R12.5 CR05
==========
Product: SiteMinder 12.5 CR05 Policy Server
08/14/2015 Policy Server 12.5 CR05 contains fixes for the following tracking numbers:
Tracking # Problem description
---------- -------------------
55611/160506 Policy Server terminates abruptly when the username has a special character (%).
53329/160562 Web Agent or Web Agent Option Pack cannot initialize when the first Policy Server listed in the HCO is down, if the HCO is configured in round-robin mode.
160679 Data Direct drivers are upgraded to version 7.1.5 across all the platforms.
98975/160503 If a web agent response attribute is deleted, the remaining attributes are not sent in the response during authentication unless the Policy Server is restarted.
79748/160505 XPSExport utility terminates abruptly when you export workspace entries.
160568 ETPKI is upgraded to ETPKI 4.3.8 release.
55802/160501 Administrative UI fails to handle a large amount of Indexed Assertion Consumer Service (ACS) data.
R12.5 CR04
==========
11/11/2013 Policy Server 12.5 CR04 contains fixes for the following tracking numbers:
Tracking # Problem description
---------- -------------------
175311/171208 The Policy Server no longer performs frequent policy store updates related to the Agent Discovery functionality
177089 The Administration UI (WAM UI) installer now launches successfully on the Solaris platform.
11/11/2013: Policy Server Option Pack 12.5 CR04 contains fixes for the Tracking # Descriptionracking numbers:
---------- -----------
There are no resolutions in this CR.
R12.5 CR03
==========
6/9/2013 Policy Server 12.5 CR03 contains fixes for the following tracking numbers:
Tracking # Problem description
---------- ----------------------------
167696/171942 Policy Server populates the correct user name in the smaccess.log during impersonated authentication.
168102/171943 Policy Server no longer terminates abruptly during the roll-over of the XPSAudit files.
171944 The agent instances are no longer getting updated for every 30 seconds.
171945 The CQ 160848 that was resolved and documented in r12.5 CR02 required re-importing of certificates during an upgrade. This requirement is no longer necessary from 12.5 CR03, you need not re-import the certificates during an upgrade.
157938/163880 The ServletExec filter functions after running the Policy Server configuration wizard on the Windows2008 R2 platform
R12.5 CR02
==========
1/24/2013 Policy Server 12.5 CR02 contains fixes for the following tracking numbers:
Tracking # Problem description
-------------- ---------------------------
160607 If load balancing is configured in the Administrative UI, the Policy Server will now authorize users in Active Directory.
161793 If a user provides invalid credentials, the Policy Server will no longer abnormally terminate when processing an OnAuthAttempt rule that is bound to an Enterprise Policy Management (EPM) application.
161988 If an OpenID authentication scheme is configured, the Policy Server now verifies the "assertion" with the OpenID provider. This behavior prevents a replay attack with the OpenID assertion.
157938 While configuring the FSS UI, the Policy Server installer now checks for the CGI IIS role in the Windows 2008/Windows 2008 R2 platforms.
160848 The Administrative UI and SiteMinder key tool (smkeytool) will now be able to import and store the certificates in the policy store if the key length is greater than 1024. For more information about preserving the previously imported certificates to see "Policy Server Upgrade Requirement for 12.5 GA and 12.5 CR1" in this readme file.
160293/164029 The Policy Server can now communicate over SSL with LDAP directory servers that specify an AKI (Authority Key Identifier) attribute in the certificate.
159354 The Policy Server logic has been optimized to execute as follows when authenticating users in an ODBC database:
a) Validate the distinguished name (DN) with the SQL query configured in "InitUser". This steps checks whether the DN is a user or not.
b) If the above does not produce result, execute the SQL query configured in "GetGroupProp". This steps checks whether the DN is a user or not. This optimization prevents the Policy Server from executing a UNION-based SQL query that is configured in "Get User/Group" for every "user" authentication.
158631/163943 The Admin Applet/FSS UI will now allow more than 10 IP addresses in a policy definition.
162301 A dead lock condition in the LDAP authentication layer is fixed.
162318 The Policy Server now properly protects resources when using an r6.x extended policy store.
162951 OpenID authentication no longer fails with the following error when multiple user directories are configured in the Domain: "nonce verification failed".
150671/164657 The CA SSO SiteMinder (smauthetsso) authentication scheme now works in the FIPS-mode of communication on the Windows platform.
154373/164659 The Kerberos authentication now works for users who have a large number of group memberships in a Microsoft Windows Active Directory.
154521/164660 A race condition in the Policy Server is fixed. This condition prevented updates to agent configuration objects through the Java policy management API.
164607 The Policy Server now allows host registration with smreghost when pointing to an r6.x extended policy store.
R12.5 CR01
==========
10/26/2012 Policy Server 12.5 CR01 contains fixes for the following tracing numbers:
Tracking # Problem description
---------- --------------------------
160138 The Policy Server will now be able to authenticate users from a user directory with password policies using an r6.x policy store.
157948 The Policy Server configuration wizard now shows the minimum required JDK/JRE version as 1.6.0.30.
158655 XPSDDInstall will no longer abnormally terminates when upgrading from r12 SP3 to r12.5 Policy Server.
157701, 157949 WAM UI no longer deletes the "Policy" objects during modify operations on "Realm"/"Policy" after an R6.x policy store is imported.
153459 The Policy Server configuration wizard no longer fails when using Disk drives other than C: in the Windows platform.
160825 The Policy Server installer no longer hangs if encryption key contains the dollar sign($) character.
155738 The Policy Server installer now configures IPlanet web server/ASF Apache 32-bit for FSS UI when "Web Server" option is selected during an installation.
154130 The boolean User Directory Attribute Mapping type now works in R12.5 Policy Server.
160301 The Policy Server installer now installs the SPSObjects.xdd file.
151725/150968 Policy Server will no longer exits abnormally on Linux platforms when Identity Manager integration is enabled.
161230 The smldapsetup utility now configures the cert7.db file even if it was configured previously.
160910 The Administrative UI upgrade from r12.5 GA to r12.5 CR01 now works properly.
Product: SiteMinder Policy Server Option Pack 12.5 CR01
10/26/2012: Policy Server Option Pack 12.5 CR01 contains fixes for the following tracking numbers:
Tracking # Description
---------- -----------
160725 WS-FED SLO no longer fails with an M_TUNNEL_SLO_FAILURE_INVALID_DATA error
161076 In conjunction with the Web Agent option pack r12.5 CR01 release or the Secure Proxy Server r12.5 CR01 release, several fixes are made in the XML signature verification that occurs during the SAML assertion validation phase. Use the following parameters in the xsw.properties file to enable or disable these fixes: DisableXSWCheck=true|false
DisableUniqueIDCheck=true|false
161321 The Policy Server installer no longer installs the wsfed.properties file.