Notes covering prerequisites, fixes, known issues for OpenAM Java EE policy agents. OpenAM provides open source Authentication, Authorization, Entitlement and Federation software.
Chapter 1. What's New
Before you install OpenAM Java EE Policy Agents or update your existing installation, read these release notes. Then update or install OpenAM Java EE Policy Agents.
1.1. Major New Features in 3.5.1
OpenAM Java EE Policy Agents 3.5.1 is a maintenance release that includes a number of fixes. See Section 4.1.1, "Key Fixes in 3.5.1".
1.2. Major New Features in 3.5.0
OpenAM Java EE Policy Agents 3.5.0 is a major release that introduces new features and functional enhancements.
This release introduces the following product enhancements:
Java 8 Support. Java EE policy agents now fully support Java 8 environments.
Redhat Support. Java EE policy agents can now be installed on Redhat Linux servers. (OPENAM-2801).
Reintroduce installing agent.war during Tomcat agent installation. The manual step to add the
agentapp.warfile is no longer required as the Java agent installers now automatically install the
Tomcat 8 Support. The Apache Tomcat policy agent now supports Tomcat 8 (OPENAM-5407).
Chapter 2. Before You Install
This section covers software and hardware prerequisites for installing and running OpenAM Java EE Policy Agents.
ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.
2.1. Java Requirements
Java EE policy agents run in a Java EE Web container, and require a Java Development Kit.
ForgeRock supports customers using the following Java versions. ForgeRock recommends the most recent Java update, with the latest security fixes.
|Oracle Java||6, 7, 8|
|IBM Java (WebSphere only)||7|
2.2. Browser Requirements
The following table summarizes browser support.
|Client Platform||Chrome 16 or later||Internet Explorer 9 or later||Firefox 3.6 or later||Safari 5 or later|
|iOS 7 or later||Supported||Supported|
|Mac OS X 10.8 or later||Supported||Supported||Supported|
|Android 4.3 or later||Supported|
|Windows 7 or later||Supported||Supported||Supported||Supported|
|Ubuntu Linux 13.04 LTS or later||Supported||Supported|
2.3. Native Application Platform Requirements
ForgeRock supports customers' use of OpenAM REST and other client APIs in native applications on the following platforms.
Apple iOS 7 or later
Apple Mac OS X 10.8 or later
Google Android 4.3 or later
Microsoft Windows 7 or later
Ubuntu Linux 12.04 LTS or later
Other combinations might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on one of these platforms.
2.4. Java EE Agents Platform Requirements
The following table summarizes platform support.
|Operating Systems (OS)||OS Versions||Web Application Containers & Versions|
2.5. Special Requests
If you have a special request regarding support for a combination not listed here, contact ForgeRock at email@example.com.
Chapter 3. Changes and Deprecated Functionality
This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.
3.1. Important Changes to Existing Functionality
The default policy evaluation mode for new policy agent profiles is now self rather than subtree, in order to better scale for large numbers of policy rules.
Upgrade does not change existing policy agent profile configurations, however. If you want to adopt the new default setting for existing policy agents, you must change the setting manually.
To do so for Java EE policy agents, set
3.2. Deprecated Functionality
Support for Oracle WebLogic 10g is deprecated and is likely to be removed in a future release.
Support for the following containers is deprecated:
IBM WebSphere Application Server 7
Oracle WebLogic Server 10g
GlassFish 2 & 3
3.3. Removed Functionality
No functionality has been removed in this release.
Chapter 4. Fixes, Limitations, and Known Issues
OpenAM Java EE policy agent issues are tracked at https://bugster.forgerock.org/jira/browse/OPENAM.
4.1. Key Fixes
The following issues were fixed in release 3.5.1. For details, see the OpenAM issue tracker.
