Skip to content
CA Single Sign-On - 12.52 SP1
Documentation powered by DocOps

Defects Fixed in 12.52 SP1 CR06

Last update April 17, 2019

The following defects are fixed in CA Single Sign-On 12.52 SP1 CR06:

Note: ETPKI has been upgraded to 5.1.0  for all components respectively.

Policy Server

The following issues were fixed in Policy Server:

Salesforce Case Number Internal Defect ID Issue Description

00236681

DE102140

Policy Server truncates assertion data if the size of active response in assertion exceeds 48K.

21955636-01

DE105858

Policy Server intermittently crashes when processing certificates.

00103617

DE106225

During Policy Server installation in console mode, Policy Server configuration wizard does not point to the default value in the Choose Features menu.

00258335

DE124902

Smconsole throws the following error if you enable the profiler by clicking apply or save button after the Policy Server upgrade:

key not found: smc.AdvAuthDataSourceEmpty

00206326

DE133031

Policy Server restarts with Module Faults.

00285735

DE134112

The Identity Mapping objects that are exported using XPSExport fail to get imported in to another Policy Store. 

00174746

DE137239

Protected Resources became unprotected when Policy Server restarts.

00305816

DE137802

Policy Server cache build failure on secondary Policy Server with error "Cannot fetch agent" or "Secondary cache build failure", during administrative changes.

00301544

DE140495

XPSExport crashes when running XPSExport from the command line.

00420620

00312398

DE171901

DE142908

Policy Server generates a core dump upon stopping the server.

00347228

DE156811

smfedexport is not considering the alias given in the command and it always signs xml data with first certificate in the list.

00434175

00346464

DE199271

DE157832

Changes are not reflected in Administrative UI when updating the objects through XPSImport.

00349379

00349379

DE186906

DE159627

Active Response is not cached hence experiencing slow response due to the need to send two different OnAccessAccept active response headers (PROXY_REMOTE_USER and proxy-remote-user) to meet each applications needs.

00374788

DE162137

Policy Server crashes while running the publish command.

21957952-01

DE164000

Performance degrades in R12.52 SP1 compared to R12 SP3 CR10.

00483471

00371347

DE206486

DE165142

Policy Server hangs when connected to Oracle 12c User Store using Administrative UI.

00354719

DE166084

Performance issues were observed in Policy Server during the DB connection processing requests.

00318299

DE201257

DE177286

XPSSweeper tool crashes abruptly.

00419440

DE177765

Policy Server hangs when connection limit is exceeded.

00370648

00449759
00413584
00380676
00337693
00328269
00444984

DE197591

DE187115
DE172081
DE163488
DE156901
DE144249
DE186346

Encrypting the assertion throws an error on the IDP side when cert contains non-ASCI characters in the IssuerDN.

00296881

DE192239

Policy Server leaks memory while processing LDAP referrals.

00469210

DE204579

Secure Session Assurance throws an error when trying to access the protected resource.

00475766

DE204581

Upgrade fails in SPS.

00474687

DE237816

User is not prompted for password change though the password is expired and locked out user credentials are accepted.

00265979
00351582
00327704
0024814
00256060

DE78566
DE157547
DE144175
DE103106
DE129844

Apache Commons Collection vulnerability found in 3.2.1.jar and it is  fixed in 3.2.2. and 4.1.
00303302 DE138108 Service Provider fails with “java.lang.NullPointerException” while consuming an IDP generated assertion with the SP feature SingleAssertionUsage option is enabled.
00216581 DE143166

Web Agent is not failing back to the first Policy Server and requests are not processed successfully when starting the first Policy Server.

00311237 DE144432

Dynamic Rollover of agent keys is not happening on time where it is set in the Administrative UI.

00309822 DE143104

In Administrative UI, creating and submitting a realm takes time.

00222654 DE144528

Agent Key does not rollover when it is configured to rollover on a specific day of the week.

SDK

The following issues were fixed in SDK:

Salesforce Case Number Internal Defect ID Issue Description

00267863

DE130446

doExport function does not export full policy when SDK policy API points to Linux Policy Server.

00413192

DE174385

The Agent doesn't close the connection when Policy Server closes idle timed out connection while running SDK Pure Java Custom Agent

00216581 DE143166

Web Agent is not failing back to the first Policy Server and requests are not processed successfully when starting the first Policy Server.

00309822 DE143104

In Administrative UI, creating and submitting a realm takes time.

CA Access Gateway

The following issues were fixed in CA Access Gateway:

Salesforce Case Number Internal Defect ID Issue Description

00286771

DE137704

SPS Group synchronization does not work well in the case of the VirtualHost setting.

