IBM Support

APAR Information for IBM Security Access Manager 9.0.7.2 IF4

Fix Readme


Abstract

Urgent and APAR information for IBM Security Access Manager 9.0.7.2 IF4.
Please read all urgent information in this document before performing any actions.

Content

Urgent information:

Steps to consider before applying the 9.0.7.2 IF4
  1. Please ensure you have APAR IJ24066 installed, otherwise all snapshots created before the APAR is installed will not be able to be restored to the system.
  2. Take a snapshot and download to a local file system

This 9.0.7.2 IF4 contains the following fixes for:
  1. Crashes
  2. Defects
  3. Memory leaks
  4. Performance improvements
  5. Security vulnerabilities

Previous enhancements:   

RSA SecurID authentication mechanism.

Note:

The minimum RSA Authentication Manager version supported is 8.2 SP1

IBM STRONGLY recommends following Industry Best Practices by performing these steps before production rollout:
  1. Identify all business case scenarios used
  2. Testing all business use cases in test and QA environments, identical to production if possible
  3. Performance testing of all business use cases in identical production environment



________________________________________________________________________

IBM My Notifications

IBM strongly recommends you subscribe to My Notifications.  You will be able to receive the latest urgent information of this document and feedback of IBM Products.
You find more information about My Notifications here IBM My Notifications


________________________________________________________________________

APARS fixed in ISAM 9.0.7.2 IF4

APAR

Description
IJ35975* ISAM 9.0.7.1 IF5 APPLIANCE CANNOT CREATE A VALID SNAPSHOT
IJ36046 REQUEST LOG TIME ZONE OFFSET CHANGE DELAYED AFTER DST CHANGE
IJ35615 DPWWA0636E ERROR DUE TO INCORRECT DST CONVERSION
IJ38050 LMI REVERSE PROXY EDIT REMOVES SECONDARY INTERFACES
IJ38950* UNEXPECTED AUTHENTICATION CHALLENGE WHEN USING 'AUTH-CHALLENGE-TYPE'
IJ41073* Security Vulnerabilities fixed in the ISAM appliance

Related Information

ISAM 9.0.7.2 IF4 download link

Previous Cumulative Fixpacks APAR History

APARS fixed in ISAM 9.0.7.2 IF3

APAR

Description

IJ27312

THE ECSSO FLOW IS NOT COMPATIBLE WITH THE PARAMETER CREATE-UNAUTH-SESSIONS ENABLED

IJ30250

EMBEDDED LDAP DOES NOT LISTEN ON PORT 636 WHEN REPLICATING THE ISAM RUNTIME COMPONENT

IJ30817

INCREASING THE AMOUNT OF APPLIANCE LOGGING

IJ30896

LAST FOUR CHARACTERS OF THE KEYSTORE NAME IS BEING STRIPPED.

IJ31225

WHILE DATABASE OF IDP STOPPED, FEDERATION FINISHED SUCCESSFULLY THOUGH HTTP STATUS OF SAMLRESPONSE RETURNS 500.

IJ31242

WEBSEAL TO STS WEB SERVICE SOAP CALLS FAILS CAUSING OUTAGE FREQUENTLY

IJ31967

AAC RESPONSE_TYPE GETTING CONVERTED FROM ARRAY TO STRING IF IT HAS ONLY ONE ELEMENT

IJ32477

ISVA 10.0.0.1 INCOMING SAML FEDERATION FAILS AFTER EXTERNAL IDP CONFIG CHANGES

IJ32610

WEBSEAL SENDING MULTIPLE "WWW-AUTHENTICATE" HEADERS TO CLIENT

IJ33009

ADDING CHARSET TO CONTENT-TYPE WHEN RETURNING TEMPLATE FILES.

