Defects Fixed in 12.52 SP1 CR08

The following defects are fixed in CA Single Sign-On 12.52 SP1 CR08:
sm1252sp1
The following defects are fixed in CA Single Sign-On 12.52 SP1 CR08:
 
 
 
Policy Server
The following issues are fixed in Policy Server:
Salesforce Case Number
Internal Defect ID
Issue Description
00302490
00461931
DE139629
DE200163
Policy Server fails to record the audit log.
00069481
DE140271
The Policy Server responses are delayed when it handles requests with a delay of at least one second.
00339507
DE157079
SDK Policy API call 
getAgent
 fails to find the agent.
00335233
DE159112
The start-all command fails intermittently to execute completely when the stop-all and start-all commands are executed repeatedly.
00364477
DE159909
The Kerberos libraries are upgraded to Release 1.11.
00365506
DE171963
Policy Server fails to retain custom headers when a user successfully logs on to an application and navigates to another page within the application.
00366537
DE172890
After unlocking a user account, Policy Server fails to allow the user to log in to the application in the first attempt.
00418724
DE175935
The Policy Server access logs fail to roll over accurately.
00437744
00183506
DE176727
DE94709
Policy Server fails to generate metrics/statistics for APM user store that is configured in a directory mapping.
00443477
DE198382
The FMATTR attribute fails to separate multi-value attributes when it is used with an expression in the attribute values.
00463800
DE202900
Policy Server fails to generate the WS-Federation SAML 1.1 assertion when multi-value attributes are configured.
00472333
DE203466
Perl API generates a core dump when we try to add more values to the ValidateTargetDomains ACO parameter.
00481735
00719355
DE204495
DE287256
Policy server Management thread displays the 
Error 9 waiting for server management messages
 error in the smps.log file.
00497374
00519167
DE227108
DE246312
Policy Server fails to return ACO parameters that contain '#' when smagentapi is used in SDK.
00505938
00632270
00470058
DE227173
DE274161
DE224107
The APS LDAP transactions exhibit performance issues during the LDAP connection processing requests.
00485748
DE237602
Policy Server fails to connect to the backend of LDAPS when TLSv1.1 is used.
00455538
DE237693
Policy Server crashes when the X509 authentication scheme is accessed.
00485641
DE238341
Policy Server truncates the SAML AUTTHN-Request that it successfully received earlier, and throws an XML parser error.
00453641
DE244404
Perl CLI fails to fetch the authentication scheme of a realm when the session is established with the Administrator privileges of the domain to which the realm belongs.
00593328
DE245883
Translation fails with the APSXLateTest utility.
00449099
DE250710
The APS libraries are missing in Solaris 64-bit Web Agent.
00607752
DE256008
Policy Server fails to delete policy objects from cache if they are added or deleted using SDK.
00372539
00817098
DE258092
DE311005
Policy Server terminates abnormally when Application model is used in conjunction with an OnAuthAttempt rule.
 
 
 
00652318
DE270502
Policy Server fails to preserve assertion attributes in WSFED/SAML1.1 federation partnership.
00664489
00295831
DE275087
DE136643
Sort Controls are not disabled on LDAP during user search.
00680051
DE279215
The WSFED IP-to-RP partnerships fail to display the configured value of Minimum Authentication Level in federation partnerships.
00688005
DE284023
When an application is protected with the RSA authenticatioon scheme, Policy Server fails to allow users to log in to the application after idle timeout value expires.
 00709833
DE284336
Policy Server shuts down slowly that causes the stop-all script to forcibly kill the smpolicysrv process with an explicit SIGKILL command.
00717678
DE286779
XPSImport fails when it is run on a Policy Server on which caches updates are disabled.
00474687
00597575
DE205706
DE237817
Policy Server fails to prompt for a password change though the password has expired, and it accepts the credentials of the locked out user.
00760779
DE297518
Policy Server fails to let delegated non-super users create Identity Mapping in Administrative UI.
00775720
DE315872
Policy Server crashes when it is integrated with APM 13.0.
Administrative UI
The following issues are fixed in Administrative UI:
Salesforce Case Number
Internal Defect ID
Issue Description
00300147
DE142740
Response Attributes are not sent in Variables.
00423386
DE175545
Administrative UI fails to retain the order of User Directories in the list when a new user directory is added to a domain.
00440279
DE186558
Administrative UI prompts for a value though the Set to Null option is selected when creating a variable.
00452150
DE198188
The User Directory Search Expression Editor displays LDAP directory when ODBC user directory is selected
00476747
00462237
DE203493
DE204383
smconsole throws an error when it is started without running Policy Server on Linux.
00438550
DE224381
The OAuth Client federation partnership wizard displays the Federated Users feature that is unsupported in OAuth.
00096314
DE240446
The search filter in external administrator in Federation fails to display the search results for delegated or external administrators.
00516766
DE242600
DomainPolicy fails to work if the user search filter contains 
not
.
00676235
DE278225
The certificates that are selected for Encryption Certificate Alias fail to display the partnership name.
SDK
The following issues are fixed in SDK:
Salesforce Case Number
Internal Defect ID
Issue Description
00520668
DE242005
The SmAgentConfig.removeAgentConfigProperties() method fails to remove ACO properties that are commented out.
00530580
DE242766
The JAVA SDK does not contain constant values for the HEAD/DELETE action.
00652315
DE270831
The Pure JAVA agentAPI SDK causes NullPointerException from the decodeSSOToken method.
00642295
DE271713
JNI version of AgentAPI fails to connect to Policy Server with Java SDK using SmHost.conf.
00651747
DE272053
Administrative UI fails to reflect the correct agent group membership information if agent or agent group is created using SDK and mapped to an existing agent group.
00703448
00433279
DE282956
DE197470
The Pure JAVA DMS API getAttributes method fails to return results on users.
 
