Table 3 Known Issues in This Release
|
|
|
|
|
When re-installing the Administration Server, make sure the following caching directory is empty:
Tomcat_Home\work\AlesEngine.
|
|
|
To upgrade from ALES 2.6 when installing both the SSMs and the Administration Server in the same BEA HOME, delete all files in the SSM root directory. This does not include files in child directories.
|
|
|
Upgrading the Administration Server over ALES 2.2 on Tomcat will automatically upgrade the JDK to version 1.5.
|
|
|
On AIX platforms, the Administration Server and SSM run on 64-bit JDKs, the SSM Instance Wizard tool runs only on 32-bit JDKs. Therefore, to install the distribution archive on AIX, you must:
- Assign the JDK tokens in
post-processing.properties (refer to README - Step #3) to a 64-bit JDK.
- After running
ant -f post-processing.xml pp, you must change JAVA_HOME in all SSM instance wizard files (e.g., ales32-ssm\java-ssm\adm\instancewizard.cmd) to use a 32-bit JDK.
- After creating a WebSphere SSM instance, edit the following files and modify JAVA_HOME to use a 63-bit JDK:
..\websphere-ssm\instance\test\adm\ssm_instance.properties
..\websphere-ssm\instance\test\bin\set-env.bat(sh)
..\websphere-ssm\instance\test\bin\upgrade_providers.bat|sh)
|
|
|
Upgrades from ALES 2.2 when Sybase is the datastore requires specialized procedures. Contact Oracle support for assistance.
|
|
|
When Sybase is used as the policy repository, policy queries cannot contain more than 24 parameters. Queries with more than 24 parameters will fail.
|
|
|
When upgrading from ALES 3.0 on WebLogic Server 10.0, the following tokens must be manually replaced in BEA_HOME\ales32-admin\asiDomain\autodeploy\asi.ear/asi.war/WEB-INF/web.xml:
@shared.dir@ @ca.validity@ @asi.properties@
|
|
|
When removing the Administration Server, a message may indicate that, “ Some components are not selected because they are required by another product”. This message can be ignored.
|
|
|
Currently, the Oracle SSM is not supported on Linux or UNIX.
|
|
|
The SSM configuration tool does not support the new organization and application objects. The out-of-box policies for all SSMs, including the SharePoint SSM, will be created under RootOrg/DefaultOrg/DefaultApp. The SSM configuration will be bound to the root resource.
If desired, you may define an application and manually re-define the policies under it. When you do so, the SSM binding must be set on the application, not the root resource.
|
|
|
In order to stop a WebLogic domain being secured by OES, the BEA_HOME\ales32-admin\lib\framework.jar file must be included in the CLASSPATH environment variable.
|
|
|
To run the EJBAppExample on WebLogic Server 8.1, you must add the following line to build.xml:
pathelement=${ales.wls.ssm.home}/lib/framework.jar
|
|
|
When securing WebLogic Portal, user management through the WebLogic Portal administration console is not supported.
|
|
|
In order to run the Java API example on AIX, you must manually add -Xverify:none to JAVA_OPTIONS.
|
|
|
There is known issue in ALSB 3.0 when it is protected by OES. Please contact oracle support for the solution.
|
|
|
One of two methods must be used to support multiple application sessions in the Entitlements Administration Application.
- Make sure that the Autosave checkbox is selected in all Entitlements Administration Application windows.
- Add extra settings to the Database as shown below:
SQL Server 2005
alter database db_name set READ_COMMITTED_SNAPSHOT ON
DB2
db2set DB2_EVALUNCOMMITTED=ON
db2set DB2_SKIPDELETED=ON
db2set DB2_SKIPINSERTED=ON
Sybase
alter table TABLE_NAME lock datarows
|
|
|
Although an identity attribute value can be created with a null value, once an attribute value has been set to a non-null value, the value cannot be changed to null.
|
|
|
If a role/resource/identity attribute is created and then deleted, you may recreate it so long as the attribute type does not change. However, you cannot recreate it as a different type. For example, after an attribute named CustStatus of type string is created and then deleted, you cannot create an attribute of the same name of type integer.
|
|
|
After changing a group attribute value, perform a refresh so the correct and complete information will display.
|
|
|
A role or resource attribute used in a policy definition cannot be deleted until it is removed from the policy.
|
|
|
Attribute range values such as [1..100] are not supported.
|
|
|
When displaying policies, the delegator parameter is not working properly. Users who want to perform a policy query with delegator parameter can use 'Filter' function, which returns compound policy results.
|
|
|
A maximum of ten identity directories can display in an organization.
|
|
|
After creating an identity directory, perform a refresh to completely display the current information.
|
|
|
When viewing a role, the Refresh button does not refresh the role’s policies. As a workaround, select a different role in the Roles list and then reselect the role.
|
|
|
For internal purposes, the creation of a role attribute also creates a dynamic attribute of the same name. The created dynamic attribute can be ignored, but you cannot create a dynamic attribute using the same name.
If a policy exported from the database contains a role attribute, it will also contain a corresponding dynamic attribute of the same name. The dynamic attribute must be removed from the file before it can be used for a policy import.
|
|
|
The version of policyIX.bat provided in the bin directory of all SSM instances has a bug. As a workaround, use the policyIX.bat provided with the Administration Server.
|
|
|
Policy data cannot be imported to RootOrg\EntitlementUI application. If policy data contains the application, please remove it.
|
|
|
If you intend to load a large set of policy using the Policy Loader tool, then it is advisable not to do so in a single transaction (which is the default). You can turn off Transaction across an entire policy set by setting "disableTransaction" to true for the Policy Loader.
|
|
|
The perfDB Audit provider does not currently record Authentication Statistics.
|
|
|
When you restart an Administration Server running in WebSphere and attempt to log in to the administration console (https://<host>:7010/asi), you receive an Access Denied response, regardless of the log in credentials
As a workaround, navigate to the log in screen of the Entitlements Administration Application (https://<host>:7010/entitlementsadministration) — you do not need to actually log in. Then return to the administration console and log in as usual.
|
