Fixes, limitations, and known issues

Key fixes

The following issues are fixed in this release. For details, refer to the OpenAM issue tracker.

Amster 7.3.1

OPENAM-21747: Rest SDK and Amster send cookies if request has cookie header
OPENAM-21277: Running Amster in debug mode doesn’t work on Windows
OPENAM-21030: Amster 7.3.0 CLI isn’t working on Windows

Amster 7.3

OPENAM-19665 Wrong Java version in README file
OPENAM-19411 Amster installation failure with authorizedKey parameter when trying to overwrite an existing configuration

Limitations

Amster 7.3 has the following known limitations:

No support for load balanced deployments

Amster cannot connect to a load balancer URL. You must connect Amster directly to a single AM instance. Using a load balancer could send sequential commands to different AM instances, and could result in concurrency issues when writing to the underlying configuration store.
Bulk import to external application stores with affinity

If affinity is enabled for an external application data store, bulk import intermittently fails with errors similar to the following:

Resource path 'http////////eea87a38e3ca476fa93a3669375ada3a' contains empty path elements

Before using Amster for a bulk import to an application store, disable data store affinity, or remove the load balancer from the application store deployment. You can re-enable affinity when the import has completed.
Importing resources containing slash characters can fail

Some Access Management resources have names that can contain slash characters (/), for example policy names, application names, and SAML v2.0 entities. These slash characters can cause unexpected behavior and failures in Amster when importing into Access Management instances running on Apache Tomcat.

To workaround this issue, configure Apache Tomcat to allow encoded slash characters by updating the CATALINA_OPTS environment variable. For example:

On Unix/Linux systems:
```
$ export CATALINA_OPTS= \
  "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"
$ startup.sh
```
On Windows systems:
```
C:\> set CATALINA_OPTS= ^
  "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"
C:\> startup.bat
```
It is strongly recommended that you do not enable org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH when running AM in production as it introduces a security risk on Apache Tomcat.

For more information, refer to How do I safely enable the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH setting in AM/OpenAM (All Versions)? in the ForgeRock Knowledge Base.

[INFO] messages showing on SuSE on Amster start up

Running Amster on SuSE may produce [INFO] messages, for example:

# ./amster
[INFO] Unable to bind key for unsupported operation: up-history
[INFO] Unable to bind key for unsupported operation: down-history
[INFO] Unable to bind key for unsupported operation: up-history
[INFO] Unable to bind key for unsupported operation: down-history
OpenAM Shell (version build build, JVM: version)
Type ':help' or ':h' for help.
-----------------------------------------------------
am>

These messages are caused by the keyboard mappings configured in the /etc/inputrc file and can safely be ignored, as they do not affect functionality.

Known issues

Amster 7.3.1

OPENAM-21352: Amster read AuthTree doesn’t return nodes within a page node
OPENAM-21278: Amster doesn’t use console or accept piped input in interactive mode
OPENAM-21180: Amster should set file encoding to UTF-8 internally
OPENAM-21151: Amster command cannot operate on HostedSaml2EntityProvider
OPENAM-21137: Performing Amster import with --clean in FBC with external Data Store service fails with error
OPENAM-21125: Installing AM using Tomcat under local system account fails with Amster RSA file issue
OPENAM-19998: Performing an Amster export on AM running in FBC mode generates new configuration which breaks the FBC upgrader