Ujwol Shrestha

SSO Policy Server r12.51 Defect Fixes History

Blog Post created by Ujwol Shrestha Employee on Jul 4, 2016

R12.51 CR10

========

Salesforce Case NumberInternal Defect IDIssue Description
00318299DE177275XPSSweeper tool terminates abnormally.
00305791DE138534The exported metadata incorrectly displays SHA1, when SHA256 is selected in Entity or Partnership.
00128842DE104232SmConsole fails to display the correct status of the Policy Server service in Windows.
21726567-01DE71949Administrative UI does not display certificates that contain non-ASCII characters.
00056803DE94666Policy Server experiences high CPU usage.
00453641DE204132Perl CLI fails to fetch authentication scheme for a realm. It occurs when the session is established with Admin privileges of the domain to which the realm belongs to.
00429715DE175174Assertion encryption displays an error on the IDP side if the certificates contain non-ASCII characters in IssuerDN.
00372539DE165552Policy Server terminates abnormally when Application model is used in conjunction with an OnAuthAttempt rule.
00083756DE103841Policy Server terminates abnormally when a connection to the LDAP server is lost.
 00124386DE74014Policy Server for Windows builds incorrect search filters for SharePoint Agent requests.

R12.51 CR08

========

Product: SiteMinder 12.51 CR08 Policy Server

March 2,2016          Policy Server 12.51 CR08 contains fixes for the following tracking numbers:

Tracking #            Problem description

----------            -------------------

DE67107      Policy Server crashes on the IM tunnel agent call.

DE68852      Policy Server partially reloads the cache when an Agent connects to the Policy Server with an incorrect shared secret.

DE73006/DE103002      Policy Server allows the log in of a locked out user when the Enhanced AD integration is  enabled.

DE74053      The SM access log file fails to display fields in the first line.

DE75247      APS ignores the data specified in the curly braces  {} for the Lockout Mail.

DE87088      Administrative UI does not display certificates with non ASCII characters.

DE91647      Duplicate ICU shared library files are present in the ICU third-party folder.

DE95386      Policy Server fails to retrieve the value for special Attributes such as DominoAccessGroups.

DE103154    Policy Server crashes during LDAP failover.

DE106181    Policy Server terminates abruptly when policy store connection is lost.

DE108024    Backreference regular expression fails with SiteMinder password policy.

 

R12.51 CR07

========

Product: SiteMinder 12.51 CR07 Policy Server

September 30, 2015    Policy Server 12.51 CR07 contains fixes for the following tracking numbers:

Tracking #            Problem description

----------            -------------------

161180          The SMUSRMSG cookie allows phishing for valid usernames with Novell eDirectory as a user store.

140418          Policy Server is overloaded and requires a restart

159571          Modification of few user attributes using the DMS API results in the modification of all the user attributes.

150914          If a policy is associated with rule and rule groups, retrieval of rules from the rule groups fails.

150154          When the key store is separate and multiple requests come from web agents to Policy Server, some agents fail to get agent keys with the following error message in the smps log:

"Policy store failed operation 'MultipleSearch' for object type 'AgentKey'"

151430          FSS UI session times out as an admin logs in.

163053          CAPKI is upgraded to CAPKI 4.3.8 release.

120472          Policy Server terminates abnormally and does not recover when LDAP Directory Server hangs due to network connectivity issues.

153351          The XPS parameter $AgentConnectionMaxLifetime is  read continuously even though the dynamic flag is  set to false.

147368          Policy Server fails to send an active response value when the authorization API returns empty sing.

164641          Policy Server crashes repeatedly due to an incorrect log message format.

138503          Policy Server terminates abnormally while rebuilding secondary caches.

151478          Policy Server installer displays the following incorrect non-fatal error in the install logs on Linux whenever the libidn library is missing: "There are consecutive spaces found in the installation home directory. Ensure that the         installation home directory does not contain consecutive spaces."

54881            The User Directory Attribute mapping fails when the response attribute type is WebAgent-HTTP-Open-Format-Cookie.

