Changes to Existing Functionality
This chapter covers critical and important changes to existing functionality.
This section lists changes made to existing functionality in Amster.
No changes have been made to existing functionality in Amster 7.0.2.
No changes have been made to existing functionality in Amster 7.0.1.
Installing Sites with Embedded DS Is Not Supported
The embedded DS server is not supported for production in AM 7.
As part of this change, the embedded DS does not support replication, and cannot be configured as part of a site. The relevant replication options for Amster have been removed.
if you have a site configured with embedded DS, you must migrate it to an external DS store before upgrading to AM 7.
See the KB article How do I migrate from an embedded to external DS/OpenDJ in AM/OpenAM (All versions)?.
Private Key Connections Not Restricted to the Loopback Network
During the configuration of the Amster authentication module, AM appends the contents of the
/path/to/openam/security/keys/amster/amster_rsa.pubfile to the
/path/to/openam/security/keys/amster/authorized_keysfile to ensure Amster can communicate with AM using private keys.
Earlier versions of Access Management restricted the communication between AM and Amster to the loopback network (127.0.0.1/24) by including the
from="127.0.0.0/24,::1"parameter in front of the SSH-RSA key of the Amster client. This caused Amster connections to fail unless AM was configured in the loopback interface.
AM 7 does not add the
fromattribute to Amster's SSH-RSA key and, therefore, does not restrict private key connections.
The Value of the
com.iplanet.am.lbcookie.valueProperty Can Be Overridden
By default, Amster configures the value of the
com.iplanet.am.lbcookie.valueproperty as the value of the server ID. This could not be changed in earlier versions of Amster.
To override the default during import in Amster 7, prefix the new value with
override-server-id:in the configuration files. For example:
"com.iplanet.am.lbcookie.value" : "override-server-id:myLBCookieValue"