CA Access Gateway
 
The following issues are fixed in CA Access Gateway:
Salesforce Case Number
Internal Defect ID
Issue Description
00335041
00521693
DE223989
DE240920
 
CA Access Gateway
 fails to return the domain cookie header to clients if the cookie request that is sent from the host-only backend server does not contain the domain.
00500752
DE237948
 
CA Access Gateway
 inconsistently clears the SMCHALLENGE cookie during step-up authentication with IWA.
00585639
DE248743
The ProxyDefinition ACO parameter fails to support a list of dynamic proxy server IP addresses.
 n/a
DE281182
OpenSSL is upgraded to OpenSSL 1.0.2l.
Apache is upgraded to Apache 2.4.27.
Web Agent
The following issues are fixed in Web Agent:
   
Salesforce Case Number
Internal Defect ID
Issue Description
00313702
DE143323
Apache agent with cookie provider intermittent fails with the 500 server error if StoreSessionInserver ACO is configured.
00320776
DE155039
The content of the Login.fcc file is displayed when a curl command is used to access the logic.fcc url and an incorrect non-numeric port is sent in the HOST header
00281428
DE160642
The X509 Cert and Forms authentication scheme fails to authenticate the user.
00417134
DE198511
Web server throws an error if the cacheanonymous and enableauditing parameters are enabled.
00480586
DE204473
The LLAWP process fails to run when we kill it on an Apache web agent on Linux.
00525975
DE241578
Apache web agent logs the SMSESSION information in the Apache access.log file.
00485656
00590011
DE243557
DE246115
Web agent fails to redirect users to /siteminderagent/ntlm/creds.ntc path if an application has a higher authentication level than the current SMSESSION.
00533154
DE244049
After an upgrade to CA Single Sign-On Release 12.52 SP1 CR06, SessionLinker fails to work and displays the following error message in the logs: 
HLA: Analyzer from module 'SM_WAF_SESSIONLINKER_PLUGIN' returned unknown response code '-1' for component 'Response Manager'.
00354310
DE246960
Web agent fails to block the logoff request to LegacyCookieProvider for a POST request.
00685171
DE279906
 Apache's FastCGI modules go into the zombie or defunct process state if web agent is configured.
00611930
DE263384
Web services Security agent (WSS Agent) fails to process encrypted assertions that are returned by Policy Server.
00534482, 00674339
DE242991
The Agent installer does not provide an option to overwrite trusted host whereas the same option is available in the smreghost tool.
Federation
The following issues are fixed in Federation:
Salesforce Case Number
Internal Defect ID
Issue Description
00379228
DE243849
DNS Lookup results in a delay during destination calls validation in Federation Web Services.
00586870
DE245457
When a user does not exist in the local user store, CA SSO fails to redirect the user to the configured RedirectURL.
00436617
 DE250304 
Could not configure separate Authentication level for each federated Partner using  SMCONNECTOR in Federation Manager.
CA SSO fails to support the configuration of separate Authentication Level for each partnership using SMCONNECTOR in Federation Manager.
 00690586
 DE280123
SMPORTAL URL contains the host defined in Authentication URL instead of Base URL.
 n/a
DE281182
OpenSSL is upgraded to OpenSSL 1.0.2l.
Apache is upgraded to Apache 2.4.27.
00711999
DE285026
The Federation GUID cookie expires in only three minutes.
00712284
DE285801
When HTTP POST Binding is used for SAML AUTHNREQUEST in conjunction with HTTP POST SSO Service URL; the corresponding SAML AUTHNREQUEST generated is missing the DESTINATION element from SAML AUTHNREQUEST parent tags and it is signed using SHA1 instead of the configured algorithm.