--- title: Known issues description: The following important issues remained open at the time of the latest release for each version. component: pingam version: release-notes page_id: pingam::archive-knownissues canonical_url: https://docs.pingidentity.com/pingam/release-notes/archive-knownissues.html section_ids: am_7_3_x: AM 7.3.x am_7_3_3: AM 7.3.3 am_7_3_2: AM 7.3.2 am_7_3_1: AM 7.3.1 am_7_3_0: AM 7.3.0 am_7_2_x: AM 7.2.x am_7_2_2: AM 7.2.2 am_7_2_1: AM 7.2.1 am_7_2_0: AM 7.2.0 am_7_1_x: AM 7.1.x am_7_0_x: AM 7.0.x --- # Known issues The following important issues remained open at the time of the latest release for each version. Releases are cumulative, so if an issue in a previous version isn't listed as [fixed](fixes.html), it remains open in the latest version. ## AM 7.3.x ### AM 7.3.3 | | | | ------------ | ---------------------------------------------------------------------------------------------------------------------- | | OPENAM-23778 | AM issues unindexed search when `ttlsupport.enabled=true` | | OPENAM-23703 | Custom and native claims in a refreshed, stateless access token don't match the parent modified stateless access token | | OPENAM-23607 | AuthenticateToTreeConditionAdvice composite\_advice not working as expected | ### AM 7.3.2 | | | | ------------ | ---------------------------------------------------------------------------------------------------------------- | | OPENAM-23345 | Performance issues when accessing SAML entity provider via the admin console with 5k entities | | OPENAM-23022 | Transaction condition for policy evaluation fails with JWT subject | | OPENAM-22988 | Failover doesn't occur when heartbeat interval is set to 0 | | OPENAM-22927 | WebAuthnRegister should be able to use `user.name` as display attribute | | OPENAM-22846 | External app/policy store active/passive LB isn't working | | OPENAM-22674 | Unable to create encrypted PEM that works for ENCRYPTED\_PEM secret | | OPENAM-22608 | Non-extractable secrets in HSM fails to work on AM for SAML2 XML signing | | OPENAM-22479 | LDAPv3 Userstore connection doesn't reconnect without Heartbeat enabled | | OPENAM-22188 | Heavy load leads to BLOCKED threads traced to the SecurityManager | | OPENAM-22156 | `logoutByUser` throws UnsupportedOperationException | | OPENAM-22151 | Expiration of cache held in StatelessJWTCache could cause Internal Server Error | | OPENAM-21636 | AM is unable to run in FIPS compliance mode due to RAW keys | | OPENAM-21100 | SAML2 IDP Single logout SLO using HTTP redirect needs Request stickiness and HA. | | OPENAM-20927 | User info is still cached after removing privilege from group | | OPENAM-20754 | SAML pages `saml2-write.js` and `saml2-read.js` can cause an error | | OPENAM-20234 | Setting `LDAP Connection Heartbeat Interval` to be zero breaks persistent search | | OPENAM-20143 | False alarms in debug logs when adding pointers in `Field whitelist filters` | | OPENAM-19810 | Error: "No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey" | | OPENAM-19453 | Using CTS Authentication Session may fail authentication journey if AM is not LB sticky | | OPENAM-18307 | Global services don't reflect changes made by `ssoadm` | | OPENAM-18293 | `AuthContext.login` doesn't work with trees when performing service-based authentication | | OPENAM-18111 | Second login attempt using InnerTreeEvaluatorNode gets previous transient state | | OPENAM-17679 | User text not showing up for IDM Provisioning Service | | OPENAM-17340 | Lack of integration for logger with logback configuration | | OPENAM-12197 | `postSingleSignOnSuccess` and `postSingleSignOnFailure` not called when using SAML2 athentication module or node | | OPENAM-4201 | XUI returns messages based on localized responses from REST authentication interface | ### AM 7.3.1 | | | | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | OPENAM-21972 | SAML Artifact Binding is failing in load-balanced deployments such as K18S | | OPENAM-21820 | Set policy result TTL to 0 when using Environment Policy Active Session | | OPENAM-21802 | Email Service value Transport type is overwritten in the static config export | | OPENAM-21773 | The Secondary Configurations tab is