Fixes, Limitations, and Known Issues
Key Fixes
This section covers the status of key issues and limitations at release.
OPENAM-17020: Amster import fails after removing identity store and setting User Profile to ignore
OPENAM-17072: eval(String) function in amster shell results in MissingMethodException
OPENAM-16591: Amster version information is @build.number@
OPENAM-11160: Amster does not work on non-https fqdn when secure cookie is set.
OPENAM-10958: Amster cannot import configuration with containing sub realms with --clean if the instance already contains sub realms
OPENAM-11159: OpenAM Amster export/import for Site have import errors
OPENAM-11783: amupgrade requires the output directory to exist
OPENAM-13896: Comparison method violates its general contract! seen during amster import
OPENAM-14049: Amster export failure
OPENAM-14172: Amster Export - Persistent cookie Keystore Mapping inconsistency after upgrade to 6.5.0
OPENAM-14222: Amster fails exporting Secret Store Mappings in sub-realms
OPENAM-14265: Amster Import with --clean doesn't delete the secrets store and mappings
OPENAM-14818: Amster clean import removes current server when AM is deployed to root context
OPENAM-15510: Generic amster error message "No Base Entity dc=config,dc=forgerock,dc=com found" needs to detail the actual ldap error - during install-openam
OPENAM-15574: Amster Import - updating com.iplanet.am.lbcookie.value to a different value to server ID
OPENAM-15687: Session endpoint is searching for a long value in CTS that is stored as a string
Limitations
The following limitations and workarounds apply to this release:
No Support for Load Balanced Deployments
Amster cannot connect to a load balancer URL. You must connect Amster directly to a single AM instance. Using a load balancer could send sequential commands to different AM instances, and could result in concurrency issues when writing to the underlying configuration store.
Importing Resources Containing Slash Characters Can Fail
Some Access Management resources have names that can contain slash characters (/), for example policy names, application names, and SAML v2.0 entities. These slash characters can cause unexpected behavior and failures in Amster when importing into Access Management instances running on Apache Tomcat.
To workaround this issue, configure Apache Tomcat to allow encoded slash characters by updating the
CATALINA_OPTSenvironment variable. For example:On Unix/Linux systems:
$
export CATALINA_OPTS= \ "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"$startup.shOn Windows systems:
C:\>
set CATALINA_OPTS= ^ "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"C:\>startup.batWarning
It is strongly recommended that you do not enable
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASHwhen running AM in production as it introduces a security risk on Apache Tomcat.For more information, see How do I safely enable the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH setting in AM/OpenAM (All Versions)? in the ForgeRock Knowledge Base.
[INFO] Messages Showing On SuSE On Amster Start Up
Running Amster on SuSE may produce
[INFO]messages, for example:# ./amster
[INFO] Unable to bind key for unsupported operation: up-history [INFO] Unable to bind key for unsupported operation: down-history [INFO] Unable to bind key for unsupported operation: up-history [INFO] Unable to bind key for unsupported operation: down-history OpenAM Shell (7.0.2 build c9ca9450a9, JVM: 1.8.0_65) Type ':help' or ':h' for help. ----------------------------------------------------- am>These messages are caused by the keyboard mappings configured in the
/etc/inputrcfile and can safely be ignored, as they do not affect functionality.
Known Issues
No issues remained open when Amster 7.0.2 became available, other than those identified in Amster 7.
No issues remained open when Amster 7.0.1 became available, other than those identified in Amster 7.
OPENAM-14526: Non SAML metadata schema-compliant SP EntityDescriptors can be imported.