4.1.1. Key Fixes in 3.5.1
The following important issues were fixed in this release:
4.1.2. Key Fixes in 3.5.0
The following important issues were fixed in this release:
OPENAM-2726: Installer must not offer option to apply agent filter in global web.xml for Apache Tomcat Version 7
OPENAM-2732: Agent responds with HTTP 500 when not enforced ip is set to 127.0.0.1
OPENAM-2747: JEE Policy Agent Installer fails on all version of VMware tc Server except 2.7.1
OPENAM-2752: agentapp from JBoss 7 agent loses its MANIFEST file upon installation
OPENAM-2782: Bootstrap and Configuration files refer to incorrect PA version
OPENAM-2801: Tomcat agent fails to install on Redhat
OPENAM-3209: Tomcat 6 agent custom-install does not modify global web.xml
OPENAM-3228: Configuration for FQDN checking required even when FQDN checking is disabled
OPENAM-3255: J2EE Agent cannot handle doublequote in POSTed value in PDP
OPENAM-3492: Clean up the JavaEE Agent Maven build process to improve the handling of dependencies and their versions
OPENAM-3650: JPA removes a trailing '?' from a resource URL being evaluated
OPENAM-3817: com.sun.identity.agents.common.URLFailoverHelper is missing 'toString()' method
OPENAM-4084: JBoss agent fails to install on AS 7.0.0.Final due to incorrect module namespace version
OPENAM-4416: AgentException's details thrown during AmFilter.initialize are not logged in enough detail to help with diagnosis.
OPENAM-4451: Java EE agents can't be compiled using Maven 3.1.0+
OPENAM-4514: Reintroduce installing agentapp.war during Tomcat agent installation
OPENAM-5407: Provide Java Policy Agent support for Tomcat 8
No particular limitations are identified for this release.
4.3. Known Issues
The following important known issues remained open at the time release 3.5.1 became available. For details and information on other issues, see the OpenAM issue tracker.
4.3.1. Known Issues in 3.5.1
The following important issues remained open when OpenAM Java EE Policy Agents 3.5.1 became available:
OPENAM-4964: after logout from invalid session the application goes into a loop
OPENAM-5503: Jetty_v7 j2ee agent is not compatible with jetty 9+
OPENAM-5532: J2ee agent archive name and agentadmin output contains outdated information
OPENAM-6477: request for Agent log retention configuration
OPENAM-6540: WebSphere J2EE Agent unable to use sub-realm with standalone custom registry - com.sun.identity.agents.websphere.AmAgentUserRegistry
OPENAM-7081: J2EE agent does not answer anymore after 1 sec of load due to high cache contention
OPENAM-7259: The Sample App shipped with the Java Agent should include logout link examples
OPENAM-7314: J2EE_POLICY mode doesn't operate consistent with the J2EE spec.
OPENAM-8341: J2EE uninstall needs more detailed error reporting if invalid xml is found in tomcat configuration
OPENAM-8551: J2EE Agent logs 'The user does not have permission to perform the operation' errors during bootstrap
4.3.2. Known Issues in 3.5.0
The following important issues remained open when OpenAM Java EE Policy Agents 3.5.0 became available:
OPENAM-211: J2EE agents are unable to work, if the container was started prior to OpenAM
OPENAM-1279: Policy Agent fail-over error when the first naming service host is unavailable
OPENAM-3294: Agents should not probe the loginURL / logoutURL before redirecting by default
OPENAM-4849: FormLoginTaskHandler is only called if URI listed as 'Form Login URI' is a protected resource
OPENAM-5358: Support is missing for installing JBoss Policy Agent against a specific profile when there are multiple defined.
Chapter 5. Documentation Updates
The following table tracks changes to the documentation set following the release of OpenAM Java EE Policy Agents 3.5:
|2017-11-20||Clarified what to expect when the agent runs in
|2017-08-04||Added writeup about declarative security. For more information, see Section 3.9, "Configuring Container Declarative Security" in the User's Guide.|
Maintenance release of OpenAM Java EE Policy Agents 3.5.1.
Initial release of OpenAM Java EE Policy Agents 3.5.0.
Chapter 6. Support
You can purchase OpenAM support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to firstname.lastname@example.org. To find a partner in your area, see http://forgerock.com/partners/find-a-partner/.
Chapter 7. How to Report Problems and Provide Feedback
If you have questions regarding OpenAM policy agents which are not answered by the documentation, there is a mailing list which can be found at https://lists.forgerock.org/mailman/listinfo/openam where you are likely to find an answer.
If you have found issues or reproducible bugs within OpenAM policy agents, report them in https://bugster.forgerock.org.
When requesting help with a problem, include the following information:
Description of the problem, including when the problem occurs and its impact on your operation
Description of the environment, including the following information:
Operating system and version
Web server or container and version
OpenAM policy agent and version
Any patches or other software that might be affecting the problem
Steps to reproduce the problem
Any relevant access and error logs, stack traces, or core dumps