missing from the Global Email service | | OPENAM-21772 | No OAuth 2.0 clients displayed in the UI when AM has more than 1000 clients | | OPENAM-21743 | WebAuthn Node with AM XUI: Error is rendered along with Recovery code button | | OPENAM-21734 | WebAuthn Registration Node: UserNotVerifiedException not caught leading to Node failure | | OPENAM-21683 | AM lets you create anonymous user when it already exists | | OPENAM-21682 | OAuth 2.0: AM doesn't redirect back to the client if consent is denied and no redirect\_uri is present in the query parameters | | OPENAM-21535 | The logout at AM's GUI only target the root realm instead of the respective sub realm | | OPENAM-21466 | AM using social OIDC authentication fails to verify `idtoken` if the remote JWK\_URIs have duplicate `kid` | | OPENAM-21441 | Policy evaluation with LDAPFilter condition uses config store user instead of identity store user | | OPENAM-21407 | External data store config min connection pool can be set higher than the max connection pool and the config can still be persisted | | OPENAM-21406 | Realm services are no longer accessible after deleting the "External Data Stores" service | | OPENAM-21379 | Unable to read SMS config when request is too quick after changing configuration | | OPENAM-21363 | Unable to modify an external data store config when it is set as a global default datastore but not referenced in any realm | | OPENAM-21354 | OAuth2 provider: Insufficient debug logging for SAML bearer authorization grant | | OPENAM-21352 | Amster `read AuthTree` doesn't return nodes within a page node | | OPENAM-21327 | Unable to specify property name with a '-' when configuring policy environment conditions | | OPENAM-21322 | AM Console allows Entity Provider to be created with space at end of the name | | OPENAM-21319 | Policy and Application Store Cache is not updated in multiple server deployment when changes are made | | OPENAM-21309 | DefaultDataStoreConfigurationManager shouldn't establish DS connection in FBC mode | | OPENAM-21305 | Dynamic Client Registration does not permit setting Client ID Token Public Encryption key | | OPENAM-21294 | Remove openam-core from Soap-STS server | | OPENAM-21278 | Amster doesn't use console or accept piped input in interactive mode | | OPENAM-21273 | TOTP Registration information no longer contains Issuer in the otpauth's PATH | | OPENAM-21270 | OAuth2 resource owner password credential grant (ROPC) token response does not tell reason for failure | | OPENAM-21204 | Scripted node - idRepository.setAttribute does not execute catch block when setting userPassword attribute fails | | OPENAM-21193 | AM-Config-upgrader amupgrade cannot work on Windows | | OPENAM-21191 | In AM 7.3, web agent sessions have a lifetime of 42 years | | OPENAM-21187 | AM agent UI fails when an agent configuration present in FBC and external store is used | | OPENAM-21180 | Amster should set file encoding to UTF-8 internally | | OPENAM-21151 | Amster command cannot operate on HostedSaml2EntityProvider | | OPENAM-21137 | Performing Amster import with `--clean` in FBC with external Data Store service fails with error | | OPENAM-21127 | Config Upgrader Exception CreateSecretStores at 6.5.x-to-7.x.x on Windows 2019 | | OPENAM-21125 | Installing AM using Tomcat under local system account fails with Amster RSA file issue | | OPENAM-21114 | Trusted JWT Issuer does not provider correct error and lack information on defined behaviour | | OPENAM-21085 | Undefined bindings in Groovy scripts are evaluated as defined | | OPENAM-21076 | KerberosNode and Window SSO module uses System.setProperty to set kerberos realm | | OPENAM-21055 | Unable to get AMIdentityRepository in custom code in 7.3 | | OPENAM-21053 | UserId is missing from `access.audit.json` for JWT client authentication flow using `org.forgerock.security.oauth2.enforce.sub.claim.uniqueness=false` | | OPENAM-21046 | Insufficient logging in Create and Patch Object nodes | | OPENAM-21003 | IE11 not working during SAML tree authentication due to use of Arrow function | | OPENAM-20976 | Consent Collector node "Next" button text localization not working | | OPENAM-20975 | OATH Registration node "Next" button text localization not working | | OPENAM-20937 | Migration from OATH module to Auth Tree using OATH Token Verifier causes OathVerificationException: null | | OPENAM-20920 | NPE in `SPSSOFederate#getSingleSignOnServiceEndpoint` when binding is null and SSO endpoint list contains non-SAML2 entries | | OPENAM-20899 | ConfigurationAttributes class is exposed but there is no class file or Javadoc available for it | | OPENAM-20896 | Supported AMIdentity API getMembership and others changed | | OPENAM-20809 | IE11 doesn't work with AM 7.2.1-RC1 and AM 7.3.0 | | OPENAM-20766 | Insufficient debug logging to troubleshoot WS-Federation issuing party issue | | OPENAM-19998 | Performing an Amster export on AM running in FBC mode generates new configuration which breaks the FBC upgrader //// | | OPENAM-20751 | Authentication errors with AM on Windows and Connect Error in Session log | | OPENAM-20703 | Tree secure state retained unnecessarily Long | | OPENAM-20647 | JavaScript throws wrong exception when trying to access a non-allowlisted class's static method | | OPENAM-20572 | Enduser password reset email field is not validated | | OPENAM-20557 | OATH. Recovery codes are not displayed if Registration Node is followed by OATH Token Verifier Node | | OPENAM-20556 | OATH Recovery codes aren't display when "Store device data in shared state" is selected in OATH Registration Node | | OPENAM-20543 | Display page node header, description and footer in correct default language | | OPENAM-20520 | httpClient sent request is not returning the correct response object | | OPENAM-20517 | Device Match Node - Acceptable Variance Configuration | | OPENAM-20516 | Create Tree command fails when using POST with `_action=create` | | OPENAM-20515 | Delete fails for Authentication Node, when its \_id is not an UUID | | OPENAM-20513 | Random login failure when using registration tree | | OPENAM-20496 | Null refresh\_token for OAuth 2.0 token exchange delegation case | | OPENAM-20329 | Forgerock JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) not spec compliant | | OPENAM-20324 | Default install of AM does not have the updated identity classes in the policy script whitelist //// | | OPENAM-20234 | Setting the LDAP Connection Heartbeat Interval to zero breaks persistent search | | OPENAM-20314 | Social Provider Handler Node / Social Identity Provider Service - the search for existing link is hard coded to Sub claim (regression) | | OPENAM-18111 | Next attempt in InnerTreeEvaluatorNode will get previous transient state | | OPENAM-17679 | User text not showing up for IDM Provisioning Service | | OPENAM-17340 | AM 7 lack of integration for logger from config for logback | | OPENAM-15948 | Update DS profiles to add VLV indexes for CTS use | | OPENAM-15410 | Enable modifying Access Token audience claim in OIDC | ### AM 7.3.0 | | | | ------------ | --------------------------------------------------------------------------------------------------------------------------------------- | | OPENAM-20751 | Authentication errors with AM on Windows and connection errors in session log | | OPENAM-20703 | Tree secure state retained unnecessarily long | | OPENAM-20647 | Incorrect exception thrown when trying to access the static method of a non-allowlisted class | | OPENAM-20572 | End user password reset email field is not validated | | OPENAM-20557 | OATH recovery codes are not displayed if Registration node is followed by OATH Token Verifier node | | OPENAM-20556 | OATH recovery codes are not displayed if `Store device data in shared state` is selected in OATH Registration node | | OPENAM-20543 | Display page node header, description, and footer, in correct default language | | OPENAM-20520 | HttpClient sent request is not returning the correct response object | | OPENAM-20517 | Acceptable variance configuration not working for Device Match node | | OPENAM-20516 | Create tree command fails when using POST with `_action=create` | | OPENAM-20515 | Delete fails for Authentication node, when its `_id` is not a UUID | | OPENAM-20513 | Random login failure when using registration tree | | OPENAM-20496 | Null `refresh_token` for OAuth 2.0 token exchange