Known issues

OPENAM-21180

Amster should set file encoding to UTF-8 internally

OPENAM-21158

Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2

OPENAM-21155

Unable to remove OAuth 2.0 client with name that includes a period (.) in XUI

OPENAM-21100

SAML v2.0 IDP single logout (SLO) using HTTP redirect needs Request stickiness and HA

OPENAM-21031

Google KMS secret store configured in AM exceeds the rate limit

OPENAM-20927

User info is still cached after removing privilege from group

OPENAM-20766

Insufficient debug logging to troubleshoot WS-Federation issuing party issue

OPENAM-20761

Create EngineConfiguration fails when using POST with action=create

OPENAM-20754

SAML v2.0 pages saml2-write.js and saml2-read.js can error out due to javascript

OPENAM-20753

With the LDAP authentication node, the username is incorrectly set for multi-valued attributes

OPENAM-20745

Insufficient debug logging to troubleshoot JWK_URI keys issue

OPENAM-20742

WS-Federation entities can not be managed through the AM UI

OPENAM-20728

Push log is noisy even when the Push Service is not used

OPENAM-20706

Unnecessary config store queries for services that don’t exist

OPENAM-20705

SAML v2.0 circle of trust status has no effect

OPENAM-20683

UI does not handle multi-valued attributes

OPENAM-20645

JWK_URI endpoint is not thread safe

OPENAM-20582

JWT client authentication: iss claim value must match sub claim value

OPENAM-20581

JWT Client authentication fails but the root cause can not be determined from the logs

OPENAM-20570

NullPointerException is thrown when searchAttribute is not available in the user identity

OPENAM-20539

Access Token to OIDC Id Token exchange fails for pairwise subject type

OPENAM-20505

OAuth 2.0 clients / groups list sort function is not working

OPENAM-20480

FBC/Amster config upgrade rules are missing for removed properties

OPENAM-20441

OATH Registration node generates Base32 padded secret

OPENAM-20405

Transient state that is populated in an inner tree is not available in the parent tree

OPENAM-20379

REST STS doesn’t work with com.iplanet.am.cookie.encode=true

OPENAM-20333

The Enable Cookies Message is inconsistent

OPENAM-20332

When the requested scope and consent scope are different, a server error occurs during JWT Bearer Authorization policy evaluation

OPENAM-20331

Policy scope evaluator does not work well with JWT Bearer Authorization grant

OPENAM-20308

Access token with auth_level changes does not persist after refreshing token

OPENAM-20271

Certificate Validation node fails when optional properties are not configured

OPENAM-20261

Problem with User/CTS affinity failover when the DS disk volume is detached

OPENAM-20254

When Hosted SP Default RelayState is specified, you shouldn’t need an entry in the Relay State URL List

OPENAM-20242

Certification Validation node: Certificate-based authentication requires LDAP

OPENAM-20239

Setting the keepalive or heartbeat interval to a negative value in the IdRepo config causes an error

OPENAM-20234

Setting the LDAP Connection Heartbeat Interval to zero breaks persistent search

OPENAM-20231

OAuth 2.0 token introspection - stacktrace is withheld

OPENAM-20216

Fixed size LDAP connection pool not properly established

OPENAM-20202

org.forgerock.services.cts.store.root.suffix CTS setting is used when CTS store mode is default

OPENAM-20177

Insufficient information in warning message to troubleshoot root cause

OPENAM-20143

Unnecessary ERRORs logged when adding pointers in the Field allowlist filters

OPENAM-19749

Authentication failure when using a specific locale containing a _ character in Message node

OPENAM-19743

Message node allows empty value for locale name

OPENAM-18818

Persistent search error message shows wrong DS identifier

OPENAM-18613

Web upgrader fails during second instance upgrade

OPENAM-18558

OIDC Client Group Inheritance not honoured immediately

OPENAM-17768

Enabling allowlisting in trees causes an infinite redirect loop in the registration tree

OPENAM-17687

XUI selects wrong partials if a new partial exists with the same prefix

OPENAM-17418

OpenId account mapping fails because userInfo subject claim has value usr!demo

OPENAM-17315

Update defaults scripts with the change introduced in COMMONS-628

OPENAM-16449

Filter fields on the Scripts admin page do not work

OPENAM-17663

Improve the error response code for "Failed to revoke access token"

OPENAM-17452

SAML bearer grant flow using signed assertions fails - signature validation failure

OPENAM-17394

Callback types should be part of the supported API

OPENAM-17256

Text is overlapping buttons in configuration UI in Firefox while adding new server