IJ33014

REVERSE PROXY CLUSTER SYNC FAILS DUE TO TFIMSSO JUNCTIONS
IJ33195 LASTUSEDTIME ON RBA_DEVICE TABLE IS NOT UPDATED AFTER CREATED

IJ33274

PKMSPASSWD PAGE ACCESS ISSUE

IJ33452

AFTER APPLYING FIXPACK TO ISAM DOCKR ENVIRONMENT, EVENTS DATA WILL BE REMOVED AND CANNOT SEE EVENT LOG

IJ33482

  

CHRYSTOKI.CONF AND /USR/SAFENET/LUNACLIENT/CONFIGURED NOT UPDATED WHEN LUNA HSM KEYSTORE DELETED

IJ33611

'CONTACTS' ATTRIBUTE NOT RETAINING 'ARRAY' TYPE WHEN PROVIDED IN A CLIENT REGISTRATION REQUEST

IJ33689

MAX CONCURRENT WEB SESSIONS POLICY ISSUES WHEN  CREATE-UNAUTH-SESSIONS = YES

IJ33784

SLOWNESS WHILE LOADING SSL CERTS PAGE ON A CLUSTERED APPLIANCE

IJ33801

POLICY SERVER NOT RESPONDING AS A RESULT SEC_MASTER LOGIN OR JUNCTION LIST FAILS UNTIL RUNTIME IS RESTARTED

IJ33916

RUNTIME PROFILE NOT LOADING P11 KEYSTORES CORRECTLY

IJ33917

CREDATTR MACRO NOT PROPERLY POPULATED ON EXPIRED PASSWORD LOGIN IF TRY TO BYPASS

IJ34195

WEBSEALS FAILS TO STARTWHEN COOKIE-ATTRIBUTES CONTAINS HTTPONLY ATTRIBUTE AND "PASS-HTTP-ONLY-COOKIE-ATTR=NO"
IJ34580 MOVING IP ADDRESS FROM ONE INTERFACE TO THE OTHER LEAVES PROXY INSTANCES WITH UNCONFIGURED NETWORK-INTERFACE

IJ34621

OIDC CLAIM ATTRIBUTES ARE MISSING WHEN OIDC ATTRIBUTE NAME MATCHES ATTRIBUTE SOURCE NAME 

IJ34698

IJ34709

IJ34777

IJ34781

IJ34906

Security vulnerabilities fixed in ISAM 9.0.7.2 IF3

IJ34810

IN CONTAINER ENVIRONMENT WGA_NOTIFICATIONS SHOULD ONLY RUN ON THE CONFIGURATION CONTAINER

IJ35086

MEMORY LEAK WHEN NON GSO USER ACCESSES GSO JUNCTION

IJ35087

  

FIXPACK INSTALLER ISSUES - INSTALL FAILURES CAN BE REPORTED AS SUCCESS

APARS fixed in ISAM 9.0.7.2 IF2

APAR

Description

IJ08329

STATIC ROUTE FOR A NETWORK DESTINATION IS NOT CREATED CORRECTLY VIA CLI.

Due to a lack of a netmask which was fixed.

IJ28750

STS MODULE CONFIGURED USING THE ISAM RTE
DOES NOT USE CONFIGURED REPLICA LDAP'S

IJ29437

WITH LTPA-AUTH ENABLED AFTER STEP-UP
LTPA COOKIE NOT DELETED ON LOGOUT

IJ29843

SLOW RESPONSE OBSERVED WITH REQUESTS
TO SCIM AND MGA ENDPOINTS

IJ29970

CHANGES ARE ACTIVE' SHOW 'FALSE'
FOR NON-MODIFIED REVERSE PROXY INSTANCE

IJ30833

SLOW RESPONSE FROM ISAM REST API
IN DOCKER ENV

IJ31711

CONFIGURATION OPTION TO INCREASES THE MAX OPEN FILES VALUE
FOR THE HARDSERVER

IJ31727

Crash:
Reverse Proxy crash in TLS Web Socket Shutdown (G2464)
GSKit 8.0.55.22

IJ32122

/PKMSLOGOUT FAILS
WHEN USING OAUTH-INTROSPECTION AND SESSION COOKIES

IJ32282

WHEN USING DSC WITH LARGE DATA ITEM IN SESSION
CAUSING DELAY

IJ32367

UNEXPECTED COOKIE BEHAVIOR WHEN INTERNALLY FOLLOWING REDIRECTS
IJ32390* Session Fixation vulnerability