delegation case | | OPENAM-20324 | Default install of AM does not have the updated identity classes in the policy script whitelist | | OPENAM-20299 | `com.iplanet.am.session.agentSessionIdleTime` is not honored using Agent authentication tree | | OPENAM-20188 | Using session cookie created before AM is restarted | | OPENAM-20077 | Access token modification script does not have access to client for client\_credential grant flow if realm configured to ignore profile | | OPENAM-19988 | Using an `id_token` generated by AM in a policy condition does not work | | OPENAM-19878 | ArrayIndexOutOfBoundsException in SAML2 | | OPENAM-19829 | Build fails on module `openam-encryption-support` when using JDK 18 | ## AM 7.2.x ### AM 7.2.2 | | | | ------------ | ------------------------------------------------------------------------------------------------------------------------------ | | OPENAM-21441 | Policy evaluation with LDAPFilter condition is done with config store user instead of identity store user | | OPENAM-21683 | AM lets you create anonymous user when it already exists | | OPENAM-21682 | OAuth 2.0: AM doesn't redirect back to the client if consent is denied and no redirect\_uri is present in the query parameters | | OPENAM-21074 | Amazon SNS client code doesn't support external proxy authentication | | OPENAM-20927 | User info is still cached after removing privilege from group | | OPENAM-20754 | SAML pages saml2-write.js and saml2-read.js can cause error due to javascript | | OPENAM-20442 | Trim whitespace at the end of email input before validation in Attribute Collector node | ### AM 7.2.1 | | | | ------------ | ------------------------------------------------------------------------------------------------------------------------ | | OPENAM-20546 | Ensure AM handles an empty value for the authorization JWT response signing algorithm | | OPENAM-20479 | OIDC authentication request fails if request is sent as unsecured JWS | | OPENAM-20457 | DeviceLocationMatchNode fails when location service is disabled in browser and is unable to collect location information | | OPENAM-20396 | Authentication tree is selected by order of `acr` to tree mapping, not the default values and order is not preserved | | OPENAM-20104 | The `fragment` response\_mode for the /oauth2/authorize endpoint is not working | ### AM 7.2.0 | | | | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | OPENAM-19619 | NodeState keys API does not return all keys using a wildcard (\\\*) | | OPENAM-19613 | PSearch is already removed error message should be warning | | OPENAM-19567 | InvalidCount variable does not update after successive failed attempts | | OPENAM-19480 | 500 Internal Server Error on /json/scripts with "not equal" CREST filter | | OPENAM-19476 | AbstractUpgradeHelper#updateChoiceValues does not handle i18nKey values | | OPENAM-19451 | When using Chrome WebAuthn simulator and WebAuthn set with attestation DIRECT fails | | OPENAM-19422 | KeepAlive search filter shouldn't be Absolute True and False Filters | | OPENAM-19375 | Searching JavaDoc does not function correctly | | OPENAM-19371 | Updating an auth tree over REST requires all the nodes to be listed in the payload | | OPENAM-19261 | Introspect call for tokens obtained via the client credentials grant produces error, warning | | OPENAM-19213 | AM doesn't work in Tomcat 10 | | OPENAM-19187 | Unable to remove Saml2 IDP Attribute Mapper scripts using UI | | OPENAM-19139 | AM reports authorization errors using fragments on form\_post requests | | OPENAM-19118 | Authentication audit events not logged when ScriptedDecisionNode script contains a syntax error | | OPENAM-19084 | Response does not comply to Standard when Requesting Claim that are Unavailable | | OPENAM-19081 | Modules of type OpenID Connect id\_token bearer are not correctly handled in UI and in datastore | | OPENAM-19039 | Amster query command base64-encodes the `_id` attribute for Saml2Entities | | OPENAM-19030 | AM Logs an Error if Resource Type cannot be found | | OPENAM-19008 | AuthTreesSecretsApiStep creates a potentially invalid secret mapping | | OPENAM-18961 | BasicOAuth2RequestImpl throws error at "ERROR" level | | OPENAM-18935 | Inconsistent behavior in ConfigProviderNode when omitting config properties | | OPENAM-18715 | Due to an unresolved issue in the updated version of Groovy used by Amster, Amster cannot execute multi-line commands from a script while creating a realm using the `:load` option**Workaround** : Use a single-line command instead. For example, instead of a multi-line command like this:```json payload='{ \ "name": "employeur-test", \ "active": true, \ "parentPath": "/", \ "aliases": [] \ }' create Realms --global --body payload ```Create a single-line command like this:+```json create Realms --global --body '{ \ "name": "employeur-test", \ "active": true, \ "parentPath": "/", \ "aliases": [] \ }' ``` | | OPENAM-18544 | AM Access Auditing Reports FAILURE on 302 | | OPENAM-18512 | UMA resource set endpoint doesn't list all relevant resource sets | | OPENAM-18481 | OIDC client mandates kid value in JOSE header | | OPENAM-18469 | Persistent Claims doc string references "RFC 123" | | OPENAM-18394 | Bazel fails to download Maven dependencies on first compilation | | OPENAM-18375 | Common password policy validation fails when using Registration Tree | | OPENAM-18351 | Form parameter is not recognized in access\_token endpoint | | OPENAM-18254 | Attempting to create a user via Registration Tree fails after scaling up ds pods | | OPENAM-18122 | FBC rule written to remove reference to MAY\_ACT default script set null instead of \[Empty] | | OPENAM-17957 | Identify Existing User node fails with exception when more than one user is found | | OPENAM-13329 | Trees Display Character Encoding in Settings Dropdown Menu | | OPENAM-12492 | Identities: 500 Error when switch to Services tab on anonymous profile | ## AM 7.1.x > **Collapse: AM 7.1.4** > > | | | > | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- | > | OPENAM-21180 | Amster should set file encoding to UTF-8 internally | > | OPENAM-21158 | Windows Hello registration fails on TPM attestation parsing on Windows 11 22H2 | > | OPENAM-21155 | Unable to remove OAuth 2.0 client with name that includes a period (`.`) in XUI | > | OPENAM-21100 | SAML v2.0 IDP single logout (SLO) using HTTP redirect needs Request stickiness and HA | > | OPENAM-21031 | Google KMS secret store configured in AM exceeds the rate limit | > | OPENAM-20927 | User info is still cached after removing privilege from group | > | OPENAM-20766 | Insufficient debug logging to troubleshoot WS-Federation issuing party issue | > | OPENAM-20761 | Create EngineConfiguration fails when using POST with `action=create` | > | OPENAM-20754 | SAML v2.0 pages `saml2-write.js` and `saml2-read.js` can error out due to javascript | > | OPENAM-20753 | With the LDAP authentication node, the `username` is incorrectly set for multi-valued attributes | > | OPENAM-20745 | Insufficient debug logging to troubleshoot JWK\_URI keys issue | > | OPENAM-20742 | WS-Federation entities can not be managed through the AM UI | > | OPENAM-20728 | Push log is noisy even when the Push Service is not used | > | OPENAM-20706 | Unnecessary config store queries for services that don't exist | > | OPENAM-20705 | SAML v2.0 circle of trust status has no effect | > | OPENAM-20683 | UI does not handle multi-valued attributes | > | OPENAM-20645 | JWK\_URI endpoint is not thread safe | > | OPENAM-20582 | JWT client authentication: `iss` claim value must match `sub` claim value | > | OPENAM-20581 | JWT Client authentication fails but the root cause can not be determined from the logs | > | OPENAM-20570 | NullPointerException is thrown when `searchAttribute` is not available in the user identity | > | OPENAM-20539 | Access Token to OIDC Id Token exchange fails for `pairwise` subject type | > | OPENAM-20505 | OAuth 2.0 clients / groups list sort function is not working | > | OPENAM-20480 | FBC/Amster config upgrade rules are missing for removed properties | > | OPENAM-20441 | OATH Registration node generates Base32 padded secret | > | OPENAM-20405 | Transient state that is populated in an inner tree is not available in the parent tree | > | OPENAM-20379 | REST STS doesn't work with `com.iplanet.am.cookie.encode=true` | > | OPENAM-20333 | The Enable Cookies