBA workflow when user do not have registered mobile device
-
OPENAM-15063: when there is quote in binding message of CIBA request, notification fail to be sent
-
OPENAM-15052: when id_token_hint is not JWT, CIBA authorization request returns HTTP 500
-
OPENAM-15049: wrong JWT while obtaining CIBA auth request id will result in HTTP 500 NPE
-
OPENAM-15040: CIBA authorization request returns HTTP 500 NPE when file is wrong
-
OPENAM-15006: A Choice collector inside a Page Node when re-opened does not show choices
-
OPENAM-14853: Intermittent bug caused by partials not being loaded in-time.
-
OPENAM-14791: AM does not return scope attribute in response when granted scope is empty
-
OPENAM-14666: XUI - InternalError: "too much recursion" error can appear when Adding/Viewing/Updating realms
-
OPENAM-14545: Debug log showing NullPointerException in com.sun.identity.federation.common.FSUtils#getRemoteServiceURLs
-
OPENAM-14047: SAML1 and ID-FF configuration should no longer be present
-
OPENAM-14030: Pressing Enter does not submit New Tree form
-
OPENAM-13985: Authentication Devices Context (Settings) menu is off-screen on mobile devices
-
OPENAM-13942: SAML2 Circle of Trust - REST Update doesn’t update the metadata of the provider
-
OPENAM-13937: AM stack trace in container logs
-
OPENAM-13905: XUI Authentication - Switching realms is not possible
-
OPENAM-13904: Authentication by using the REST API - Switching realms is not possible.
-
OPENAM-13836: Logout page is shown even when the server can’t be contacted
-
OPENAM-13486: AM Upgrade fails on opendj_remove_session_listener_on_all_sessions.
-
OPENAM-13428: EntitlementException not passed to PLL or JSON policy layer.
-
OPENAM-12673: Title should display a translation text, not type in the radius sub configuration pages
-
OPENAM-9098: Changes in
debugconfig.properties
do not take effect immediately. -
OPENAM-3285: OpenID Connect authorization response is not returning required session_state.