IJ32498

Ensure graceful termination of processes during runtime profile shutdown

IJ32894

REQUEST LOG TIME ZONE OFFSET CHANGE DELAYED
AFTER DST CHANGE

IJ32944

TLS REMOTE SYSLOG
CONNECTION INITIALIZATION HUNG

IJ32954

DSC EXTERNAL LISTENING PORT
SET CIPHERS

Advanced Tuning Parameter required
Name:  isam_cluster.dsc.nist_mode
Value:  strict (Default)
Allowed values: disabled, strict, suite-b-128 or suite-b-192

IJ32969

MALFORMED ATTRIBUTE VALUE ERROR
DURING SCIM USER MANAGEMENT WITH BOOLEAN ATTRIBUTE

IJ32989

 LMI ADMINISTRATOR SETTING
PROPERTY 'EXCLUDE CSRF CHECKING' FOR DOES NOT WORK AS EXPECTED

IJ32990

SNAPSHOT CREATION FAILS
WHEN RUNTIME REPLICATION IS DISABLED

IJ32996

Advanced Access Control (AAC) SESSION CACHE
DSC FAILOVER TAKING TOO LONG

IJ33056

DOC: Documenting perceived end-user changes observed from IJ23104
IJ33189* Multiple CVE's fixed:
JQUERY UPDATES NEEDED TO FIX SECURITY VULNERABILITIES

IJ33192

Performance:
Resolves high system CPU percentage reducing gsk_secure_soc_open() gsk_secure_soc_close() delay
GSKit 8.0.55.22

IJ33270

Cookie jar does not respect cookie path which doesn't end in /

IJ33354

SUPPORT FOR X5T AND X5C
IN JWKS ENDPOINT AND JWT HEADERS
Backport of new ISVA 10.0.0.0 functionality

https://www.ibm.com/docs/en/sva/10.0.0?topic=overview-whats-new-in-this-release

IJ33474

Max concurrent web session policy not working for external users

IJ33475

ISV Verify Wizard hard-code for .ice.ibmcloud.com

APARS fixed in ISAM 9.0.7.2 IF1

IJ22056

com.tivoli.pd.jcfg.SvrSslCfg action unconfig IS DELETING PDCA.ks.

IJ23145

REVERSE PROXY MEMORY LEAK IN LTPA CACHE

IJ26195

ISAM FEDERATION CANNOT SET WAYF COOKIE LIFETIME

IJ26504

WHEN GLOWROOT EXTENSION IS INSTALLED FEDERATION/AAC RUNTIME
RESTART REQUIRED FLAG IS ALWAYS TRUE

IJ26875

MANAGED COOKIE RETURNED TO BROWSER DURING EAI

IJ27232

REST API FOR STATISTICS DOES NOT RESPOND WHILE DST CHANGE

IJ27826

ERROR: DUPLICATE KEY VALUE VIOLATES UNIQUE CONSTRAINT "DMAP_ENTRIES_PKEY"

IJ28151

INCORRECT CREATE-UNAUTH-SESSIONS=YES BEHAVIOR
WHEN NO AUTHENTICATION MECHANISMS DEFINED

IJ28326

ADMIN USER CANNOT ACCESS RESOURCES

IJ28555

FBTRBA232E ERROR RETURNED FOR SOME MAPPING RULE NAMES IN INFOMAP AUTHENTICATION

IJ28558

@TOKEN:RELAYSTATE@ NOT ESCAPED BY DEFAULT

IJ28622

ENABLED SERVER SECURE PROTOCOLS FOR ISAM RUNTIME NOT WORKING IN FIPS MODE

IJ28776

COOKIE-ATTRIBUTE ARE NOT ADDED WHEN HTTP/2 IS ENABLED

IJ28909

SNAPSHOT CREATION FAILS WHEN RUNTIME REPLICATION IS ENABLED

IJ29288

REVERSE PROXY USER-AGENT MEMORY LEAK

IJ29358

REVERSE PROXY TO RSYSLOG USING TLS1.2 CONNECTION ISSUE

IJ29361

TFIM STREAMING ERROR WHEN RESPONSE SIZE NEAR 16KB AND NOT CHUNKED

IJ29363

STOP RUNTIME LOGGING EXTRANEOUS DSC PING ERROR MESSAGES

IJ29446

RgyGroup.addMembers() METHOD DOES NOT SUPPORT BASIC USERS.

