Page Comparison

IDS-608

There is a known UI/UX issue where a very large site list is displayed within the SSO management UI.  This results in hard to use UI if large lists of sites are present in the SSO deployment. A possible workaround is to use an ldap editor to configure the authorization policies and groups.

IDS-941

There is a known issue where unregistered SMTP OTP authentication will not permit TLS or any secure authentication.  Documentation improvement will be made to ensure proper configuration is shown if unsecure SMTP servers are required.

IDS-1171

This issue is fully resolved. There was a known issue with OpenLDAP BDB 2.4.44 and earlier involving SSO session cleanup and replication issues. Upgrading to SSO 9.0 with OpenLDAP MDB will ensure that this issue no longer occurs.

IDS-1525

There is a known issue where SSO logs will contain a stopped search warning entry when tomcat is shutdown. This error can be safely ignored.  

IDS-1526

There is a known issue where SSO logs will contain an unstopped thread warning entry when tomcat is shutdown. This error can be safely ignored.

IDS-1635

There is a known issue where the logout HTML of SSO contains two DOCTYPE entries. There is no known work around for this.

IDS-1832

There is a known issue where editing an existing authorisation policy (example case added an attribute) resulted in the alteration of ubiloginNameValue. This affects SSO 8.3.0 and later. There is no work around at this time.

IDS-2089

There is a known issue where shutting down Ubisecure Accounting service on a windows server will show errors within the ids-accounting.log. 

IDS-2092

There is a known issue where the tomcat log will show a severe servlet warning for com.ubisecure.ss-ui.  However, this warning is due to a user repeating the same action (double clicking an item or using the back button).  This warning can be safely ignored and will be addressed in a future release. 

IDS-2094

There is a known issue where disabling the main account in the SSO login directory does not disable the User Driven Federation accounts.  Users are still able to login to services with the Federated account even while the main account is disabled.   Work around: Administrators who are disabling a main login directory account should ensure that they check and disable any associated UDF accounts at the same time.  This issue will be addressed in a future release.  

IDS-2095

There is a known issue that the Acccounting service generates a temp folder under Ubisecure\ubilogin-sso\accounting\temp each time it is restarted. A workaround that system administrator can do is to create a cron job that removes these folders on a regular interval.

IDS-2096

There is a known issue where attempting to use exceptionally long SAML Entity IDs will result in creation failure (larger than 64 characters) .  There is no known work around and may not be possible to resolve due to LDAP field limitations.  We will address this in a future release.  

IDS-2120

There is a known issue where dual node SSO will require jndi.properties to be manually configured on the second node during SSO upgrade.

IDS-2121

There is a known issue where dual node SSO will require settings.sh to be manually configured on the second node during SSO upgrade.

IDS-2261

There are several known issues with javascript tools when using SSO Password reset.  Similar javascript is used in UAS with no issue.  If you are experiencing password reset javascript issue, please contact Ubisecure Support referencing this internal ticket for potential work arounds. 

IDS-2315

There is a known issue that SSO returns refresh token for un-registered users. This should not be done since there is no way of handling the lifecycle of the un-registered user's refresh token.

IDS-2332

There is a known issue when using OpenLDAP in SSO where slapd runs out of connections to process incoming requests.

IDS-2663

There is a known issue where creating a new site via a Safari browser where the site as an @ symbol in the email address will cause an error and no site will be created.  This error is not experiences with current Chrome or Firefox browsers.  As a work around please use one of these alternate browsers.

IDS-2829

There is a known issue that TOTP API is unable to generate secret for user if keysize has not been configured in the method. This is mitigated by ensuring that keysize is set when creating TOTP method.

IDS-2880

There is a known issue when not including the scope of a sub claim in the authorisation policy for API protection. If this is not included during the API call, the response will not include any sub claims in the introspection response. A work around is to ensure your authorisation policy include the required claims.

IDS-2891

There is a known issue if the Lockout Duration is set to 0, then no lockout time will be used ever.  Work around is to set a very high number (in seconds) for accounts which should be locked out, but in a long duration. Remember to stop and start service for this configuration change to take place.

IDS-3113

There is know issue after upgrading to SSO 8.8. If there were old Unregistered CIBA methods configured in the system, Administrators are unable to see the configuration information. To resolve this, Administrators are able to update the method Type from previous "Backchannel Authentication Adapter" to new "Unregistered OpenID Connect CIBA" type and restart SSO server.

IDS-3186

There is a known issue when changing password, if the current password is reused as the new password, an internal application error is shown. There is no known work around.

Shown also as CustomerID known issue.