Known issues
Web Agent 2023.11
| Issue | Comment |
|---|---|
AMAGENTS-6628: Fragment replay is broken with custom login mode 2 |
Fixed in 2024.9, 2023.11.1 |
AMAGENTS-6527: WPA SSL_shutdown shutdown while in init errors in agent log |
Fixed in 2024.9, 2023.11.2 |
AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched |
Fixed in 2024.6, 2023.11.1 |
AMAGENTS-6172: WPA for IIS doesn’t work when running in 32bit mode on 64bit Windows OS |
Fixed in 2024.3 |
AMAGENTS-6046: convert_request_after_authn_post writes to /tmp instead of configured PDP directory |
Fixed in 2024.3 |
AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out |
Fixed in 2024.3 |
AMAGENTS-5983 Interactive installer refer to the legacy agent configuration file - OpenSSOAgentBootstrap.properties |
Fixed in 2024.3 |
AMAGENTS-5958: Invalid error AMConfigurationException generated in the AM log |
Fixed in 2024.11 |
AMAGENTS-5777: IIS web agent zip file includes 32bit DLL |
Won’t fix |
AMAGENTS-5718: Custom Login mode 2 doesn’t correctly process composite advice. |
Unresolved |
AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. |
Unresolved |
AMAGENTS-4672: Web Agent doesn’t handle specific case for Not-Enforced URL and one level wildcard properly |
Fixed in 2025.11 |
AMAGENTS-4590: login-fragment-relay page should have charset specified. |
Fixed in 2024.3 |
AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address |
Fixed in 2024.3 |
AMAGENTS-3663: Nginx Agent print absolute build path into debug logs |
Fixed in 2024.6 |
AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful |
Fixed in 2024.3 |
AMAGENTS-2813: Agents Logout perform logout multiple times |
Unresolved |
AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel |
Unresolved |
Web Agent 2023.9
| Issue | Comment |
|---|---|
AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched |
Fixed in 2024.6, 2023.11.1 |
AMAGENTS-6175: Memory leak in credentials_secure_free |
Fixed in 2023.11 |
AMAGENTS-6073: Idle timeout should not update on NEU with SSO Only, neu fetch and |
Fixed in 2023.11 |
AMAGENTS-6046: convert_request_after_authn_post writes to /tmp instead of configured PDP directory |
Fixed in 2024.3 |
AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out |
Fixed in 2024.3 |
AMAGENTS-5958: Invalid error AMConfigurationException generated in the AM log |
Fixed in 2024.11 |
AMAGENTS-5777: IIS web agent zip file includes 32bit DLL |
Unresolved |
AMAGENTS-5718: Custom Login mode 2 doesn’t correctly process composite advice. |
Unresolved |
AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren’t loaded. |
Fixed in 2023.11 |
AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. |
Unresolved |
AMAGENTS-4672: Web Agent doesn’t handle specific case for Not-Enforced URL and one level wildcard properly |
Fixed in 2025.11 |
AMAGENTS-4590: login-fragment-relay page should have charset specified. |
Fixed in 2024.3 |
AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address |
Fixed in 2024.3 |
AMAGENTS-3663: Nginx Agent print absolute build path into debug logs |
Fixed in 2024.6 |
AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful |
Fixed in 2024.3 |
AMAGENTS-2813: Agents Logout perform logout multiple times |
Unresolved |
AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel |
Unresolved |
Web Agent 2023.6
| Issue | Comment |
|---|---|
AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched |
Fixed in 2024.6, 2023.11.1 |
AMAGENTS-6175: Memory leak in credentials_secure_free |
Fixed in 2023.11 |
AMAGENTS-6046: convert_request_after_authn_post writes to /tmp instead of configured PDP directory |
Fixed in 2024.3 |
AMAGENTS-5995: Don’t extend user session for not enforced url with fetch attributes enabled |
Fixed in 2023.9 |
AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out |
Fixed in 2024.3 |
AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value |
Fixed in 2023.9 |
AMAGENTS-5777: IIS web agent zip file includes 32bit DLL |
Unresolved |
AMAGENTS-5718: Custom Login mode 2 doesn’t correctly process composite advice. |
Unresolved |
AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren’t loaded. |
Fixed in 2023.11 |
AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x |
Fixed in 2023.9 |
AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. |
Unresolved |
AMAGENTS-4672: Web Agent doesn’t handle specific case for Not-Enforced URL and one level wildcard properly |
Fixed in 2025.11 |
AMAGENTS-4590: login-fragment-relay page should have charset specified. |
Fixed in 2024.3 |
AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address |
Fixed in 2024.3 |
AMAGENTS-3663: Nginx Agent print absolute build path into debug logs |
Fixed in 2024.6 |
AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful |
Fixed in 2024.3 |
AMAGENTS-2813: Agents Logout perform logout multiple times |
Unresolved |
AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel |
Unresolved |
AMAGENTS-2724: WPA: Custom login does not work, if agent is installed in different location than root |
Duplicates AMAGENTS-5981 |
Web Agent 2023.3
| Issue | Comment |
|---|---|
AMAGENTS-6175: Memory leak in credentials_secure_free |
Fixed in 2023.11 |
AMAGENTS-6046: convert_request_after_authn_post writes to /tmp instead of configured PDP directory |
Fixed in 2024.3 |
AMAGENTS-5995: Don’t extend user session for not enforced url with fetch attributes enabled |
Fixed in 2023.9 |
AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out |
Fixed in 2024.3 |
AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value |
Fixed in 2023.9 |
AMAGENTS-5777: IIS web agent zip file includes 32bit DLL |
Unresolved |
AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x |
Fixed in 2023.9 |
AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren’t loaded. |
Fixed in 2023.11 |
AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. |
Unresolved |
AMAGENTS-4672: Web Agent doesn’t handle specific case for Not-Enforced URL and one level wildcard properly |
Fixed in 2025.11 |
Web Agent 5.10
| Issue | Comment |
|---|---|
AMAGENTS-5995: Don’t extend user session for not enforced url with fetch attributes enabled |
Fixed in 5.10.3 |
AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value |
Fixed in 2023.9 |
AMAGENTS-5777: IIS web agent zip file includes 32bit DLL |
Unresolved |
AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x |
Fixed in 2023.9 |
AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren’t loaded. |
Fixed in 2023.11 |
AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. |
Unresolved |
AMAGENTS-4984: Setting samesite cookie to lax will cause the agent auth flow to fail if we are using different sites |
Duplicates AMAGENTS-5189 |
AMAGENTS-4672: Web Agent does not handle specific case for Not-Enforced URL and one level wildcard properly |
Unresolved |