Cloud Access Manager 8.1.2 - Release Notes

Enhancement

ID

Allow configurable timeout between RADIUS Server and Cloud Access Manager

610048

Use SHA-256 for signing of SAML requests

After upgrading to 8.1.2 existing federated applications and authenticators will continue to use SHA-1 for certificate signing until you manually update their certificates. See Getting started with One Identity Cloud Access Manager 8.1.2

467017

Documented the injection of javascript by the proxy to enable form-fill SSO and timeout warning functionality

503476

Introduced support for applications which use Cross-Origin Resource Sharing (CORS) headers

569915

(Cloud Access Manager for Defender) Introduced support for single log out from Microsoft® Outlook® Web App

590466

Updated configuration documentation for integration with Google® APIs to reflect changes to their administration pages

621599

Introduced support for HTTP-GET for SAML IdP partner authenticator

641047

Created documentation relating to support for ServiceNow®

508215

Provided ability to use a direct URL to bypass home realm discovery page

613750

Changed documented memory and disk space recommendations for proxy servers

615036

Resolved issue

Issue ID

Cannot connect to Microsoft® Office 365™ Outlook® using Outlook® client when using passwords containing the characters: " & ‘ < >

611923

Database connection lost when using a network proxy

637935

When authenticating using an LDAP authenticator and where a comma is included in the directory username, users with an identical name after the comma can access each other’s password wallets

Please be aware that after the upgrade, this fix means that all user logins from an LDAP authenticator and with a comma contained in the user name will result in new users being created in the Cloud Access Manager database; this means the password wallets for these logins will now initially be empty.

This is unavoidable because the users created previously were ambiguous.

647350

Possible CSRF attack: Cloud Access Manager WebAPI can be accessed using HTML form action

484107

Metadata downloaded from authenticator configuration uses 'urn' for entity id, instead of ‘https’

498442

Application configuration sets value of Allow Advanced Path Rewriting incorrectly in edit mode

502196

Current password field not populated when changing password in Microsoft® Outlook® Web App 2013

507336

Relay State saved as 'undefined' in application configuration

512177

Microsoft® Office 365™ user mapping lists users by ObjectGUID rather than user’s name

597588

Administration session hangs when saving two-stage form-fill configuration

601415

Authentication fails to SAML applications when assertion is signed

609802

samltoken.authn_req_signature_required value of ‘never’ does not prevent verification of signatures

610120

Secondary application links incorrectly displayed in application configuration pages

612134

Blank change and expired password forms shown for form fill apps in database snapshot

614384

Form-fill single sign-on fails when application URL contains caret ^ character

615335

Sporadic failure to create sessions with OAuth applications

615697

Application scope guidance in How To Configure Microsoft® Sharepoint® corrected

617780

Unable to provision, deprovision and map users in Salesforce or ServiceNow when using a network proxy

625029

App Usage report export shows 'Not signed into application yet' for some users

633576

SAML metadata from third-party identity provider rejected if metadata contains multiple entities

641046

Application proxy URLs are not updated when the proxy hostname is changed

497789

Some unhandled proxy exceptions are displayed to the user

488296

Incorrect cache-control headers can be set on proxied content

484240