OPENAM-16939

IDM nodes does not follow proxy settings

OPENAM-16561

OAuth Consent screen does not apply theming

OPENAM-16554

Misplaced bufferingEnabled checkbox in New Syslog configuration

OPENAM-16539

userinfo endpoint does not return expected user attributes

OPENAM-16522

Device Save Node failed on Platform environment

OPENAM-16491

SAML Update introduces javascript calls that aren’t available in IE8 and below (or IE11 using Enterprise mode)

OPENAM-16280

German login page translation is not complete

OPENAM-16261

Node dev guide - CoreWrapper is not supported API

OPENAM-16258

Resource login fails to work to Authenticate to Module instance

OPENAM-16229

Exceptions logged while upgrading to AM7

OPENAM-16202

Deleting SAML2 entities in console does not remove them from COT

OPENAM-16197

social authmodule does not send activaion email if un-authenticated SMTP server is used

OPENAM-16105

AM Login UI cannot handle self service and SDK authentication callbacks

OPENAM-16076

An auth node config marked @password (type char[]) cannot also be Optional

OPENAM-16068

Annotation based service implementation provides no way to deregister service listeners

OPENAM-15892

ScriptingSchemaStep clears whitelist customisations on upgrade

OPENAM-15879

openam > ui-admin > entire sessions view disappears when querying with asterisk

OPENAM-15861

NullPointerException in CollectionHelper.getServerMapAttrs

OPENAM-15860

IdP Init SAML SSO results in two set-cookie: amlbcookie headers in SP Consumer response

OPENAM-15812

WebAuthn Node for a user with a WebAuthn profile for another site causes authenticator to complain using wrong security key

OPENAM-15791

The /json/groups endpoint is not accessible to the Agents

OPENAM-15727

JWT minted by oauth2/authorize does not have correct acr claim when an upgraded SSO token is used

OPENAM-15699

_fields query parameter for API "Action" end point eg _action=refresh does not work as documented

OPENAM-15609

CorsService API Descriptor text doesn’t match functionality

OPENAM-15534

LDAP connection errors when using DS7 and rest2ldap test

OPENAM-15351

During Upgrade Scripts are not updated

OPENAM-15253

Upgrade fails if external data store for Applications and Policies is used

OPENAM-15037

React-select-multi component - when key pressed to add an entry the previously selected entry remains highlighted

OPENAM-15027

React-select-multi component - when enter is clicked on the 'x' of selected entry to delete, form is submitted

OPENAM-14897

Default values for JWKs URI content cache timeout and miss timeout are not set on upgrade

OPENAM-14887

TimerPool logs error during AM graceful shutdown

OPENAM-14882

OAuth2 do not log scopes while using device code flow

OPENAM-14838

Trusted JWT issuer cache is refreshed inefficiently affecting other lookups

OPENAM-14837

Trusted Issuer lookup does not pick up modified issuer values

OPENAM-14834

JWT bearer grant implementation finds trusted JWT issuers by performing an unindexed search

OPENAM-14755

NullPointerException if auth module callback xml file can not be retrieved by ResourceLookup

OPENAM-14666

XUI - InternalError: "too much recursion" error can appear when Adding/Viewing/Updating realms

OPENAM-14602

The API documentation for some Node API is missing methods/fields in 6.5/7

OPENAM-14594

Possible thread-safety issue in OIDC pairwise subject identifiers

OPENAM-14576

Configuration LDAP accessed when users endpoint accessed

OPENAM-14500

SAML SP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded

OPENAM-14499

SAML IdP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded

OPENAM-14494

In Firefox the text is cropped inside of the realm’s card on Dashboard

OPENAM-14404

Multiple calls being made to session endpoint by XUI when session cookie lost

OPENAM-14343

AM console - localisation issue for algorithms in global Common Federation Configuration

OPENAM-14322

Servers → Directory Configuration API Can Be Broken With Crafted Payload

OPENAM-14290

Caching issue for 'users' REST endpoint

OPENAM-14263

Bad title for External Data Stores secondary configuration page

OPENAM-14207

NullPointerException AM Console if IDPSSODescriptor is missing attribute 'WantAuthnRequestsSigned'

OPENAM-13962

Errors during shutdown of AM

OPENAM-13513

Call Authentication Tree in a Radius Client

OPENAM-12207

Created OAuth2 client using curl request with defined scopes breaks the AM UI

OPENAM-11737

http.response.headers not populating in audit logs

OPENAM-11083

Delegated Admin cannot create Oauth2 Provider in realm

OPENAM-10696

Login screen does not show mobile users feedback on failure

OPENAM-10554

AM installation fails if BASE_DIR is different from the path in .openamcfg

OPENAM-10427

LDAP connections created by the configurator wizard are never closed

OPENAM-71

SAML2 error handling in HTTP POST and Redirect bindings