Defects Fixed in 12.52 SP1 CR09

The following defects are fixed in  12.52 SP1 CR09:
sm1252sp1
The following defects are fixed in 
CA Single Sign-On
 12.52 SP1 CR09:
 
 
 
Note
CA Single Sign-On
 provides only 64-bit zLinux installers for Web Agent and Web Agent Option Pack from 12.52 SP1 CR09. For the 32-bit installers of Web Agent, Web Agent Option Pack, SDK, and WSS, you can use the 12.52 SP1 CR08 installers.
Policy Server
The following defects are fixed in Policy Server:
Salesforce Case Number
Internal Defect ID 
Issue Description 
00952947
DE350675
The TLS 1.2 communication fails between Policy Server and CA Identity Manager.
00774090
DE303516 
When Active Directory is used as a user store, SSL with Policy Server fails if Namespace uses Active Directory as LDAP.
00857817
00830403
DE319899
The execution of XPSExplorer and XPSSweeper takes a longer time than expected.
00845973
DE332390
Anonymous authentication fails to resolve a user directory if a domain uses a replica of the user store and the user store is removed.
00641179
DE268114
APS password change fails if the user directory object name that is defined for the CPW program exceeds 255 characters.
00871134
DE332310
Policy Server logs the following error in the error.log file when an action is performed using APSAdmin:
 
Invalid status line from script 'APSAdmin':
 
00724208
DE289336
If a user store name is updated, Policy Server fails to update it in the user search criteria that uses the user directory in Identity Mapping.
00754192
DE295393
When Enhanced Tracking is enabled, Policy Server truncates the audit logs after 1024 characters while logging them in syslog.
00882334
DE326287
Policy Server fails to log in users with AD LDS as the user directory.
00753754
DE358535
User authorization fails for an application that is configured in EPM Domain if the user is a member of more than 200 groups.
00769753
DE311741
Policy Server fails to invalidate a token if the value of the 
Recalculate value every
 field of a response is set to 30 seconds.
00671580
DE276031
Policy Server fails to accurately display Administrator rights if they are configured through XPSSecurity.
00828907,
00826051
DE313293
Policy Server fails to identify AD Global Catalog that results in invalid search filter for nested groups with users.
00919679
DE335297
Policy Server incorrectly recognizes AD LDS user store as AD user store.
00746866
DE295896
The login response time gradually increases with increase in the load.
00235613
DE298089
When Administrative UI users execute the SDK commands, Policy Server logs the following error in the smps.log file: 
 
[ERROR][sm-xpssvc-00680] Failed to establish a Security Context for user
 
00805145
DE308864
Policy Server displays an incorrect error message instead of the timeout error for slow LDAP responses. 
00877373
00914956
00945705
DE324989
Policy Server fails to return a user attribute if there is a case difference in the attribute name that is defined in LDAP and response.
00933737
DE339103
Policy Server crashes when it processes a null sessionID.
00882807
DE328194 
Policy Server fails to return the complete list of groups of a user if the user is a member of more than 200 groups.
00849582
DE317504
Policy Server intermittently fails to connect to CA Directory policy store, session store, and user store, and displays the 
LDAP Error 81
 error.
00736347
DE291624
Policy Server crashes during dereferencing a directory pointer of a non-existing user.
00907927
DE332311
Policy Server displays the 
internal server error
 in the error.log file when the APSAdmin and CPW features are used in Google Chrome.
00904848
DE335430
In SecurID Forms authentication scheme, XPS object contains a trailing colon if the 
Use SSL
 option is selected but a port number is not configured.
00963542
DE347807
The SM-APS-00751 key value is missing in the APS.properties file.
00993502
DE354221
The UNIX ServletExec AS 6.0 binary of 12.52 SP1 CR08 is corrupted.
00722452
00622731
00592573
DE291854, DE299486
Search operation fails in CA Directory if wildcard * is used in group names.
Administrative UI
The following issues are fixed in Administrative UI:
Salesforce Case Number
Internal Defect ID
Issue Description 
00886279
DE360556
A search in Administrative UI fails if non-English characters are used in the 
starts with
 and 
ends with
 search filters.
00860588
DE321491
Administrative UI removes the comma in a LDAP filter when a user selects to modify an existing policy.
00722562
DE287471
Administrative UI incorrectly saves Kerbros authentication scheme with a relative parameter even though a customized target parameter without the .kcc extension is configured.
00899210
DE330224
Administrative UI mandates the LDAP value if the 
Enable SLO
 option is selected in an IdP partnership.
00897313
DE353971
When a user creates a rule through Domain, Rule, and navigates back to the domain selection step to select another domain, Administrative UI fails to display the realms associated with the newly selected domain and continues to display the realms of the previously selected domain.
00685165
DE281316
Administrative UI fails to display a user directory in the scope of a legacy administrator if the user directory is added to a domain.
00912269
DE351161
Administrative UI fails to modify SP partnerships.
00871795
DE325158
When Filter Any is selected as the user class in a federation partnership, Administrative UI truncates the user name if it is too long. 
00966230
DE352533
Administrative UI fails to display the Resource field as a mandatory field in the Create Rule dialog.
SDK
The following issues are fixed in SDK:
Salesforce Case Number
Internal Defect ID
Issue Description 
00907110
DE333103
The DecodeSSOToken method in Java SDK allows the decoding of SMSession using Padding Oracle Attack.
00330170
DE297900
The smpolicy API fails to import the smdif files.
00795183
DE307158
A custom agent fails to log cookie information in a session store.
 
