ForgeRock has tested this web policy agent release with the following web browsers.

• Chrome release 16 and later

• Firefox 3.6 and later

• Internet Explorer 7 and later

Web policy agents support the following web servers.

• Apache HTTP Server 2.0, 2.2, 2.4

• Microsoft IIS 6, 7

• Oracle iPlanet Web Server 7.0 (also known as Sun Web Server)

  In this release, this web policy agent is not at feature parity with the other web policy agents and is lacking some fixes. In particular, this policy agent has the following known issues.

  • OPENAM-2180: Missing bootstrap file in WPA for SJSWS 7 should indicate this in error message

  • OPENAM-2178: SJSWS 7 agent debug log size parameter does not behave correctly for values below 3000

  • OPENAM-2177: SJSWS does not handle PDP cache expiration correctly

  • OPENAM-1889: Wrong password in combination with naming service failover causes internal error on OpenAM

  • OPENAM-1701: Internal exception is thrown upon login to WPA when c66encode is set to false

  • OPENAM-1523: Policy Agent fails to locate OpenAM server cookie value

  This web policy agent has been tested only on 64-bit versions of Solaris.

• Sun Proxy Server 4.0 (deprecated)

• IIS web policy agents no longer rely on the Windows registry to determine where to find configuration settings. Instead, IIS agents determine the relative location of their configuration properties files based on the location of the web policy agent DLL, and on the Site ID set by IIS at runtime.

  The cleanest upgrade path is to uninstall the previous version of the IIS agent, and then install the new version of the IIS agent.

• Naming URL validation was introduced after release 3.0.4. The initial implementation of naming URL validation for web policy agents enabled validation by default. Naming URL validation is now fully disabled by default. You can adjust this setting by using the bootstrap configuration property, com.forgerock.agents.ext.url.validation.disable.

• Web policy agent support for Sun Proxy Server is deprecated. Support for Sun Proxy Server is likely to be removed in a future release.

• OPENAM-2182: Apache PA will crash when Post Data Preservation is enabled and POST data is empty

• OPENAM-2125: IIS7 policy agent might crash reading POST data

• OPENAM-1838: IIS7 policy agent might crash when HOST header is not available

• OPENAM-1673: IIS6 policy agent crash on IIS application pool restart

• OPENAM-1568: Apache Policy Agent on Windows crash inside NSS/NSPR cleanup

• OPENAM-1541: Policy Agents need to be consistent in HTTP response codes when post data preservation cache entry is expired (or not available)

• OPENAM-1523: Policy Agent fails to locate OpenAM server cookie value

• OPENAM-1510: Policy Agent may crash with remote audit log enabled

• OPENAM-1448: IIS6 policy agent returns http 415 error when used with SOAP web-services and custom headers

• OPENAM-1344: Wrong library being loaded by Apache 2.4 policy agent

• OPENAM-1339: Empty audit log message for Windows policy agents

• OPENAM-1271: webagent namingUrl validation fails if datastore auth module is not configured within auth-chain of agent realm

• OPENAM-1264: OpenAM Web Agent crashes while cleaning Agent Config

• OPENAM-1208: IIS6 policy agent stuck in a loop on a session refresh advice

• OPENAM-1190: IIS6 policy agent erroneously overwrites http headers

• OPENAM-1178: IIS6 policy agent does not set proper status code on 403/500 responses in IIS6 log

• OPENAM-1176: memory leaks in libamsdk

• OPENAM-1166: IIS6 policy agent does not set Content-Type on redirect

• OPENAM-1159: IIS7 policy agent crash on unresolvable naming service hostname

• OPENAM-1118: Policy agent on Linux core dumps on disabled or invalid notifications

• OPENAM-1099: IIS7 policy agent crash on empty LARES response

• OPENAM-1015: "Invalid pointer" in agent's cleanup_properties()

• OPENAM-1011: IIS7 agent unneeded logging fills up agent log file

• OPENAM-845: Semicolon (;) appended to HTTP_HEADER values in IIS7 agent after implementing fix for OPENAM-437

• OPENAM-693: PA should not SIGSEGV if the agent configuration is invalid

• OPENAM-690: Unprotected IIS Websites Stopped Working

• OPENAM-672: IIS crashes with WebAgent

• OPENAM-617: Invalid properties in the agent profile causes the PA to SIGSEGV

• OPENAM-2135: IIS and SJSWS policy agents should not require Host header as per HTTP/1.0 specification

• OPENAM-1927: Silent Installation does not work for Apache2.4/Suse11

• OPENAM-1521: Cookie Hijacking Prevention does not work properly under FireFox

• OPENAM-1520: Apache 2.2 WPA 3.0.4.5 causes Apache to hang

• OPENAM-1503: Cookies configured in OpenAM not reset after logout

• OPENAM-1472: Cookie not reset at logout

• OPENAM-889: Agent should recover if the admin session gets invalid

• OPENAM-834: logout url functionality not working as expected

• OPENAM-404: Policy agent should remove duplicate response headers

• OPENAM-329: Apache 2.2 stop responding when debug log rotation is enabled in Policy Agent

• OPENAM-308: IIS6 Policy Web Agent doesn't support multiple sites correctly

ForgeRock has tested this policy agent release with the following web browsers.

• Chrome release 16 and later

• Firefox 3.6 and later

• Internet Explorer 7 and later

Java EE policy agents support the following Java EE application containers.

• Apache Tomcat 6, 7

• GlassFish v2, v3

• IBM WebSphere Application Server 7, 8, 8.5

• JBoss Enterprise Application Platform 5

• Jetty 7

• Oracle WebLogic Server 10g or later

• OPENAM-1775: Java EE agent should not encapsulate exceptions coming out of applications

• OPENAM-1357: WebSphere Policy Agent authentication issue for syncNode script when OpenAM authentication chain updated to not use Datastore as first module.

• OPENAM-1220: Invalid date header -1 with Java agents

• OPENAM-665: Uninstallation of agent on Glassfish 3 does cleanly reset security-service element correctly.

• OPENAM-390: Hot-deployment fails for J2EE Agents

• OPENAM-276: Agent logout throws 403 after logout if cookie encoding is enabled

• OPENAM-212: RemoteUser still setted after logout when accessing not enforced URL

• OPENAM-2188: J2EE agent doesn't work with WebSphere 6.1 32-bit

• OPENAM-1991: Tomcat doesn't shutdown properly with J2EE agent for the tomcat.

• OPENAM-1849: J2EE profile attribute mapper cannot handle identities with special chars in universal ID

• OPENAM-1206: J2EE agent silent install isn't silent

• OPENAM-1106: Null messages in the error log

• OPENAM-868: J2EE Agent strips off servlet context when processing request for JSF application (Apache Trinidad)

• OPENAM-605: Tomcat J2ee Agent initialization fails on Windows 2003

• OPENAM-211: J2EE agents are unable to work, if the container was started prior to OpenAM