Sun Java™ SAML v2 Plug-in for Federation Services 1.0 Patch 1 Release Notes

Last updated: May. 17, 2006

Contents

What's New in This Patch

The SAML v2 Plug-in for Federation Services 1.0 patch 1 fixes a number of problems, as listed in the following table.

Table 1: Problems fixed by SAML v2 Plug-in for Federation Services 1.0 Patch 1.

Problem ID

Description

6408636     

Threading problems and performance issues during load testing.

6375170

Incorrect HTML tags on many of the JavaServer PagesTM (JSP) under the saml2/jsp directory.

6385653

The Destination attribute was missing from signed top-level protocol messages.
NOTE: According to the SAML v2.0 specifications, in cases of HTTP redirect and POST binding, the Destination XML attribute in the root SAML element of the protocol message MUST contain a URL to which the sender has instructed the user agent to deliver the message, if the message is signed.

6396555

Federation attributes could not be written to a datastore in an Access Manager subrealm.

6400530

Single sign-on tokens were not upgraded if the user was already authenticated by the identity provider.

6401820

No support for passing down multi-valued attributes from the identity provider to the service provider.

6425327

Single Logout failed using HTTP redirect binding in a Circle-of-Trust with multiple Service Providers.

Back to Top

Pre-installation Considerations

The SAML v2 Plug-in for Federation Services 1.0 Patch 1 Release Notes applies to the following platforms with the respective patch IDs:

Before You Get Started The SAML v2 Plug-in for Federation Services 1.0 patches described in this document do not install SAML v2 Plug-in for Federation Services 1.0. Before you install the patch, SAML v2 Plug-in for Federation Services 1.0 must be installed. For information about installation, see the Sun Java System SAML v2 Plug-in for Federation Services User's Guide: http://docs.sun.com/app/docs/doc/819-5209

The README file included with this patch contains:

Caution This patch (as with any other patch) should be thoroughly tested on a staging or pre-deployment system prior to being put into production. Additionally, special care should be taken in regards to JSP files that have been customized. Due to the nature and complexity of some modifications, the patch installer might fail to update some of these JSP files properly. Manual changes might be required for the product to continue functioning normally after the patch has been applied.

Back to Top

Patch Installation Instructions

Solaris OS

To add or remove Solaris patches, use the patchadd or patchrm commands provided with the Solaris OS. For example, the following command installs a patch to a standalone system:

# patchadd /var/spool/patch/122983-01

The following command removes a patch from a standalone system:

# patchrm 122983-01

For the command syntax and additional examples, see the patchadd and patchrm man pages.

Solaris 10 Zones

The Solaris 10 OS introduced the new concept of "zones". The patchadd command includes the new -G option, which adds a patch to the global zone only. By default, the patchadd command looks for the SUNW_PKG_ALLZONES variable in the pkginfo of packages to be patched. However, the SUNW_PKG_ALLZONES variable is not set in any SAML v2 Plug-in for Federation Services 1.0 packages. Thus using the -G option is required if SAML v2 Plug-in for Federation Services 1.0 is installed in the global zone. For example:

# patchadd -G SAMLv2_patch_dir

If SAML v2 Plug-in for Federation Services 1.0 is installed in a local zone, the patchadd -G option has no effect.

Similarly, if SAML v2 Plug-in for Federation Services 1.0 is installed in the global zone, the patchrm command requires the -G option. For example:

# patchrm -G 122983-01

patchadd Command

The following command installs a patch on a standalone machine:

# patchadd /var/spool/patch/122983-01

After the patch installation, follow the steps in the Post-installation Instructions section to update your staging directory and redeploy the WAR.

patchrm command

The following command removes a patch from a standalone system:

# patchrm 122983-01

After the patch removal, follow the steps in the Post-installation Instructions section to restore your staging directory and redeploy the WAR.

Linux OS

The following example installs a patch on a standalone machine:

# ./installpatch

When the patch script is executed, you will be prompted to enter a directory name that will be used to backup current SAML v2 Plug-in for Federation Services files.

The procedure to back out a patch on a Linux platform is different than that on a Solaris platform. There is no generic script to back out a Linux patch. If a lower version of the patch was previously installed, you can simply re-install that version and then follow the Post-installation Instructions to redeploy SAML v2 Plug-in for Federation Services 1.0.

If the patch is installed on SAML v2 Plug-in for Federation Services 1.0 and you want to remove it and restore the system to its initial state, you must reinstall SAML v2 Plug-in for Federation Services 1.0 using the reinstallRTM script. The reinstallRTM script takes as an argument the path to the location where the original SAML v2 Plug-in for Federation Services 1.0 RPMs are stored and installs them over the patched RPMs. For example:

# ./scripts/reinstallRTM path_to_SAMLv2_1.0_RTM_RPM_directory

After you run the reinstallRTM script, follow the Post-installation Instructions to redeploy SAML v2 Plug-in for Federation Services 1.0.

Back to Top

Post-installation Instructions

Before running the post-installation commands, do the following:

  1. Run

    # /saml2/bin/saml2setup update -s saml2silent_file

    This will update the staging directory with latest SAML v2 Plug-in files, and re-create a WAR.
  2. Redeploy the new WAR created in step 1.
  3. Restart web container.

Back to Top

Known Problems and Limitations

There are no known problems at the time of the patch release.

Back to Top

Copyright 2006 Sun Microsystems, Inc. All rights reserved.