161360          Rerunning XPSDDInstall on LDAP stores to restore the Data Dictionary fails with the  Duplicate entry detected error when the dictionary object entries are present in the xpsXIDKey table but the objects are missing from the xpsObjects table.

 

R12.51 CR06

========

Product: SiteMinder 12.51 CR06 Policy Server

May 22, 2015    Policy Server 12.51 CR06 contains fixes for the following tracking numbers:

Tracking #      Problem description

----------      -------------------

55861           Policy Server displays Bulk loading of records is not supported by driver error when you import SiteMinder audit data into SQL database.

75049           Policy Server displays CERTREVOKED error in place of CRLEXPIRED for an expired CRL.

138673         Password Dictionary check fails when you reset the password while having the restrictions in password  policies.

147270         The publish command for Policy Server displays a file error to the smps log on UNIX platform.

119485         OneView Monitor displays 404 error in logs when the images of OneView Monitor do not exist in the  /sitemindermonitor/images/buttons/ location.

144183         Smreghost prompts for password if you do not provide -p option when the command is valid.

137784         Policy Server terminates intermittently because of missing null check.

98943           Policy Server terminates abruptly when the user name of  the directory contains special characters especially a  percent symbol (%).

148874         Policy Server fails to connect to the CA Directory through TLS protocol.

153379         Data Direct drivers are upgraded to version 7.1.5 across all the platforms.

74880           Policy Server terminates intermittently because of APSMail.DLL while using the Forgotten Password functionality when the XSHADOW feature is enabled in  the exchange server.

148876         CAPKI is upgraded to CAPKI 4.3.5 release.

74376           Key store gets updated when Global Tools Setting in Policy Server is modified.

145979         Policy Server closes the connection with SAP ERP Agent with 10 second idle timeout. The idle timeout session has been made configurable.

71914           WS Federation transaction fails at Assertion Generator when policy store is temporarily inaccessible.

127391         Federation transaction displays 500 error if the user name contains an apostrophe in the email.

73123           Reuse Count does not work when you reset the password.

134776         Advanced Password Services displays an incorrect error message when a new password is not accepted.

116644         XPSExport utility terminates abruptly when you export workspace Entries.

 

R12.51 CR05

========

 

Product: SiteMinder 12.51 CR05 Policy Server

November 28, 2014    Policy Server 12.51 CR05 contains fixes for the following tracking numbers:

Tracking #      Problem description

----------      -------------------

134641/136917   XPSSweeper fails to migrate the service provider for existing and New IDP-SP Partnerships when you run the XPSSweeper.

129007         Policy Management API fails to send the plain password, while retrieving the user directory object.

71902           Forgot password service fails while using the stored procedures.

74616           Policy Store displays an error message (Unable to read object  smSessionId) in smps.log, when you use a CA Directory Session as a Session Store.

74549           The smaccess.log and the smps.log files fail to roll over intermittently.

137087         Policy Server terminates abruptly due to memory leak in active expression evaluation.

64603           SAML object attributes are not displayed on the Administrative UI.

62710           The Policy Server LDAP fails, when you invoke the IDP initiation Federation transaction.

72073           Directory Server log fails, when "KeepAgentConnections" returns an error in the Policy Store.

53748           Java DMS API returns incorrect error code during change password API.

70791           ConfigManager.CheckACO.fails, when you use cluster configuration for HCO.

126730         CAPKI is upgraded to CAPKI 4.3.5 release.

72218           SM_catagory for AgentInstance object is missing in category.txt file. This causes error on loading.tmp  files into the Oracle database, when you process audit related to these objects.

