Notes covering prerequisites, fixes, known issues for OpenAM Java EE policy agents. OpenAM provides open source Authentication, Authorization, Entitlement and Federation software.

Chapter 1. What's New

Before you install OpenAM Java EE Policy Agents or update your existing installation, read these release notes. Then update or install OpenAM Java EE Policy Agents.

1.1. Major New Features in 3.5.1

OpenAM Java EE Policy Agents 3.5.1 is a maintenance release that includes a number of fixes. See Section 4.1.1, "Key Fixes in 3.5.1".

1.2. Major New Features in 3.5.0

OpenAM Java EE Policy Agents 3.5.0 is a major release that introduces new features and functional enhancements.

This release introduces the following product enhancements:

  • Java 8 Support. Java EE policy agents now fully support Java 8 environments.

  • Redhat Support. Java EE policy agents can now be installed on Redhat Linux servers. (OPENAM-2801).

  • Reintroduce installing agent.war during Tomcat agent installation. The manual step to add the agentapp.war file is no longer required as the Java agent installers now automatically install the .war file (OPENAM-4514).

  • Tomcat 8 Support. The Apache Tomcat policy agent now supports Tomcat 8 (OPENAM-5407).

Chapter 2. Before You Install

This section covers software and hardware prerequisites for installing and running OpenAM Java EE Policy Agents.

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

2.1. Java Requirements

Java EE policy agents run in a Java EE Web container, and require a Java Development Kit.

ForgeRock supports customers using the following Java versions. ForgeRock recommends the most recent Java update, with the latest security fixes.

Table 2.1. Supported Java Development Kit Versions
VendorVersion
Oracle Java6, 7, 8
IBM Java (WebSphere only)7

2.2. Browser Requirements

The following table summarizes browser support.

Table 2.2. Supported Platforms & Browsers
Client PlatformChrome 16 or laterInternet Explorer 9 or laterFirefox 3.6 or laterSafari 5 or later
iOS 7 or laterSupported Supported
Mac OS X 10.8 or laterSupported SupportedSupported
Android 4.3 or laterSupported
Windows 7 or laterSupportedSupportedSupportedSupported
Ubuntu Linux 13.04 LTS or laterSupported Supported

2.3. Native Application Platform Requirements

ForgeRock supports customers' use of OpenAM REST and other client APIs in native applications on the following platforms.

  • Apple iOS 7 or later

  • Apple Mac OS X 10.8 or later

  • Google Android 4.3 or later

  • Microsoft Windows 7 or later

  • Ubuntu Linux 12.04 LTS or later

Other combinations might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on one of these platforms.

2.4. Java EE Agents Platform Requirements

The following table summarizes platform support.

Table 2.3. Supported Operating Systems & Web Application Containers
Operating Systems (OS)OS VersionsWeb Application Containers & Versions
CentOS
Red Hat Enterprise Linux
Oracle Linux
5, 6, 7
Apache Tomcat 6, 7, 8
IBM WebSphere Application Server 8, 8.5
JBoss Enterprise Application Platform 6
JBoss Application Server 7
Jetty 8 (at least 8.1.13)
Oracle WebLogic Server 11g, 12c
Microsoft Windows Server
2008, 2008 R2, 2012, 2012 R2
Apache Tomcat 6, 7, 8
Oracle Solaris x64
Oracle Solaris SPARC
10, 11
Apache Tomcat 6, 7, 8
Oracle WebLogic Server 11g, 12c
Ubuntu Linux
12.04 LTS, 14.04 LTS
Apache Tomcat 6, 7, 8
IBM WebSphere Application Server 8, 8.5
JBoss Enterprise Application Platform 6
JBoss Application Server 7
Jetty 8 (at least 8.1.13)
Oracle WebLogic Server 11g, 12c

2.5. Special Requests

If you have a special request regarding support for a combination not listed here, contact ForgeRock at info@forgerock.com.

Chapter 3. Changes and Deprecated Functionality

This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.

3.1. Important Changes to Existing Functionality

The default policy evaluation mode for new policy agent profiles is now self rather than subtree, in order to better scale for large numbers of policy rules.

Upgrade does not change existing policy agent profile configurations, however. If you want to adopt the new default setting for existing policy agents, you must change the setting manually.

To do so for Java EE policy agents, set com.sun.identity.policy.client.cacheMode=self.

3.2. Deprecated Functionality

Support for Oracle WebLogic 10g is deprecated and is likely to be removed in a future release.

Support for the following containers is deprecated:

  • IBM WebSphere Application Server 7

  • Jetty 7

  • Oracle WebLogic Server 10g

  • GlassFish 2 & 3

3.3. Removed Functionality

No functionality has been removed in this release.

Chapter 4. Fixes, Limitations, and Known Issues

OpenAM Java EE policy agent issues are tracked at https://bugster.forgerock.org/jira/browse/OPENAM.

4.1. Key Fixes

The following issues were fixed in release 3.5.1. For details, see the OpenAM issue tracker.

