Known issues and limitations

The adapter instance’s Token Name field must be unique within a federation; however this is not enforced in the user interface.

If the SP Adapter is set to send extended attributes as cookies, multi-value attributes will fail, because multiple cookies with the same name are not allowed.

When running the sample applications in a separate container, the back-channel web-SSO directory service will fail unless the certificate is trusted by the JDK. As a result, the sample applications will not list available partners to SSO into in the drop-down list. To get around this limitation, import the certificate into the JDK or web container’s trusted CA store, or use HTTP instead.

Support for UTF-8 encoding is limited to the sample applications and the attributes displayed. UTF-8 encoded usernames, passwords, and token names for the OpenToken configuration, SSO Directory Service configuration, and sample application configuration are not supported.

The Java Integration Kit is not compliant with FIPS-140 cryptographic standards. By forcing the Sun JCE to be used in the adapter, keys are not stored in the Hardware Security Module (HSM).