Notes covering OpenIG prerequisites, fixes, known issues. OpenIG provides a high-performance reverse proxy server with specialized session management and credential replay functionality.

Chapter 1. What's New in OpenIG

OpenIG 2.1.0 is a patch release. It does not introduce new features.

Chapter 2. Before You Install

This chapter covers software and hardware prerequisites for installing and running OpenIG software. If you have a special request to support a component or combination not listed here, contact ForgeRock at info@forgerock.com.

2.1. Which OpenIG to Use

There are two versions of the Open Identity Gateway, OpenIG and OpenIG (Federation). The OpenIG Federation consists of OpenIG plus additional Federation libraries. Unless you require Federation capabilities, use core OpenIG.

2.2. JDK Version

Download and install Sun Java SE JDK 6 Update 21 or later. At this time these are the only versions of any JDK supported with OpenIG.

2.3. Web Application Container

See the chapter on Configuring Deployment Containers in the Gateway Guide in the Guide to OpenIG for details on setting up your web application container.

Chapter 3. Changes & Deprecated Functionality

This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.

3.1. Major Changes to Existing Functionality

If you are running older versions of the Gateway you must modify your config.json.

"type" entries no longer require the full Java package name. The config.json should no longer contain any Java package names. For example, change lines such as the following:

"type" : "com.apexidentity.filter.Chain"

When you remove the full Java package name, the resulting line is as follows.

"type" : "Chain"

The "operationType" field in the "CryptoHeaderFilter" has been changed to "operation"

3.2. Deprecated Functionality

No functionality is deprecated in this release.

3.3. Removed Functionality

No functionality has been removed from this release.

Chapter 4. Fixes, Limitations, & Known Issues

OpenIG issues are tracked at https://bugster.forgerock.org/jira/browse/OPENIG. This chapter covers the status of key issues and limitations at release 2.1.0.

4.1. Fixes

The following issues were fixed in release 2.1.0.

  • OPENIG-7: Configuration option to set the user's sessionIndex from the IDP in the OpenIG session

  • OPENIG-6: Missing relativePath in saas/pbworks module

4.2. Limitations

OpenIG Federation Gateway does not run on Glassfish V3 due to conflicts with the Metro libraries.

4.3. Known Issues

The following known issues remained open at the time release 2.1.0 became available.

  • OPENIG-1: Federation Gateway 2.0.0 HTTPS file upload fails

  • OPENIG-4: boundary stripped off of multipart/form-data on POST operation

  • OPENIG-8: OpenIG gateway removes Content-Length: 0

  • OPENIG-9: There is no way to set the user's authnLevel and authNContext from the assertion in the OpenIG session

  • OPENIG-10: No support for SP initiated single logout

Chapter 5. How to Report Problems & Provide Feedback

If you have found issues or reproducible bugs within OpenIG, report them in https://bugster.forgerock.org/jira/projects/OPENIG.

When requesting help with a problem, include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation

  • Machine type, operating system version, web container and version, Java version, and OpenIG release version, including any patches or other software that might be affecting the problem

  • Steps to reproduce the problem

  • Any relevant access and error logs, stack traces, or core dumps

Chapter 6. Support

You can purchase OpenIG support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to info@forgerock.com. To find a partner in your area, see http://www.forgerock.com/partners.html.

Read a different version of :