Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

...

When a long certificate is set in suffix.pfx, whose base64 encoded string 
string is longer than about 4000 characters, it causes the installation procedure
to fail. This is due to an issue with OpenLDAP ldapmodify tool, which is
unable to read lines lines  longer than 4096 characters long and sso installation
script writes the base64 encoded certificate in one line in secrets.ldif.
To address this issue, a tool ldiffold.sh is included with sso 7.1.0 linux
version, which folds given ldif file so that it no no  longer contains extra
long line. It can be run as follows:

...

The Ubilogin Ticket Protocol uses the HTTP GET method to send
authentication and authorization information from UAS to Web Agents.
The HTTP GET method has a size limit. The size limit affects the
amount of information it is possible to to  successfully send from UAS
to Web Agents. The SAML 2.0 protocol resolves this size limit by using 
using the HTTP POST method to send information from UAS to Web Agents.
Ubilogin SAML Service Providers use SAML 2.0 protocol.

...

When installing Ubisecure SSO in High Availability mode, there are
some restrictions due to some protocol requirements when using SAML 2.0.
Please refer to the Ubisecure Clustering document for more information.

...

- Filter does not show correct results when filter expression is short
and scandinavian characters are included
- Filter does not accept incorrect filter expressions

...

The following error may appear in the tomcat application server log:
SEVERE: Servlet.service() for servlet[com.ubisecure.ubilogin.sso.ui.
servlet.ReturnServlet] in context with path [/uas] threw exception 
com.ubisecure.ubilogin.sso.ui.conversation.ConversationLostException

This error is not severe and may simply indicate a user has twice
selected the same action (by double clicking or back button use).
The log message will be corrected in a future release.

...

Exceptionally long SAML Entity IDs (greater than 64 chars) are not 
not supported when using Metadata Updater.

...

The url path of ubilogin.css stylesheet file has changed in SSO 7.0.0 to
/template/<template_name>/style.css. In case a custom css file with 
with relative paths to images etc has been used, it's required to check that 
that the relative paths work after upgrading.

Disabled users are able to login when federated with User Driven Federation

Currently the user account status in the local user directory is checked only during the initial authentication before the mapping is stored in the Federation Table. If user decides to accept the storing, account statuses are not checked for subsequent federations. This means that any user, that have been disabled in the local directory after they authenticated for User Driven Federation, can successfully login when they are federating with their remote account. This can be prevented by configuring the applications Authorization Policy so that it ensures the user is authorized only if the account is enabled. The procedure is described in UDF documentation page.