--- title: Known issues description: "AMAGENTS-6628: Fragment replay is broken with custom login mode 2" component: web-agents version: release-notes page_id: web-agents::archive-known-issues canonical_url: https://docs.pingidentity.com/web-agents/release-notes/archive-known-issues.html section_ids: web_agent_2023_11: Web Agent 2023.11 web_agent_2023_9: Web Agent 2023.9 web_agent_2023_6: Web Agent 2023.6 web_agent_2023_3: Web Agent 2023.3 web_agent_5_10: Web Agent 5.10 --- # Known issues ## Web Agent 2023.11 | Issue | Comment | | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | AMAGENTS-6628: Fragment replay is broken with custom login mode 2 | Fixed in 2024.9, 2023.11.1 | | AMAGENTS-6527: WPA SSL\_shutdown shutdown while in init errors in agent log | Fixed in 2024.9, 2023.11.2 | | AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched | Fixed in 2024.6, 2023.11.1 | | AMAGENTS-6172: WPA for IIS doesn't work when running in 32bit mode on 64bit Windows OS | Fixed in 2024.3 | | AMAGENTS-6046: convert\_request\_after\_authn\_post writes to /tmp instead of configured PDP directory | Fixed in 2024.3 | | AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out | Fixed in 2024.3 | | AMAGENTS-5983 Interactive installer refer to the legacy agent configuration file - OpenSSOAgentBootstrap.properties | Fixed in 2024.3 | | AMAGENTS-5958: Invalid error AMConfigurationException generated in the AM log | Fixed in 2024.11 | | AMAGENTS-5777: IIS web agent zip file includes 32bit DLL | Won't fix | | AMAGENTS-5718: Custom Login mode 2 doesn't correctly process composite advice. | Unresolved | | AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. | Unresolved | | AMAGENTS-4672: Web Agent doesn't handle specific case for Not-Enforced URL and one level wildcard properly | Fixed in 2025.11 | | AMAGENTS-4590: login-fragment-relay page should have charset specified. | Fixed in 2024.3 | | AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address | Fixed in 2024.3 | | AMAGENTS-3663: Nginx Agent print absolute build path into debug logs | Fixed in 2024.6 | | AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful | Fixed in 2024.3 | | AMAGENTS-2813: Agents Logout perform logout multiple times | Unresolved | | AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel | Unresolved | ## Web Agent 2023.9 | Issue | Comment | | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched | Fixed in 2024.6, 2023.11.1 | | AMAGENTS-6175: Memory leak in credentials\_secure\_free | Fixed in 2023.11 | | AMAGENTS-6073: Idle timeout should not update on NEU with SSO Only, neu fetch and | Fixed in 2023.11 | | AMAGENTS-6046: convert\_request\_after\_authn\_post writes to /tmp instead of configured PDP directory | Fixed in 2024.3 | | AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out | Fixed in 2024.3 | | AMAGENTS-5958: Invalid error AMConfigurationException generated in the AM log | Fixed in 2024.11 | | AMAGENTS-5777: IIS web agent zip file includes 32bit DLL | Unresolved | | AMAGENTS-5718: Custom Login mode 2 doesn't correctly process composite advice. | Unresolved | | AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren't loaded. | Fixed in 2023.11 | | AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. | Unresolved | | AMAGENTS-4672: Web Agent doesn't handle specific case for Not-Enforced URL and one level wildcard properly | Fixed in 2025.11 | | AMAGENTS-4590: login-fragment-relay page should have charset specified. | Fixed in 2024.3 | | AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address | Fixed in 2024.3 | | AMAGENTS-3663: Nginx Agent print absolute build path into debug logs | Fixed in 2024.6 | | AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful | Fixed in 2024.3 | | AMAGENTS-2813: Agents Logout perform logout multiple times | Unresolved | | AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel | Unresolved | ## Web Agent 2023.6 | Issue | Comment | | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | AMAGENTS-6494: Agents local policy eval fails. Agent