The following is a list of features that are no longer supported starting with Single Sign-on for Java 3.3.2.
The following is a list of issues addressed and enhancements implemented in One Identity Single Sign-on for Java 3.3.2.
Resolved Issue | Issue ID |
---|---|
IllegalArgumentException during initialization on Tomcat 8.0.0 -- 8.0.24 | 3632 |
SID-to-name mapping table: updated Active Directory well-known group SIDs | ---- |
ADFSv1: allow InvalidFederationTokenException to be intercepted | ---- |
Resolved Issue | Issue ID |
---|---|
When sending a delegated TGT, all encryption types newer than DES / 3DES should encrypt the KRB_CRED | 1077 |
GSSContext.initSecContext(byte[],int,int) should allow null in first invocation | 3572 |
JGSS providers: add support for OpenJDK 1.6 and (current early-access versions of) JDK 1.9 | 3628 |
Only use OK-AS-DELEGATE if at least one of requestCredDeleg(true), requestDelegPolicy(true) or jcsi.kerberos.honorOkAsDelegate=true is set | 3633 |
GSS initiator should use correct Kerberos name-type (e.g. KRB_NT_SRV_HST) in TGS-REQ | 3636 |
KrbError toString(): hex dump some e-data in KRB-ERROR | ---- |
This release also resolves the following issues that were previously addressed in patches to the 3.3 release:
Resolved Issue | Issue ID |
---|---|
JGSS providers: add support for Sun / Oracle / OpenJDK 1.7 and above | 3598 |
Resolved Issue | Issue ID |
---|---|
Detect unavailable domain controllers expeditiously, then try alternative domain controllers. Explicitly set timeouts for TCP connection establishment (for KDC requests over TCP and for automatic site discovery over TCP), rather than depending on the default timeout from the OS / JVM. | 3601 |
Resolved Issue | Issue ID |
---|---|
NTLM: Support increased NTLM security | 3603 |
Resolved Issue | Issue ID |
---|---|
For LDAP requests, explicitly set timeouts for TCP connection establishment rather than depending on the default timeout from the OS / JVM. | 3607 |
Fix erroneous backoff-time calculation for domain controllers that were unavailable for two or more attempts. | 3608 |
Resolved Issue | Issue ID |
---|---|
Kerberos: Avoid KDC_ERR_ETYPE_NOSUPP in domains where not all DCs support the same set of encryption types | 3585 |
S4U2Self: Recognize expired S4U2Self tickets and replace them with fresh ones | 3611 |
Kerberos: Generate channel bindings that interoperate with major C implementations (MIT, Heimdal, Active Directory), not with the letter of the RFCs | 3612 |
ADFSv1 enhancements: new 'fsProxyExtraParams' and 'omitDomainInPrincipalName' options | 3613 |
When sending LDAP SASL requests, avoid unnecessary generation of small TCP packets (and triggering of Nagle's algorithm) | 3615 |
When LDAP requests to a particular server are problematic, correctly mark that server as problematic and prefer other servers for subsequent LDAP requests. | 3622 |
When selecting a server to handle a new LDAP request, prefer servers that do not currently have outstanding LDAP requests. Also eliminate some unnecessary serialization on shared instances in the LDAP code. | 3623 |
Java fat clients on Windows: Kerberos session-key retrieval is supported now on Windows 6.0 | 3625 |
AttributeUserPrincipalFormatter: If the attribute value is not set for a particular User, do not automatically substitute the user's sAMAccountName | 3626 |
Java fat clients on Unix/Linux: tolerate X-CACHECONF entries in MIT / Heimdal credential-cache files | 3627 |
Before installing One Identity Single Sign-on for Java 3.3.2, ensure your system meets the following minimum system requirements:
Requirement | Details |
---|---|
Active Directory domain controllers | Microsoft Windows Server 2008 or higher.
Some optional functionality -- resource-based constrained delegation, and Claims from the service ticket -- requires Windows Server 2012 or higher. |
JVM | Java SE 5.0 (1.5) or higher on any operating system. |
If you have a vsj-license.jar (or legacy jcsi_license.jar) file that you have used with previous releases, this release is fully compatible with that license file.
If you have purchased Single Sign-on for Java you should have received a production vsj-license.jar file (typically packaged in a "license.zip" file to avoid problems in transit).
If you require a trial key for Single Sign-on for Java, please contact your sales representative. The trial key is a vsj-license.jar file that has a time limit.
To activate a license (either trial or purchased commercial)
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center