A NEW METHOD CALLED addNativeMembers() WAS ADDED TO RgyGroup
TO ALLOW ADDING BASIC USERS TO NATIVE LDAP GROUPS.

IT IS DEFINED AS:
void addNativeMembers(List memberIds) throws RgyException;

IJ29498

HPDAC0949E ERROR CONTAINS INCORRECT RULE NAME

IJ29852

ISVA 9.0.7.2 FAILED TO START IN FIPS MODE

IJ30162

AAC IS ENCODING SPACE CHARACTER AS "+" IN THE GROUP

IJ30236

CANNOT SAFELY CHECK WEBSEAL REQUEST LOG FOR DUPLICATE AUTHORIZATION HEADERS

IJ30354

IP-SUPPORT-LEVEL=DISPLACED-ONLY AND "ipv6-support=no"
CAUSES NO IP ADDRESS IN REQUEST.LOG AND POSSIBLY CRASH

IJ30400

CANNOT EDIT OR UPDATE RSYSLOG FORWARDING
WHEN SOURCE CONTAINS AUTHORIZATION SERVER

IJ30635

APPLIANCE SECURITY VULNERABILITIES

IJ30828

ADD SUPPORT FOR NEW RSA SECURID AUTHENTICATION MECHANISM
- Added support for a new RSA SecurID authentication mechanism which utilizes RSA's new authentication API.

- For appliances with internal config databases, applying the fix pack is all that is needed.
- For appliances with external config databases, the appropriate sql file updates need to be applied.
   A manual restart of the runtime and LMI profiles is needed after this.

The sql files for updating external config DBs will be available for download from the appliance:
   System Settings → File Downloads → common → database → → config → cluster_config__update_rsa_securid.sql

- If out of the box OTP which used to support the old RSA OTP mechanism needs to be used in a mapping rule or Infomap, extra changes are necessary.
Contact support for instructions.

** The minimum RSA Authentication Manager version where this is supported is 8.2 SP1

IJ30850

REVERSE PROXY PREMATURE TIMEOUT COMMUNICATING WITH DSC

IJ31014

REVERSE PROXY ENHANCED - PWD - POLICY HANDLING OF OUD GRACE - LOGIN – COUNT

IJ31108

MACROS NOT SET WHEN EXECUTING CUSTOM JAVASCRIPT WITHIN FEDERATION TEMPLATES

IJ31224

UPDATE KERBEROS VERSION TO 1.16.4

IJ23145

LTPA memory leaks

IJ29288

WebSEAL User-Agent HTTPMessage::setAttribute Memory Leak

IJ28665

REVERSE PROXY AUDIT LOG INCLUDE X-FORWARDED-FOR AND APPLICATION URL

 Requires [aznapi-configuration] client-ip-http-header configuration

APARS fixed in ISAM 9.0.7.2 GA  

IJ14029

FBTOAU227E ERROR CODE RETURNED FOR /AUTHORIZE REQUEST
INCLUDING PARAMETERS IN QUERY STRING AND AS JWT

IJ14492

REST API TRUNCATES SERVER DNS WITH A COLON

IJ15318

AAC TEMPLATE PAGES USING TEMPLATE PAGE SCRIPTING (JAVASCRIPT) ARE CACHED INCORRECTLY

IJ16198

REBOOT CAUSES STATIC ROUTE LOST USING DHCP

IJ16815

DOCKER - PDWEB LOG LINK TO APPLICATION.LOG LOST ON RESTART

IJ17591

DOCKER UPGRADE FROM 9.0.6 TO 9.0.7 FAILS TO STARTS POSTGRES CONFIGDB

IJ18700

DEVICE_AUTHORIZE ENDPOINT FOR OAUTH USES DIFFERENT SEPARATOR
FOR MULTIPLE SCOPE VALUES

IJ19127

ADDING OPTIONAL SAML2.0 ATTRIBUTE "PROVIDERNAME" TO SAML REQUEST(SAMLP:AUTHNREQUEST

New boolean advanced configuration 'saml20.authn.request.provider.name.enabled' to add the “ProviderName” attribute to SAML2.0AuthnRequest

