Blog Viewer

SSO Policy Server r12.5 Defect Fixes History

By Ujwol posted Jul 05, 2016 09:24 PM


R12.5 CR05


Product: SiteMinder 12.5 CR05 Policy Server

08/14/2015 Policy Server 12.5 CR05 contains fixes for the following tracking numbers:

Tracking # Problem description

---------- -------------------

55611/160506 Policy Server terminates abruptly when the username has a special character (%).

53329/160562 Web Agent or Web Agent Option Pack cannot initialize when the first Policy Server listed in the HCO is down, if the HCO is configured in round-robin mode.

160679 Data Direct drivers are upgraded to version 7.1.5 across all the platforms.

98975/160503 If a web agent response attribute is deleted, the remaining attributes are not sent in the response during authentication unless the Policy Server is restarted.

79748/160505 XPSExport utility terminates abruptly when you export workspace entries.

160568 ETPKI is upgraded to ETPKI 4.3.8 release.

55802/160501 Administrative UI fails to handle a large amount of Indexed Assertion Consumer Service (ACS) data.


R12.5 CR04


11/11/2013 Policy Server 12.5 CR04 contains fixes for the following tracking numbers:


Tracking # Problem description

----------      -------------------

175311/171208 The Policy Server no longer performs frequent policy store updates related to the Agent Discovery functionality

177089 The Administration UI (WAM UI) installer now launches successfully on the Solaris platform.

11/11/2013: Policy Server Option Pack 12.5 CR04 contains fixes for the Tracking # Descriptionracking numbers:

---------- -----------

There are no resolutions in this CR.


R12.5 CR03



6/9/2013      Policy Server 12.5 CR03 contains fixes for the following tracking numbers:


Tracking #        Problem description

----------            ----------------------------

167696/171942   Policy Server populates the correct user name in the smaccess.log during impersonated authentication.

168102/171943   Policy Server no longer terminates abruptly during the roll-over of the XPSAudit files.

171944                The agent instances are no longer getting updated for every 30 seconds.

171945                The CQ 160848 that was resolved and documented in r12.5 CR02 required re-importing of certificates during an upgrade. This requirement is no longer necessary from 12.5 CR03, you need not re-import the certificates during an upgrade.

157938/163880   The ServletExec filter functions after running the Policy Server configuration wizard on the Windows2008 R2 platform


R12.5 CR02


1/24/2013      Policy Server 12.5 CR02 contains fixes for the following tracking numbers:


Tracking #        Problem description

--------------        ---------------------------

160607            If load balancing is configured in the Administrative UI, the Policy Server will now authorize users in Active Directory.

161793            If a user provides invalid credentials, the Policy Server will no longer abnormally terminate when processing an OnAuthAttempt rule that is bound to an Enterprise Policy Management (EPM) application.

161988            If an OpenID authentication scheme is configured, the Policy Server now verifies the "assertion" with the OpenID provider. This behavior prevents a replay attack with the OpenID assertion.

157938            While configuring the FSS UI, the Policy Server installer now checks for the CGI IIS role in the Windows 2008/Windows 2008 R2 platforms.

160848            The Administrative UI and SiteMinder key tool (smkeytool) will now be able to import and store the certificates in the policy store if the key length is greater than 1024. For more information about preserving the previously imported certificates to see "Policy Server Upgrade Requirement for 12.5 GA and 12.5 CR1" in this readme file.

160293/164029     The Policy Server can now communicate over SSL with LDAP directory servers that specify an AKI    (Authority Key Identifier) attribute in the certificate.

159354            The Policy Server logic has been optimized to execute as follows when authenticating users in an ODBC database:

a) Validate the distinguished name (DN) with the SQL query configured in "InitUser". This steps checks whether the DN  is a user or not.

b) If the above does not produce result, execute the SQL query configured in "GetGroupProp". This steps checks          whether the DN is a user or not. This optimization prevents the Policy Server from executing a UNION-based SQL query that is configured in "Get User/Group" for every "user" authentication.

158631/163943     The Admin Applet/FSS UI will now allow more than 10 IP addresses in a policy definition.

162301            A dead lock condition in the LDAP authentication layer is fixed.

162318            The Policy Server now properly protects resources when using an r6.x extended policy store.

162951            OpenID authentication no longer fails with the following error when multiple user directories are configured in the Domain: "nonce verification failed".

150671/164657     The CA SSO SiteMinder (smauthetsso) authentication scheme now works in the FIPS-mode of communication on the Windows platform.

154373/164659     The Kerberos authentication now works for users who have a large number of group memberships in a Microsoft Windows Active Directory.

154521/164660     A race condition in the Policy Server is fixed. This condition prevented updates to agent configuration objects through the Java policy management API.

164607            The Policy Server now allows host registration with smreghost when pointing to an r6.x extended policy store.


R12.5 CR01



10/26/2012      Policy Server 12.5 CR01 contains fixes for the following tracing numbers:

Tracking #     Problem description

----------          --------------------------

160138         The Policy Server will now be able to authenticate users from a user directory with password policies using an r6.x policy store.

157948          The Policy Server configuration wizard now shows the minimum required JDK/JRE version as

158655          XPSDDInstall will no longer abnormally terminates when upgrading from r12 SP3 to r12.5 Policy Server.

157701, 157949     WAM UI no longer deletes the "Policy" objects during modify operations on "Realm"/"Policy" after an R6.x policy store is imported.

153459         The Policy Server configuration wizard no longer fails when using Disk drives other than C: in the Windows platform.

160825         The Policy Server installer no longer hangs if encryption key contains the dollar sign($) character.

155738         The Policy Server installer now configures IPlanet web server/ASF Apache 32-bit for FSS UI when "Web Server" option is selected during an installation.

154130         The  boolean  User Directory Attribute Mapping type now works in R12.5 Policy Server.

160301         The Policy Server installer now installs the SPSObjects.xdd file.

151725/150968      Policy Server will no longer exits abnormally on Linux platforms when Identity Manager integration is enabled.

161230         The smldapsetup utility now configures the cert7.db file even if it was configured previously.

160910         The Administrative UI upgrade from r12.5 GA to r12.5 CR01 now works properly.


Product: SiteMinder Policy Server Option Pack 12.5 CR01

10/26/2012:    Policy Server Option Pack 12.5 CR01 contains fixes for the following tracking numbers:

Tracking #     Description

----------     -----------

160725      WS-FED SLO no longer fails with an M_TUNNEL_SLO_FAILURE_INVALID_DATA error

161076      In conjunction with the Web Agent option pack r12.5 CR01 release or the Secure Proxy Server r12.5 CR01 release, several fixes are made in the XML signature verification that occurs during the SAML assertion validation phase. Use the following parameters in the file to enable or disable these fixes:                DisableXSWCheck=true|false


161321      The Policy Server installer no longer installs the file.