70530           XPSExport with "-npass" argument option fails and encrypts the passwords in the output file.

136915         SASL bind fails, when you upgrade the Active Directory of R12.51 CR04.

72751           APS fails to handle the execution of ODBS stored procedure.

115814         XPSExport terminates abruptly due to null pointer access.

55820           APSExpire command fails when you change the name in the SmUser column name in the APS table.

54813           The date on the generated report does not match the date on the audit report.

 

R12.51 CR04

========

Product: SiteMinder 12.51 CR04 Policy Server

July 31, 2014   Policy Server 12.51 CR04 contains fixes for the  following tracking numbers:

Tracking #      Problem description

----------      -------------------

62061,54414, 54006   Cache update logs an error in the CDS.log file.

53424           The PreserveHeaders and FccForceIsProcted ACO parameters are misspelt in the ApacheDefaultSettings ACO object template.

54949           XPSRegClient terminates abnormally when it failed to fetch the administrator password.

55489           Intermittent authorization failure occurs when SSO is configured between the Policy Server R6 and R 12.51 versions.

54962           XPSSweeper process terminates abnormally due to valid class deletion during the cleanup routine.

55501           The Policy Server enters the Event ID and Category ID column values as 0 in the Audit database under       load.

53891           The Policy Server terminates abnormally during shutdown.

54483           The smpolicy-secure.xml file provides more restrictive security settings than the smpolicy.xml file.

55504           The smpoliysrv -publish command displays the connection information as 0.

53673,62080The smjdbcsetup.sh script fails to display the database type in the menu.

55592,55593Administrative UI displays an error when a sub-realm is created under a realm in EPM Applications without saving the realm.

55206           LDAP search calls from the Housekeeping thread takes long time to complete.

53929,62090The EPM Application Role authorization fails when the user directory is configured in the load balancing mode.

55826           The XPSImport utility fails to import with -npass option if the import file contains sensitive data.

55148           The XPSImport utility fails to import due to objects fetched from the LDAP store are not sorted properly.

54076,62052The Policy Server terminates abnormally when Active Expression is used in Response for authorization.

55455           Introduced a switch to configure AgentDiscovery feature through XPSConfig utility.

There are 3 possible values for this configuration (0=Disabled, 1=Auto Discover, 2 is Enabled). The default value for this parameter is 1 ( Auto Discover) in which case we check the policy store for any AgentInstance objects and update this  parameter to  0 (Disabled) if no objects are found or to 2 (Enabled) if we find those objects. Since this parameter is global in nature, it is stored in the policy store and is available to all the policy servers in the server farm. When the Agent Discovery feature is disabled atrace messageis logged in the policyserver trace logs.

53767,63118 If AD/ADLDS is used as a user store (in "AD" namespace), authorization fails when Latin ISO characters are used in the user names.

75067           The Policy Server terminates abruptly when the "Registration File" option is not available during                Administrative UI log in.

55837,74141 If util.jar, util_sdk.jar jars are present in CLASSPATH, the browser throws an Error 500 when a                 realm that is protected by SAML2.0 Authentication Scheme is accessed.

72481           The smmigratecds utility throws the NoClassDefFoundError error when -validate or -migrate option is specified.

53860           The Password Error message does not appear when localization parameter is set to NO in ACO.

54999           The smmigratecds utility displays incorrect messages  when the -validate and -migrate options are used for expired certificates.

64837           The Policy Server terminates abruptly when editing/viewing the Active Directory based user directory.

55788           The smaccess log file fails to display fields in the first line of the file the file rotates.

55803           The Policy Server terminates abruptly at cache lookup.

55845           Active Directory locks user accounts though the correct credentials are entered.

62740,98322     The Policy Server fails to fetch more than 128 records from the LDAP based policy store.

64797           The XPSExport utility displays an incorrect description for the -m parameter.

70613,70774     The Policy Server terminates abnormally when MS SQL is configured as policy store and LDAP is configured as a key store.

64812           The XPSExport utility throws an encrypted password when the -npass switch is specified during migration.

54831,62053     The XPSExport utility with -xs switch terminates abruptly when the store contains node that does not    have any Administrator associated with it.