00290998

DE137718,

DE159233

Error message is displayed when modifying the file name path of JK log or ErrorLog and clicking the save button in the SPS ProxyUI.

00286771

DE139968

XPSSweeper fails to repair the SPS group configuration issues and XPSExplorer crashes the policy store.

00315742

DE140855

Login page and the image are not displayed in SPS when you place a login.fcc inside the path "/siteminderagent/forms/images" and access it.

00361380

DE159256

ServerName is synced and changed to the name of other SPS when using SPS Group Sync option.

00410178

00441937

DE165316

DE195082

SPS crashes with Java Stack errors.

00214475

DE201607

<DOCTYPE> tag can be injected to the XML message being submitted to SPS' AuthAzWS and this causes the server-side DNS lookup and makes request to an external site.

00265979
00351582
00327704
0024814
00256060

DE78566
DE157547
DE144175
DE103106
DE129844

Apache Commons Collection vulnerability found in 3.2.1.jar and it is  fixed in 3.2.2. and 4.1.
00424351 DE172435

CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.

n/a n/a

OpenSSL and Apache have been upgraded to OpenSSL 1.0.2h and 2.4.23 respectively.

Web Agent

The following issues were fixed in Web Agent:

Salesforce Case Number Internal Defect ID Issue Description

0006287

00280305

DE66914

DE130868

Web Agent End URL is not redirecting using HTTPS but instead it was redirecting to HTTP.

00138155

DE85420

Post preservation flow is not working and it is throwing HTTP 500 error for webserver when content compression is enabled for text/html type for Oracle iPlanet webserver.

00150872

DE104195

login.sfcc goes into infinite redirect loop when resource is protected using X509 Cert or forms authentication scheme and the resource is accessed from the browser.

00311456

DE139919

Before authentication, Policy Server trims trailing spaces or carriage returns whenever username contains these characters but SMUSER header contains username with carriage return characters.

00345282

DE157331

In WebAgent Trace, ResponseTime is not logged in milliseconds.

00356972

DE159608

Password change form is not being displayed for German locale.

00353589

DE162245

Browser throws HTTP 502.3 error when trying to access the URL behind IIS+ARR and that URL contains non-standard ASCII characters.

00449099

DE186996

APS libraries are missing in Solaris 64-bit Web Agent.

00303302 DE138108 Service Provider fails with “java.lang.NullPointerException” while consuming an IDP generated assertion with the SP feature SingleAssertionUsage option is enabled.
00216581 DE143166

Web Agent is not failing back to the first Policy Server and requests are not processed successfully when starting the first Policy Server.

00424351 DE172435

CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.

00511425 DE232200 Agent crashes the web server when you access FCC page for impersonation flow.

Administrative UI

The following issues were fixed in Administrative UI:

Salesforce Case Number Internal Defect ID Issue Description

00096314

DE76179

Fedmanager UI throws an exception while configuring external admin authentication when user directory has more than 100 entries.

00202952

DE103458

WAOP is not picking up the modified URL in ACS on Policy Server side unless application server is restarted or a manual flush cache is performed.

00335846

DE154842

XPSSweeper throws the error: "Text within Assertion Generator Plug In exceeds 1024 character limit" when Create Assertion Generator Plugin Parameter value is more than 1024 chars in 12.0 SP3 and upgraded to 12.52 SP1 CR1

00363920

DE162095

Administrative UI throws an error when entering values in assertion attribute with spaces and clicking Next.

00419696

DE171982

Response attribute variable value of the webagent-OnReject-Redirect is truncated through the Administrative UI.

00265979
00351582
00327704
0024814
00256060

DE78566
DE157547
DE144175
DE103106
DE129844

Apache Commons Collection vulnerability found in 3.2.1.jar and it is  fixed in 3.2.2. and 4.1.
00311237 DE144432

Dynamic Rollover of agent keys is not happening on time where it is set in the Administrative UI.

00355124
00454067

DE159107
DE198549

SMPORTALURL query value can be manipulated as it does not get encrypted while redirecting to redirect.jsp

00309822 DE143104

In Administrative UI, creating and submitting a realm takes time.

00222654 DE144528

Agent Key does not rollover when it is configured to rollover on a specific day of the week.

Federation

The following issues were fixed in Federation:

Salesforce Case Number Internal Defect ID Issue Description
00424351 DE172435

CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.

n/a n/a

OpenSSL and Apache have been upgraded to OpenSSL 1.0.2h and 2.4.23 respectively.

00355124
00454067

DE159107
DE198549

SMPORTALURL query value can be manipulated as it does not get encrypted while redirecting to redirect.jsp

Was this helpful?

Please log in to post comments.