Fixes, limitations, and known issues
Key fixes
The following issues are fixed in this release.
Amster 7.2.2
-
OPENAM-21747: Amster not working after connecting when AM REST call has extra
set-cookieheaders -
OPENAM-21277: Running Amster in debug mode doesn’t work on Windows
-
OPENAM-21030: Amster CLI doesn’t work on Windows
Amster 7.2.1
-
OPENAM-19592: Amster - Unable to use Amster in M1 Macbook
-
OPENAM-19411: Amster installation failure with
authorizedKeyparameter when overwriting an existing configuration
Amster 7.2.0
-
OPENAM-18027: Amster import clean fails intermittently with server error 500: Authentication instance does not exist
-
OPENAM-17977: Amster connect command ignores connection-timeout parameter
-
OPENAM-17650: Amster generates RSA keys smaller than recommended
-
OPENAM-17519 Amster 7 package contains outdated elements
Limitations
Amster 7.2 has the following known limitations:
-
No support for load balanced deployments
Amster cannot connect to a load balancer URL. You must connect Amster directly to a single AM instance. Using a load balancer could send sequential commands to different AM instances, and could result in concurrency issues when writing to the underlying configuration store.
-
Bulk import to external application stores with affinity
If affinity is enabled for an external application data store, bulk import intermittently fails with errors similar to the following:
Resource path 'http////////eea87a38e3ca476fa93a3669375ada3a' contains empty path elementsBefore using Amster for a bulk import to an application store, disable data store affinity, or remove the load balancer from the application store deployment. You can re-enable affinity when the import has completed.
-
Importing resources containing slash characters can fail
Some Access Management resources have names that can contain slash characters (/), for example policy names, application names, and SAML v2.0 entities. These slash characters can cause unexpected behavior and failures in Amster when importing into Access Management instances running on Apache Tomcat.
To workaround this issue, configure Apache Tomcat to allow encoded slash characters by updating the
CATALINA_OPTSenvironment variable. For example:On Unix/Linux systems:
$ export CATALINA_OPTS= \ "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" $ startup.sh
On Windows systems:
C:\> set CATALINA_OPTS= ^ "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" C:\> startup.bat
It is strongly recommended that you do not enable org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASHwhen running AM in production as it introduces a security risk on Apache Tomcat.For more information, refer to How do I safely enable the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH setting in AM/OpenAM (All Versions)? in the ForgeRock Knowledge Base.
-
[INFO] messages showing on SuSE on Amster start up
Running Amster on SuSE may produce
[INFO]messages, for example:# ./amster [INFO] Unable to bind key for unsupported operation: up-history [INFO] Unable to bind key for unsupported operation: down-history [INFO] Unable to bind key for unsupported operation: up-history [INFO] Unable to bind key for unsupported operation: down-history OpenAM Shell (version build build, JVM: version) Type ':help' or ':h' for help. ----------------------------------------------------- am>
These messages are caused by the keyboard mappings configured in the
/etc/inputrcfile and can safely be ignored, as they do not affect functionality.
Known issues
Amster 7.2
No new issues were identified in Amster 7.2.1.
-
OPENAM-19039: Amster query command base64-encodes the
_idattribute for Saml2Entities -
OPENAM-18715: Due to an unresolved issue in the updated version of Groovy used by Amster, Amster cannot execute multi-line commands from a script while creating a realm using the
:loadoptionWorkaround : Use a single-line command instead. For example, instead of a multi-line command like this:
payload='{ \ "name": "employeur-test", \ "active": true, \ "parentPath": "/", \ "aliases": [] \ }' create Realms --global --body payloadCreate a single-line command like this:
create Realms --global --body '{ \ "name": "employeur-test", \ "active": true, \ "parentPath": "/", \ "aliases": [] \ }'
| Consider any required modifications to your Amster scripts before you upgrade to version 7.2.0. |