4.1.1. Key Fixes in 3.5.1

The following important issues were fixed in this release:

  • OPENAM-8523: J2EE Agent does not pickup "DN Restriction Only Enabled" from OpenAM configuration

  • OPENAM-5835: Redirect loop between OpenAM and J2EE Agent in case of invalid admin token

4.1.2. Key Fixes in 3.5.0

The following important issues were fixed in this release:

  • OPENAM-2726: Installer must not offer option to apply agent filter in global web.xml for Apache Tomcat Version 7

  • OPENAM-2732: Agent responds with HTTP 500 when not enforced ip is set to 127.0.0.1

  • OPENAM-2747: JEE Policy Agent Installer fails on all version of VMware tc Server except 2.7.1

  • OPENAM-2752: agentapp from JBoss 7 agent loses its MANIFEST file upon installation

  • OPENAM-2782: Bootstrap and Configuration files refer to incorrect PA version

  • OPENAM-2801: Tomcat agent fails to install on Redhat

  • OPENAM-3209: Tomcat 6 agent custom-install does not modify global web.xml

  • OPENAM-3228: Configuration for FQDN checking required even when FQDN checking is disabled

  • OPENAM-3255: J2EE Agent cannot handle doublequote in POSTed value in PDP

  • OPENAM-3492: Clean up the JavaEE Agent Maven build process to improve the handling of dependencies and their versions

  • OPENAM-3650: JPA removes a trailing '?' from a resource URL being evaluated

  • OPENAM-3817: com.sun.identity.agents.common.URLFailoverHelper is missing 'toString()' method

  • OPENAM-4084: JBoss agent fails to install on AS 7.0.0.Final due to incorrect module namespace version

  • OPENAM-4416: AgentException's details thrown during AmFilter.initialize are not logged in enough detail to help with diagnosis.

  • OPENAM-4451: Java EE agents can't be compiled using Maven 3.1.0+

  • OPENAM-4514: Reintroduce installing agentapp.war during Tomcat agent installation

  • OPENAM-5407: Provide Java Policy Agent support for Tomcat 8

4.2. Limitations

No particular limitations are identified for this release.

4.3. Known Issues

The following important known issues remained open at the time release 3.5.1 became available. For details and information on other issues, see the OpenAM issue tracker.

4.3.1. Known Issues in 3.5.1

The following important issues remained open when OpenAM Java EE Policy Agents 3.5.1 became available:

  • OPENAM-4964: after logout from invalid session the application goes into a loop

  • OPENAM-5503: Jetty_v7 j2ee agent is not compatible with jetty 9+

  • OPENAM-5532: J2ee agent archive name and agentadmin output contains outdated information

  • OPENAM-6477: request for Agent log retention configuration

  • OPENAM-6540: WebSphere J2EE Agent unable to use sub-realm with standalone custom registry - com.sun.identity.agents.websphere.AmAgentUserRegistry

  • OPENAM-7081: J2EE agent does not answer anymore after 1 sec of load due to high cache contention

  • OPENAM-7259: The Sample App shipped with the Java Agent should include logout link examples

  • OPENAM-7314: J2EE_POLICY mode doesn't operate consistent with the J2EE spec.

  • OPENAM-8341: J2EE uninstall needs more detailed error reporting if invalid xml is found in tomcat configuration

  • OPENAM-8551: J2EE Agent logs 'The user does not have permission to perform the operation' errors during bootstrap

4.3.2. Known Issues in 3.5.0

The following important issues remained open when OpenAM Java EE Policy Agents 3.5.0 became available:

  • OPENAM-211: J2EE agents are unable to work, if the container was started prior to OpenAM

  • OPENAM-1279: Policy Agent fail-over error when the first naming service host is unavailable

  • OPENAM-3294: Agents should not probe the loginURL / logoutURL before redirecting by default

  • OPENAM-4849: FormLoginTaskHandler is only called if URI listed as 'Form Login URI' is a protected resource

  • OPENAM-5358: Support is missing for installing JBoss Policy Agent against a specific profile when there are multiple defined.

  • OPENAM-5448: CompositeAdviceForm.txt does not allow advice submission when javascript is disabled

Chapter 5. Documentation Updates

The following table tracks changes to the documentation set following the release of OpenAM Java EE Policy Agents 3.5:

Table 5.1. Documentation Change Log
DateDescription
2017-11-20Clarified what to expect when the agent runs in J2EE_POLICY mode. For more information, see Section 2.1, "Java EE Agent Filter Modes of Operation" in the User's Guide.
2017-08-04Added writeup about declarative security. For more information, see Section 3.9, "Configuring Container Declarative Security" in the User's Guide.
2016-04-25

Maintenance release of OpenAM Java EE Policy Agents 3.5.1.

  • Merged the OpenAM Java EE Policy Agent Reference content into the User's Guide.

  • Added the reference documentation for the agentadmin(1) in the User's Guide command, taken from the OpenAM documentation.

2015-02-25

Initial release of OpenAM Java EE Policy Agents 3.5.0.


Chapter 6. Support

You can purchase OpenAM support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to info@forgerock.com. To find a partner in your area, see http://forgerock.com/partners/find-a-partner/.

Chapter 7. How to Report Problems and Provide Feedback

If you have questions regarding OpenAM policy agents which are not answered by the documentation, there is a mailing list which can be found at https://lists.forgerock.org/mailman/listinfo/openam where you are likely to find an answer.

If you have found issues or reproducible bugs within OpenAM policy agents, report them in https://bugster.forgerock.org.

When requesting help with a problem, include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation

  • Description of the environment, including the following information:

    • Machine type

    • Operating system and version

    • Web server or container and version

    • Java version

    • OpenAM policy agent and version

    • Any patches or other software that might be affecting the problem

  • Steps to reproduce the problem

  • Any relevant access and error logs, stack traces, or core dumps

Read a different version of :