Message is inconsistent | > | OPENAM-20332 | When the `requested` scope and `consent` scope are different, a server error occurs during JWT Bearer Authorization policy evaluation | > | OPENAM-20331 | Policy scope evaluator does not work well with JWT Bearer Authorization grant | > | OPENAM-20308 | Access token with auth\_level changes does not persist after refreshing token | > | OPENAM-20271 | Certificate Validation node fails when optional properties are not configured | > | OPENAM-20261 | Problem with User/CTS affinity failover when the DS disk volume is detached | > | OPENAM-20254 | When Hosted SP Default RelayState is specified, you shouldn't need an entry in the Relay State URL List | > | OPENAM-20242 | Certification Validation node: Certificate-based authentication requires LDAP | > | OPENAM-20239 | Setting the `keepalive` or `heartbeat` interval to a negative value in the IdRepo config causes an error | > | OPENAM-20234 | Setting the LDAP Connection Heartbeat Interval to zero breaks persistent search | > | OPENAM-20231 | OAuth 2.0 token introspection - stacktrace is withheld | > | OPENAM-20216 | Fixed size LDAP connection pool not properly established | > | OPENAM-20202 | `org.forgerock.services.cts.store.root.suffix` CTS setting is used when CTS store mode is default | > | OPENAM-20177 | Insufficient information in warning message to troubleshoot root cause | > | OPENAM-20143 | Unnecessary ERRORs logged when adding pointers in the `Field` allowlist filters | > **Collapse: AM 7.1.3** > > | | | > | ------------ | ---------------------------------------------------------------------------------------------- | > | OPENAM-19749 | Authentication failure when using a specific locale containing a `_` character in Message node | > | OPENAM-19743 | Message node allows empty value for locale name | > | OPENAM-18818 | Persistent search error message shows wrong DS identifier | > | OPENAM-18613 | Web upgrader fails during second instance upgrade | > | OPENAM-18558 | OIDC Client Group Inheritance not honoured immediately | > | OPENAM-17768 | Enabling allowlisting in trees causes an infinite redirect loop in the registration tree | > | OPENAM-17687 | XUI selects wrong partials if a new partial exists with the same prefix | > | OPENAM-17418 | OpenId account mapping fails because userInfo subject claim has value `usr!demo` | > | OPENAM-17315 | Update defaults scripts with the change introduced in COMMONS-628 | > | OPENAM-16449 | Filter fields on the Scripts admin page do not work | ## AM 7.0.x > **Collapse: AM 7.0.2** > > | | | > | ------------ | --------------------------------------------------------------------------------------------------------------------------- | > | OPENAM-17663 | Improve the error response code for "Failed to revoke access token" | > | OPENAM-17452 | SAML bearer grant flow using signed assertions fails - signature validation failure | > | OPENAM-17394 | Callback types should be part of the supported API | > | OPENAM-17256 | Text is overlapping buttons in configuration UI in Firefox while adding new server | > | OPENAM-16939 | IDM nodes does not follow proxy settings | > | OPENAM-16561 | OAuth Consent screen does not apply theming | > | OPENAM-16554 | Misplaced bufferingEnabled checkbox in New Syslog configuration | > | OPENAM-16539 | `userinfo` endpoint does not return expected user attributes | > | OPENAM-16522 | Device Save Node failed on Platform environment | > | OPENAM-16491 | SAML Update introduces javascript calls that aren't available in IE8 and below (or IE11 using Enterprise mode) | > | OPENAM-16280 | German login page translation is not complete | > | OPENAM-16261 | Node dev guide - CoreWrapper is not supported API | > | OPENAM-16258 | Resource login fails to work to Authenticate to Module instance | > | OPENAM-16229 | Exceptions logged while upgrading to AM7 | > | OPENAM-16202 | Deleting SAML2 entities in console does not remove them from COT | > | OPENAM-16197 | social authmodule does not send activaion email if un-authenticated SMTP server is used | > | OPENAM-16105 | AM Login UI cannot handle self service and SDK authentication callbacks | > | OPENAM-16076 | An auth node config