IJ19666

MACOTP NOT AFFECTED BY otp.retry.(enabled|maxNumberOfAttempts|otpRetryTimeout)

PARAMETERS INCONSISTENT WITH TOTP AND HOTP
 OTPVerify mapping rule must be turned off 
 Change var isRetryEnforcementEnabled from true to false
 Update, deploy, restart runtime

IJ19903

OTP FAILED ATTEMPTS NOT LOCKING WHEN USING EXTERNAL ORACLE HVDB

IJ20226

PARAMETER IS NOT VALID: HVDB_ADDRESS:
THIS VALUE MUST BE AN IP ADDRESS OR FULLY QUALIFIED DOMAIN NAME (FQDN)

IJ20406

DEFAULT TARGET URL NOT ACCEPTING RELATIVE URL WHILE CREATING SAML PARTNER

IJ20502

GEONAME_ID WITH EMPTY VALUE FOR MAXMIND GEOLOCATION DATABASE V2 CAUSING FAILURE

IJ20629

REGENERATING OTP TOKEN DOES NOT RESET CLOCK FOR TOKEN EXPIRY

IJ20630

CANNOT EXPORT OBJECT SPACE WHEN JUNCTION HAS TRAILING FORWARD SLASH (/) IN NAME

IJ20655

UPGRADE ISAM HARDWARE APPLIANCE CORRUPTS GRUB BOOT MENU

IJ21285

PROXY INSTANCE ON DOCKER WILL STOP RESPONDING
IF YOU CREATE A JUNCTION TO A SERVER WHICH IS NOT THERE

Reverse Proxy configuration Added

[junction] connect-timeout = 30

IJ21794

WEBSEAL INCORRECT HANDLING OF INACTIVE-TIMEOUT WITH DSC

IJ21970

WHEN ISSUE REFRESH TOKEN IS DISABLED
AN INCORRECT VALUE FOR EXPIRES IN IS CALCULATED FOR THE ACCESS TOKEN

IJ22428

WHEN ISSUE REFRESH TOKEN IS DISABLED
AN INCORRECT VALUE FOR EXPIRES IN IS CALCULATED FOR THE ACCESS TOKEN

IJ22528

REMOTE SYSLOG FORWARDER ABILITY TO SEND CUSTOM RUNTIME .LOG FILES
FROM RUNTIME DIRECTORY

IJ22530

MEMORY LEAK IN REVERSE PROXY CERTIFICATE MAPPING

IJ22571

ISAM SAML SP WITH LONG TARGET URL RESULTS IN HTTP 500

IJ22721

MISSING MECHANISMS IN MMFA CONFIGURATION
AFTER UPGRADE WHEN USING EXTERNALIZED CONFIGURATION DATABASE

IJ22755

WEBSEAL -> MANAGING ADMINISTRATION PAGES -> IMPORT BEHAVIOR CHANGED FROM 906 TO 907

IJ22903

ERROR FBTRBA005E WHILE IMPORTING A PARTNER

IJ22997

REVERSE PROXY TRAFFIC CANNOT SHOW OLD DATA MORE THAN AROUND 10 DAYS OLD

IJ23000

UNABLE TO SELECT “UNSPECIFIED” FOR DEFAULT NAMEID

 LMI will now list urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified for default NameID format

IJ23062

ISPASSWORDVALID() FUNCTION NOT RENDERING CORRECT VALUE

IJ23104

STS CHAIN EXCEPTION HIERARCHY_REQUEST_ERR WHEN USING USERNAME AND PASSWORD MODULE

New Boolean Advanced Configuration 'sts.wstrust.error.shortexception'
Display full STS exception stack (default:false) or display the exception message

IJ23198

SUPPORT FOR PERSISTENT TIMEOUT CONFIGURATION FOR WAS LIBERTY

IJ23488

STALE GSO CACHE ENTRIES FOR USER CANNOT BE REMOVED AT LOGIN

Reverse Proxy configuration
 [gso-cache] gso-cache-login-clear-user = no

IJ23647

MMFA PUSH NOTIFICATION DOES NOT COMPLETE SUCCESSFULLY

IJ23841

UNABLE TO DISABLE TLS RENEGOTIATION ON REVERSE PROXY ADMIN PORT

Reverse Proxy, Authorization Server, Policy Server configuration
 [ssl] disable-renegotiation = false

