Known issues

The following important issues remained open at the time of the latest release for each version.

Releases are cumulative, so if an issue in a previous version isn’t listed as fixed, it remains open in the latest version.

AM 8.0.x

AM 8.0.1

There are no new issues identified in AM 8.0.1.

AM 8.0

AME-31109

Amster 8.0 import fails with NoSuchMethodError

OPENAM-23851

The AM-8.0.0.zip (and AM-8.0.1.zip) Distribution Kits are missing several files required to build the sample base Docker image (am-empty). As a result, the steps to build your own AM Docker images will fail. + NOTE: This issue only affects self-managed Docker environments where you’re attempting to build your own AM image.

OPENAM-23770

WebAuthn node flow causes exception instead of Client Error outcome when passkey prompt cancelled

OPENAM-23763

Next button not enabled on Configuration Data Store Settings page of install wizard

OPENAM-23717

Access token requests fail when default tree uses Set Persistent Cookie node

OPENAM-23595

A redirect_uri using a URN results in a malformed redirect location

OPENAM-23582

WebAuthn’s pubKeyCredParams sequence isn’t honored and changes on AM restart

OPENAM-23322

Formatting errors in SAML metadata certificate export

OPENAM-23155

Agent group inheritance settings are lost during Amster export/import

OPENAM-17819

AM admin UI doesn’t show leading . for cookie domains

OPENAM-17818

Domain cookie with leading . is configured although no cookie domain is specified during install

AM 7.5.x

AM 7.5.2

OPENAM-23998

RhinoJS Date() doesn’t calculate DaylightSavingTime correctly in a next-generation script

OPENAM-23481

Token is allowed in raw JSON in introspect request

OPENAM-23227

OIDC ID Token Validator node doesn’t work with proxy settings

OPENAM-23035

AM should preserve setAttribute multivalue update order

OPENAM-22967

Config upgrader uses OS file encoding causing issues with special characters

OPENAM-22952

SMSEntry class should throw exception to avoid NullPointerException

OPENAM-22812

Create Object node logs failure at debug level instead of error/warning

OPENAM-22777

Deploying AM 7.5.0 on Wildfly 26.x with JDK 17 fails

OPENAM-22770

Configuring AES Key Wrap encryption for Tomcat doesn’t work

OPENAM-22700

OAuth 2.0 introspect: Multi-audience token only checks against first value

OPENAM-22670

DJLDAPv3Repo getDN may return broken cached DN

OPENAM-22663

WS-Federation SLO calls cleanup directive if issued

OPENAM-22530

OAUTH_REQUEST_ATTRIBUTES cookie is set for HTTP GET /authorize requests

OPENAM-22505

Scripted policy condition fails with "Exception from invocation expected to be handled by promise"

OPENAM-22386

Next-generation idRepository binding doesn’t return null if identity isn’t found

OPENAM-22031

LDAP Decision node no longer displays locked account message but redirects to failed login

OPENAM-19968

IdP-initiated SAML SLO doesn’t invalidate SP-side session using integrated mode

AM 7.5.1

OPENAM-23045

Performance degradation and WS-Federation issues with Java 17

OPENAM-23022

Transaction condition for policy evaluation fails with JWT subject

OPENAM-22927

WebAuthn Registration node should be able to use user.name as display attribute

OPENAM-22616

Upgrade from AM 6.5.5 to 7.5 using external CTS fails with error "Message:Service does not exist: GoogleSecretManagerSecretStoreProvider"

OPENAM-22457

Amster doesn’t delete all default scripts when using --clean true flag

OPENAM-22406

Product ZIP file contains files prefixed with openam

OPENAM-19453

CTS authentication sessions may cause tree to fail if AM server is not configured for sticky load balancing

OPENAM-14790

OAuth 2.0 scope policy set fails with LDAP filter environment condition

AM 7.5

OPENAM-22151

Expiration of cache held in StatelessJWTCache could cause Internal Server Error

OPENAM-22067

Stateless Session denylist caching and bloomfilter layers removed on config change

OPENAM-22031

LDAP Decision node change of behavior when user is locked from password change screen

OPENAM-21820

Set policy result TTL to 0 when using Environment Policy Active Session

OPENAM-21819

Default value for LinkedIn configuration uses out of data scopes

OPENAM-21683

AM lets you create anonymous user when it already exists

OPENAM-15948

Update DS profiles to add VLV indexes for CTS use

AM 7.4.x

AM 7.4.2

OPENAM-23273

Failure URL not handled using Safari Browser

OPENAM-23182

Failure URL not handled after Authentication Session times out using SAML2 Authentication node

OPENAM-22158

User creation attributes on LDAP Decision node don’t work

AM 7.4.1

OPENAM-22795

SAML2 encryption method can’t be changed using IDP remote SP host settings

OPENAM-22674

Unable to create encrypted PEM that works for Secrets ENCRYPTED_PEM

OPENAM-22656

Setting JWKs URI content cache timeout to a small value throws an error

OPENAM-22608

Non-extractable secrets in HSM fail to work on AM for SAML v2.0 XML signing

OPENAM-22479

LDAPv3 Userstore Connection doesn’t reconnect without Heartbeat enabled

OPENAM-22151

Expiration of cache held in StatelessJWTCache could cause Internal Server Error

OPENAM-22102

Adjusting evalThreadSize has no effect

OPENAM-22009

Providing an invalid alias to a secret store mapping breaks AM

OPENAM-21959

Unable to create next-generation script in XUI if default script language is Groovy

OPENAM-21893

Configurator not releasing resources on failure

OPENAM-21823

Page node with Scripted Decision node doesn’t persist withErrorMessage value

OPENAM-21741

SSOADM fails to install or run due to mtlsAlias field in boot.json

OPENAM-21636

AM is unable to run in FIPS compliance mode due to RAW keys

OPENAM-19810

No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey' or cannot work with unextractable key when using HSM

OPENAM-16797

Allow Custom OATH/Push/WebAuthn device integrations to be managed by standard AM interface

OPENAM-12197

Custom methods postSingleSignOnSuccess and postSingleSignOnFailure aren’t called by SAML Authentication module or node

OPENAM-4201

XUI returning messages based on localized responses from REST authentication interface

AM 7.4

OPENAM-21569

Rapid policy evaluation using token of deleted user leads to HTTP 500 error

OPENAM-21497

Editing the mappings for an existing secret store throws an exception

OPENAM-21441

Policy evaluation with LDAPFilter condition uses config store user instead of identity store user

OPENAM-21379

Unable to read SMS config when request is too quick after changing configuration

OPENAM-21363

Unable to modify an external data store configuration when set as a global default data store but not referenced in a realm

OPENAM-21311

XUI performs logout of newly created session when resuming authentication with no further callbacks

OPENAM-21294

Remove openam-core from Soap STS server

OPENAM-21284

AM returns a 500 Internal Server Error response when providing an invalid client_id to the deleteUserPasswords agent action

OPENAM-21178

Social authentication "Secret" field not mandatory

OPENAM-20927

User info is still cached after removing privilege from group