Changes to Existing Functionality

No changes have been made to existing functionality in Amster 7.0.2.

No changes have been made to existing functionality in Amster 7.0.1.

Installing Sites with Embedded DS Is Not Supported

The embedded DS server is not supported for production in AM 7.

As part of this change, the embedded DS does not support replication, and cannot be configured as part of a site. The relevant replication options for Amster have been removed.

if you have a site configured with embedded DS, you must migrate it to an external DS store before upgrading to AM 7.

See the KB article How do I migrate from an embedded to external DS/OpenDJ in AM/OpenAM (All versions)?.

Private Key Connections Not Restricted to the Loopback Network

During the configuration of the Amster authentication module, AM appends the contents of the /path/to/openam/security/keys/amster/amster_rsa.pub file to the /path/to/openam/security/keys/amster/authorized_keys file to ensure Amster can communicate with AM using private keys.

Earlier versions of Access Management restricted the communication between AM and Amster to the loopback network (127.0.0.1/24) by including the from="127.0.0.0/24,::1" parameter in front of the SSH-RSA key of the Amster client. This caused Amster connections to fail unless AM was configured in the loopback interface.

AM 7 does not add the from attribute to Amster's SSH-RSA key and, therefore, does not restrict private key connections.

The Value of the com.iplanet.am.lbcookie.value Property Can Be Overridden

By default, Amster configures the value of the com.iplanet.am.lbcookie.value property as the value of the server ID. This could not be changed in earlier versions of Amster.

To override the default during import in Amster 7, prefix the new value with override-server-id: in the configuration files. For example:

"com.iplanet.am.lbcookie.value" : "override-server-id:myLBCookieValue"