IJ23926

FONT FILE IN AAC TEMPLATE FILES PRODUCES 404 HTTP ERROR

New string array advanced configuration 'sps.page.jsCompileFileExtensions' (default:html,json) compile extensions when retrieving pages specific to Federation flows

IJ23960

REFRESHING TOKENS (USING HASHED REFRESH TOKENS) FAILS AT 9071

IJ24035

OAUTH RELATED DB ARTIFACTS ARE NOT ALWAYS CLEANED UP AFTER USE

IJ24036

OAUTH TEMPLATE PAGE'S ERROR CODE MACRO VALUE CHANGES
WHEN THE PAGE IS CUSTOMIZED WITH SCRIPTING

IJ24066

ISAM SNAPSHOTS WHEN APPLIED FAILS WITH ERROR

IJ24151

GRANT MANAGEMENT NOT WORKING AT 9070

IJ24271

ISAM REVERSE PROXY 907 EDITING WEBSEAL CONFIGURATION IN THE LMI CHANGES DEFAULT LANG

IJ24277

DOCKER: ISAM_CLI SHUTDOWN NO LONGER WORKS AFTER V9.0.7.1

IJ24300

REST API DOES NOT VALIDATE DUPLICATE HOST ENTRIES

IJ24874

REMOTE SYSLOG AGENT HIGH CPU ONLY RESOLVED BY RESTART

IJ25189

THE PASSWORD SETTINGS IN THE [ITIM] STANZA ARE NOT OBFUSCATED

IJ25439

AN ACCESS POLICY USING PROTOCOLCONTEXT.GETFEDERATIONNAME() RETURNS COMPANY NAME

IJ25575

REST_API:
EXPORT ADMINISTRATION PAGES ROOT AS A .ZIP FILE RESULTS IN "405 METHOD NOT ALLOWED"