CA Access Gateway
 
The following issues are fixed in 
CA Access Gateway
:
Salesforce Case Number
Internal Defect ID
Issue Description 
00847757,
01095458
DE317617
 
CA Access Gateway
 sends two SMSESSION cookies to backend server.
00731493
DE290767
 
CA Access Gateway
 utilizes 100% CPU.
00703197
DE291348
The STS multi-logging feature fails to work with more than one STS instance.
00816941
DE311286
Virtual Host Name does not support wildcard character(*) in the server.conf file.
00866357
DE322879
 
CA Access Gateway
 fails to log the IP address of a client in smaccess.log if the client request navigates through the STS module.
00949107
DE342765
OpenSSL is upgraded to OpenSSL 1.0.2o.
Apache is upgraded to Apache 2.4.33.
00927581
DE342367
Custom error pages are displayed in English and non-English characters if a non-English locale is configured.
00786285
DE309383
Agent receives FLUSH_THIS_USER with a delay after a user logs out.
00836501
DE316811
affwebservice.log displays the ACS_FAILED_PROCESS_FAILURE message when SLO is configured and the application is accessed.
00695808
DE314866
 
CA Access Gateway
 fails to honor the 
max-size
 parameter if a connection-oriented authentication scheme is configured.
00772970
DE304043
The ca_defaultconsentform.html file is missing in the customization folder.
Web Agent
The following defects are fixed in Web Agent:
Salesforce Case Number
Internal Defect ID 
Issue Description 
00932392
DE340263
The BadQueryChars ACO parameter incorrectly checks the entire URL if there is no query string.
00623867
DE353219
WebAgent fails to preserve the HTTP_SM_UNIVERSALID header value of an unprotected realm.
00729105
DE289345
ASA TAI agent rechallenges a user for login credentials though an SMSESSION cookie is received.
00980003
DE357440
Web Agent appends a time stamp to the realm in a basic authentication scheme and this results in a failed user authentication.
00669941
DE365804
Browser loops if all the following criteria are met:
  • Cookie provider is configured
  • Two cookies with similar names exist
  • One cookie is a subset of the other
  • User accesses a resource with an expired cookie
00871729
DE325954
The IWA authentication fails to authenticate users with accented characters in their names.
00752548
DE309382
Web Agent treats a session with SMIdentity cookie as an anonymous login.
00804216, 00997780
DE308146, DE335450, DE335726
Web Agent always appends a leading dot to a cookie domain name.
00811467
DE311338
Web Agent fails to resolve the imports of .jsp page when it is configured as a global module on JBoss and an application that is deployed as .war is accessed.
00979227
DE350367
SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.
00961815
00941983
00996834
01085424
DE350373
Web Agent crashes after an upgrade from 12.52 to 12.52 SP1 CR08.
00467736
DE203133
When 
localization
 is enabled, Web Agent fails to decode the encoded characters before processing 
badurlchars
.
00847757,
01095458
DE317617
Agent sends two SMSESSION cookies to backend server.
Federation
The following issues are fixed in Federation:
Salesforce Case Number
Internal Defect ID 
Issue Description 
00684087
DE297147
Single sign-on fails in partnerships when limited number of ciphers are used in the back channel communication of a transaction.
00859085,00845811
DE320374
CA Federation Manager UI fails to display the content of a user directory through 
view contents
.
00907953
DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the 
Accept ACS URL in the Authnrequest
  option is not selected.
00858357
DE354077
When CA Single Sign-On is configured as OpenID Connect Provider, an error occurs when Client makes a back channel request to CA Single Sign-On OIDC Provider for user info.
01003256
DE354072
oAuthLogin fails to redirect users to appropriate login page when was OAuthStateDataCookie set in the same browser session in a previous attempt.
01067173
DE356737
Policy Server 12.7 fails to communicate with Web Agent Option Pack 12.52 when Authentication Context template that is configured to support Dynamic Authentication is used.
00949107
DE342765
OpenSSL is upgraded to OpenSSL 1.0.2o.
Apache is upgraded to Apache 2.4.33.
WSS Agent
The following issues are fixed in WSS Agent:
Salesforce Case Number
Internal Defect ID 
Issue Description 
00839817
DE319724
 
CA Single Sign-On
 disables the DTD tags and/or entity expansion when XML SOAP requests are processed through a WSS Agent
Agent for SharePoint
The following issues are fixed in Agent for SharePoint:
Salesforce Case Number
Internal Defect ID 
Issue Description 
00949107
DE342765
OpenSSL is upgraded to OpenSSL 1.0.2o.
Apache is upgraded to Apache 2.4.33.