marked @password (type char\[]) cannot also be Optional | > | OPENAM-16068 | Annotation based service implementation provides no way to deregister service listeners | > | OPENAM-15892 | ScriptingSchemaStep clears whitelist customisations on upgrade | > | OPENAM-15879 | openam > ui-admin > entire sessions view disappears when querying with asterisk | > | OPENAM-15861 | NullPointerException in CollectionHelper.getServerMapAttrs | > | OPENAM-15860 | IdP Init SAML SSO results in two set-cookie: amlbcookie headers in SP Consumer response | > | OPENAM-15812 | WebAuthn Node for a user with a WebAuthn profile for another site causes authenticator to complain using wrong security key | > | OPENAM-15791 | The /json/groups endpoint is not accessible to the Agents | > | OPENAM-15727 | JWT minted by oauth2/authorize does not have correct acr claim when an upgraded SSO token is used | > | OPENAM-15699 | \_fields query parameter for API "Action" end point eg \_action=refresh does not work as documented | > | OPENAM-15609 | CorsService API Descriptor text doesn't match functionality | > | OPENAM-15534 | LDAP connection errors when using DS7 and rest2ldap test | > | OPENAM-15351 | During Upgrade Scripts are not updated | > | OPENAM-15253 | Upgrade fails if external data store for Applications and Policies is used | > | OPENAM-15037 | React-select-multi component - when key pressed to add an entry the previously selected entry remains highlighted | > | OPENAM-15027 | React-select-multi component - when enter is clicked on the 'x' of selected entry to delete, form is submitted | > | OPENAM-14897 | Default values for JWKs URI content cache timeout and miss timeout are not set on upgrade | > | OPENAM-14887 | TimerPool logs error during AM graceful shutdown | > | OPENAM-14882 | OAuth2 do not log scopes while using device code flow | > | OPENAM-14838 | Trusted JWT issuer cache is refreshed inefficiently affecting other lookups | > | OPENAM-14837 | Trusted Issuer lookup does not pick up modified issuer values | > | OPENAM-14834 | JWT bearer grant implementation finds trusted JWT issuers by performing an unindexed search | > | OPENAM-14755 | NullPointerException if auth module callback xml file can not be retrieved by ResourceLookup | > | OPENAM-14666 | XUI - InternalError: "too much recursion" error can appear when Adding/Viewing/Updating realms | > | OPENAM-14602 | The API documentation for some Node API is missing methods/fields in 6.5/7 | > | OPENAM-14594 | Possible thread-safety issue in OIDC pairwise subject identifiers | > | OPENAM-14576 | Configuration LDAP accessed when users endpoint accessed | > | OPENAM-14500 | SAML SP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded | > | OPENAM-14499 | SAML IdP-initiated SSO without existing SSO Session - value of 'goto' parameter not URLencoded | > | OPENAM-14494 | In Firefox the text is cropped inside of the realm's card on Dashboard | > | OPENAM-14404 | Multiple calls being made to session endpoint by XUI when session cookie lost | > | OPENAM-14343 | AM console - localisation issue for algorithms in global Common Federation Configuration | > | OPENAM-14322 | Servers → Directory Configuration API Can Be Broken With Crafted Payload | > | OPENAM-14290 | Caching issue for 'users' REST endpoint | > | OPENAM-14263 | Bad title for External Data Stores secondary configuration page | > | OPENAM-14207 | NullPointerException AM Console if IDPSSODescriptor is missing attribute 'WantAuthnRequestsSigned' | > | OPENAM-13962 | Errors during shutdown of AM | > | OPENAM-13513 | Call Authentication Tree in a Radius Client | > | OPENAM-12207 | Created OAuth2 client using curl request with defined scopes breaks the AM UI | > | OPENAM-11737 | http.response.headers not populating in audit logs | > | OPENAM-11083 | Delegated Admin cannot create Oauth2 Provider in realm | > | OPENAM-10696 | Login screen does not show mobile users feedback on failure | > | OPENAM-10554 | AM installation fails if BASE\_DIR is different from the path in .openamcfg | > | OPENAM-10427 | LDAP connections created by the configurator wizard are never closed | > | OPENAM-71 | SAML2 error handling in HTTP POST and Redirect bindings |