IJ25718

METHOD TO DELETE HASHED TOKENS FROM MAPPING RULE

IJ25850

METHOD TO DELETE HASHED TOKENS FROM MAPPING RULE

IJ25850

CANNOT DELETE CONTENTS OF DEFAULT LOCATION FOR POLICY SERVER AUDITING

IJ25865

OIDC 'FBTOIC106E Invalid state' OBSERVED

IJ25898

CANNOT USE LARGE TOKENS WITH IBM DB2 AS HVDB

IJ26004

CANNOT USE LARGE TOKENS WITH IBM DB2 AS HVDB

IJ26004

THE STATE PARAMETER IS NOT URLENCODED ON OAUTH STS RESPONSE

IJ26025

AAC AUDIT LOG SHOWS ACCESS TOKEN

IJ26092

INTERNAL REDIRECT FROM VIRTUAL HOST JUNCTION FAILS TO RESOURCES ON STANDARD JUNCTION

IJ26119

SPACE CHARACTERS ARE ENCODED AS PLUS SIGNS IN POC ATTRIBUTES
WITH URL.ENCONDING.ENABLED=TRUE

IJ26125

REST API TO RETRIEVE WEBSEAL CONFIGURATION DOES NOT SHOW EMPTY VALUES

IJ26146

ISAM 9.0.7.0 UPGRADE CHANGES SERVER LOG (MSG_WEBSEALD-XXX.LOG) '--' SEPARATOR TO 'NEW LINE' SEPARATOR

Reverse Proxy configuration
 [logging] server-log-single-line = True

IJ26175

HOW EFFECTIVELY CHANGE THE SPNAMEQUALIFIER FROM IDP MAPPING RULE

IJ26345

IN-PLACE TRUSTEER PIP IS OVERWRITTEN DURING FIRMWARE UPGRADE

IJ26399

RSA CONFIG:
JAVA.LANG.NOCLASSDEFFOUNDERROR COM.RSA.AUTHAGENT.AUTHAPI.CONFIG.AGENTPROPERTIES
INITIALIZATION FAILURE

IJ26413

LMI SSL CERTIFICATE UPDATE IS NOT GUARANTEED TO BE SUCCESSFUL ALL THE TIME

IJ26416

DISALLOW PATH IN POLICY SERVER AUDITLOG SETTING

 Also enforces audit log file name must end in .log

IJ26474

OAUTH JWKS FILE MISSING "ALG" FIELD

IJ26646

MAKE PRE ISAM 9.0.7.0 UNAUTHENTICATED LOGOUT CONFIGURABLE

Backward compatibility to restore pre-IJ15386 behavior
 [acnt-mgt] disable-unauth-session-logout = false

IJ26710

RUNTIME LOGGING FALSE FBTSPS134E MESSAGES

IJ26833

IGNORES CLIENT ID MISMATCH BETWEEN HEADER AND BODY FOR TOKEN EXCHANGE

 New Boolean 'isva.oauth20.ignoreClientIdMismatch'
If set to true ignores client ID mismatch between header and body for token exchange of a non-confidential client

IJ26936

REMOTE SYSLOG FORWARDER STOPS SENDING EVENTS WHEN LOG FILE IS CLEARED

Note: When any files are cleared the rsyslogd will reload and may resend portion of the log

IJ26968

UNABLE TO CONNECT TO EXTERNAL POSTGRESQL 12 WITH SSL

IJ27141

FEDERATION 30 SECOND DELAY ON DSC FAILOVER

IJ27143

WEBSEAL ABENDS ON STARTUP WHEN APPLYING ENVIRONMENT VARIABLES

IJ27306

ONLY WEBSEAL SERVERS SHOWN IN LMI DISTRIBUTED SESSION CACHE SERVERS SCREEN

IJ27321

REDUCE DATABASE DEPENDENCY FOR SAML 2.0

IJ27326

SAML PERSISTENT NAMEID ENTRY CORRUPTION DUE TO UNHANDLED LDAP EXCEPTION

IJ27360

SCIM DEMO THROWS NPE IN 9071

IJ27362

SNIPPET-FILTER SHOULD NOT INSERT SNIPPETS INTO MANAGEMENT PAGES SERVED

IJ27707

AVOID AAC RUNTIME CONTENTION WHICH CAUSE DISRUPTION/HANG

Disable OAuth token cleanup thread with new REST API endpoint
oauth20.tokenCache.cleanupWait to "-1"

Restore OAuth token cleanup thread after work is completed with new REST API endpoint
oauth20.tokenCache.cleanupWait > 0 (original setting)

IJ27822

PAGE.SETVALUE BEHAVIOR WITH INFOMAP IS DIFFERENT BETWEEN AUTHSVC AND APIAUTHSVC

IJ27847

REVERSE PROXY ABENDS WHEN DESERIALIZING DSC SESSION DATA

IJ27926

ISAM ON DOCKER SHOULD SHOW FIXPACK ON DASHBOARD AND UNDER FIXPACKS

IJ27927

UPDATE TO MULTIPLE DEPENDENT SOFTWARE PRODUCTS

GSKit               8.0.55.17
Java Runtime        8.0.6.11
Liberty             20.0.0.6
Postgresql drivers  42.2.14
bash                4.2.46-28
commons-fileupload  1.4
db2 jdbc drivers    11.5
gawk                4.0.2-4
httpclient          4.5.9
icu                 6.71
idsldap-clt         6.4.0-18
isfs                2.1.0
jackson             2.10.1
libpcap             1.5.3.11
log4j               2.13.2
nss-softokn         3.44.0.8
nss-util            3.44.0.4
sqlite              3.26.0-3
tcpdump             4-9.2.4
tzdata              2018ix

IJ28180

UPDATE IBM SECURITY ACCESS MANAGER DOCKER TO USE UBI 8

IV91645

TFIM SESSION LIFETIME HAS A MAX OF 24.8 DAYS

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"ARM Category":[{"code":"a8m3p0000006xWmAAI","label":"Access Manager"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0.7"}]

Document Information

Modified date:
04 August 2022

UID

ibm16602745

Page Feedback