name and policy application name are switched | Fixed in 2024.6, 2023.11.1 | | AMAGENTS-6175: Memory leak in credentials\_secure\_free | Fixed in 2023.11 | | AMAGENTS-6046: convert\_request\_after\_authn\_post writes to /tmp instead of configured PDP directory | Fixed in 2024.3 | | AMAGENTS-5995: Don't extend user session for not enforced url with fetch attributes enabled | Fixed in 2023.9 | | AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out | Fixed in 2024.3 | | AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value | Fixed in 2023.9 | | AMAGENTS-5777: IIS web agent zip file includes 32bit DLL | Unresolved | | AMAGENTS-5718: Custom Login mode 2 doesn't correctly process composite advice. | Unresolved | | AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren't loaded. | Fixed in 2023.11 | | AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x | Fixed in 2023.9 | | AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. | Unresolved | | AMAGENTS-4672: Web Agent doesn't handle specific case for Not-Enforced URL and one level wildcard properly | Fixed in 2025.11 | | AMAGENTS-4590: login-fragment-relay page should have charset specified. | Fixed in 2024.3 | | AMAGENTS-3992: WPA: com.forgerock.agents.config.hostmap does not seem to use the IP address | Fixed in 2024.3 | | AMAGENTS-3663: Nginx Agent print absolute build path into debug logs | Fixed in 2024.6 | | AMAGENTS-3506: If there are permissions issues with password file with installation on IIS then the log messages are not helpful | Fixed in 2024.3 | | AMAGENTS-2813: Agents Logout perform logout multiple times | Unresolved | | AMAGENTS-2755: Currently when setting up the agent it is necessary to have a client certificate file when using Schannel | Unresolved | | AMAGENTS-2724: WPA: Custom login does not work, if agent is installed in different location than root | Duplicates AMAGENTS-5981 | ## Web Agent 2023.3 | Issue | Comment | | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | | AMAGENTS-6175: Memory leak in credentials\_secure\_free | Fixed in 2023.11 | | AMAGENTS-6046: convert\_request\_after\_authn\_post writes to /tmp instead of configured PDP directory | Fixed in 2024.3 | | AMAGENTS-5995: Don't extend user session for not enforced url with fetch attributes enabled | Fixed in 2023.9 | | AMAGENTS-5985: Interactive installation using existing agent configuration files duplicate properties which are commented out | Fixed in 2024.3 | | AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value | Fixed in 2023.9 | | AMAGENTS-5777: IIS web agent zip file includes 32bit DLL | Unresolved | | AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x | Fixed in 2023.9 | | AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren't loaded. | Fixed in 2023.11 | | AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. | Unresolved | | AMAGENTS-4672: Web Agent doesn't handle specific case for Not-Enforced URL and one level wildcard properly | Fixed in 2025.11 | ## Web Agent 5.10 | Issue | Comment | | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | | AMAGENTS-5995: Don't extend user session for not enforced url with fetch attributes enabled | Fixed in 5.10.3 | | AMAGENTS-5833: WPA 403 error on /agent/cdsso-oauth2 with invalid jwt.aud.whitelist parameter value | Fixed in 2023.9 | | AMAGENTS-5777: IIS web agent zip file includes 32bit DLL | Unresolved | | AMAGENTS-5495: Web agent validator reports access to OpenSSL v.1.1.x instead of v3.x | Fixed in 2023.9 | | AMAGENTS-5594: Web agent will return 403 errors if OpenSSL libraries aren't loaded. | Fixed in 2023.11 | | AMAGENTS-5032: WPA: Native agents for windows do not correctly use unicode for the file system, resulting in configured files with garbled names. | Unresolved | | AMAGENTS-4984: Setting samesite cookie to lax will cause the agent auth flow to fail if we are using different sites | Duplicates AMAGENTS-5189 | | AMAGENTS-4672: Web Agent does not handle specific case for Not-Enforced URL and one level wildcard properly | Unresolved |