55290           The smreghost utility with -o switch fails if HostName contains upper case alphabets.

70606           The smfedexport utility fails to export metadata if  pubkey or  sign option is usedd.

55333           The Change Information option in the Policy Server installer fails to function.

52506,62073     The initialization of SmdsLdapConnMgr is displayed as an error instead of a warning in the              policy server's smps.log.

62085           The XpsSweeper utility throws errors when it is run after a federation partnership is deactivated.

54458,55385     The password policy fails to get triggered when a custom authentication scheme is used.

63116           The Policy Server sends RC2 encrypted password for a bind when adding a user directory to federation       partnership.

54688,54360     The Policy Server logs the "Unable to obtain OS random data" error in the log file when a guest user       on windows tries to run the XPS tools.

54556,62055     The Policy Server updates the Audit logging in an interval of 3 seconds rather than the configured time.

55394           KeepAgentConnections parameter does not contain parameters to support sending soft or hard close       when AgentConnectionMaxLifetime time out is reached.

74204           CAPKI need to be upgraded to 4.3.4 for addressing recent openssl vulnerabilities.

54580, 62071    The Metadata import fails for the Service Provide entry from a Muti-Entity XML metada file.

54580,55061     The smfedexport utility fails to export metadata if  pubkey or  sign options is used

55718           The resource bundle error is displayed when smfedimport.sh is run.

55687, 62084    WS-Fed throws a SAML Assertion failure due to an incorrect sequence of the XML elements.

54901, 62066    Insufficient tracing in XPS layer while creating an external administrator object.

54473, 62072   APS displays incorrect information on password change.

 

R12.51 CR03

========

Product: SiteMinder 12.51 CR03 Policy Server

March 27, 2014   Policy Server 12.51 CR03 contains fixes for the

                  following tracking numbers:

Tracking #      Problem description

----------      -------------------

172138                The smreg and XPSSecurity utilities are missing in the Policy Server installer.

164620,178151   The signature validation of SAML assertion takes a longer processing time under heavy server load.

169294,178156   The SAML assertion parse fails due to incorrect jars in the classpath.

170020,178159   Policy Server fails to roll over logs.

170507,178162,178658,173913    When a user directory is used in multiple  partnerships, Policy Server authenticates only  the first user.

171321,178539   Policy Server terminates abruptly during LDAP search under heavy request load.

176491,178649   During the Policy Server process shutdown, Policy Server terminates abruptly due to improper unloading of libraries.

175936,178651   Policy Server gives error due to unsigned jars.

175936,178651   During the IDP information search, Policy Server throws an error due to unsigned jars.

174693,178653   smkeytool fails to import the separate certificate and key files.

174236,178656   Upgrading from r6 to 12.51 results in the smpolicysrv process using 100 percentage of CPU usage.

171252,178667   Policy Server throws an error when retrieving the Web Services variable.

171489,179201   smaccess.log does not log the Administrative UI changes even when Enhance Enable Tracing and LogObj  are enabled.

166520                In an edit mode, the Session Timeouts option is cleared for all components of an application.

174951,178652   WS-FED Assertion Generation GetUserProp() function was causing a Policy Server failure.

173800,181152   Policy Server terminated abruptly when a UDP packet is sent on port 44444 with a single byte containing  0x08 or 0x88.

177760,181467   Upgrade of Java Update 45 blocks the FSS UI applet jar.

175068                Policy Server terminates abruptly while authenticating a legacy administrator when the               Administrative UI is protected by a custom java authentication scheme.

179879,182416   When we edit a domain, a policy loses its users that we configured from the authorization directory       mapping.

181643,182418   xpssweeper throws errors related to user policy and federation users after configuring a federation       partnership.

183017,183445   Policy Server terminates abruptly when the primary policy store in the failover configuration stops.

178158,169970   Policy Server terminates abruptly if the audit database stops.

178593,172971   Policy Server fails to trace the search failure during LDAP user directory failover.

178661,172871   Using a custom authentication scheme results in a memory leak in Policy Server.

179824,170745   Policy Server intermittently terminates due to double free call.

