The r12.1 SP3 release contains the following fixes.
Attempts by all SOA Agent types to connect to a RedHat Policy server to authenticate an encrypted request fail intermittently.
Generation of signed SAML Session Tickets using the public key obtained from a digital signature by the XML Digital Signature authentication scheme results in the generation of an unsigned rather than signed SAML Session Ticket.
That is, if a web service is protected by the XML Digital Signature authentication scheme and a SAML Session Ticket response is configured to extract the client's public key from the certificate and use it to sign the SAML assertion, the generated SAML Session Ticket is not signed as expected.
Workaround
Configure the policy to obtain the public key from a source other than the document with the digital certificate. For example, configure the response to obtain the public key from a client certificate sent over an SSL connection or from the user store.
SOA Security Manager does not accept a WS-Security SAML 1.1 holder of key assertion token more than once; SAML 1.1 holder of key tokens cannot therefore be used in use cases where replay is required.
Workaround
SAML 2.0 holder of key tokens work as expected and can be used in to implement use cases in which replay is required.
If you choose to create the application object that will define your security policy from within the Secure Web Services from WSDL wizard any Responses created from the Responses tab of the Create Application nested task are not displayed or available for assignment in the Define web service protection policy table.
Workaround
If you need to bind responses to web service ports and operations on the Define Policies page of the Secure Web Services from WSDL wizard, you must create the application and the required responses prior to running the wizard.
Because of a memory leak in com/ibm/ws/security/auth/AuthCache, the SOA Agent for IBM WebSphere fails under load.
An IBM support ticket (PMR 30393,756,000) is open for this issue.
When you install the CA SiteMinder® Web Services Security Administrative UI in console mode on a Weblogic Application server, a non-fatal error “ERROR - Command failed: Installing Workflow Store Data “ is written to the install log. You can ignore this error.
Copyright © 2014 CA.
All rights reserved.
|
|