180969,178905   XPSImport with the -validate option fails to validate against CA_SiteMinder_WAM-XPS2.xsd.

176719,178646   APS throws an invalid weight error during a password change if the password is listed as a restricted   word in the dictionary.

 

R12.51 CR02

========

Product: SiteMinder 12.51 CR02 Policy Server

 

February 25, 2014    Policy Server 12.51 CR02 contains fixes for the following tracking numbers:

 

Tracking #      Problem description

----------      --------------------------------

 

174236, 182271  Upgrading from r6 to 12.51 results in the smpolicysrv process using 100 percentage of CPU usage.

172992, 182272  The Policy Server was randomly failing in a customer environment during key store fail-over. The core dump analysis verified that the failure was due to inappropriate data casting while printing the error logs.

181423, 182270  If the encryption key in the EncryptionKey.txt file contains null characters, the file from r6.0, r12.0 SP3, and r12.5 is incompatible with r12.51 CR01.

177001, 182980  During the data export, smkeyexport and the -k and -c options of smobjexport do not decrypt the keys.

 

R12.51 CR01

========

Product: SiteMinder 12.51 CR01 Policy Server

July 3, 2013    Policy Server 12.51 CR01 contains fixes for the following tracking numbers:

Tracking #      Problem description

----------      -------------------

141018          The Policy Server now keeps all sensitive data encrypted in memory

158227          An issue when the Policy Server can take up to three minutes to shutdown has been resolved

158911          The DMS API now correctly returns group membership when an unlimited page size is used with CA Directory

62974          Any OnAuthAttempt events are now triggered in EPM model

165833          The XPSExplorer no longer displays passwords in clear text when passwords are being typed

166560          The Default and non-default tags are now correctly logged in syslog

167068          The Policy Server can now be configured to store values of UserDN and user name attributes in sm_objname  and  sm_objid  columns of the audit database respectively

167675          A typographical error in the header of the smaccess.log file has been corrected

168047          The OneView monitor now appears correctly in non-English environments

168170          The Policy Server no longer crashes when creating Attribute Mapping when "Expression" is selected but its definition is empty

168718          The Policy Server no longer leaks memory while performing text-based audit-logging under heavy load conditions

169037          The Policy Server now logs a list of loaded event providers in smps log file

169347          The authentication calls in authorization APIs no longer fail with the custom active expressions

169412          The Certificate authentication scheme now correctly decodes multivalue RDN in certificate DN

169458          The startup times of the XPS tools with LDAP policy stores have been improved

169678          The performance of Java Policy Management API has been improved

169708          When using DLP integration, you no longer have to edit axis2c.xml file to be able to create applications from WAM UI

169734, 170190, The performance of the Policy Server has been improved

171012

169765          The audit schema for the DB2 database now supports assertion auditing

169950, 169948, Various language translation issues have been addressed

169980, 170002, in this release

170079, 170087,

170089, 170092,

170093, 170114,

171064

169963, 170166, The smobjimport command no longer fails with illegal XML

170098          characters error while importing SiteMinder r6 smdif files

170095          The Policy Server installer now installs APSAPI libraries and APSAPI.h header file

170116          The Policy Server now correctly generates agent commands when an ACO or HCO object is created or modified through the Policy Management API

170264          The Linux Policy Server no longer crashes on authentication requests when referrals are enabled in an      Active Directory user store

170270, 170502  The Policy Server configuration wizard can now properly configure ADLDS or ODSEE 11g as a policy store

170321          The SiteMinder Policy Server configuration wizard now correctly configures One View monitor with ServletExec on Linux

170328          An issue with key trace messages not being reported to the Policy Server trace log has been resolved in this release

170582          The Wily Manager now correctly reports Policy Server status when password policies are not configured or Identity Minder integration is not enabled

171208          The Policy Server will no longer perform frequent updates of the policy store related to the Agent Discovery functionality

171256          The XPSImport no longer fails with an XML parser error when encountering invalid XML characters in the input file

Outcomes