This document describes the bug fixes that are included with Bundle Patch 12.2.1.4.240919.
The Bundle Patch requires a base installation of Oracle Access Management Webgate 12c (12.2.1.4.0). This document supersedes the documentation that accompanies Oracle Access Management 12c (12.2.1.4.0), and earlier documents if any. This document contains the following sections:
1.1 New Features and Enhancements in OAM Bundle Patch 12.2.1.4.210816
Oracle Access Management 12.2.1.4.210816 BP includes the following new features and enhancements:
-
Two-way SSL for OAP over REST Communication.
You can enable mutual authentication for OAP over REST between WebGate and OAM Server, therefore ensuring that the Server communicates with authentic clients.
For details, see Enabling two-way SSL for OAP over REST.
1.2 Understanding the Webgate Bundle Patch
Describes Bundle Patches and explains differences between Bundle Patches, patch set exceptions (also known as one-offs), and patch sets.
1.2.1 WebGate Bundle Patch Introduction
A bundle patch is an official Oracle patch for Oracle Access Management components on baseline platforms. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another.
Each bundle patch is cumulative: the latest bundle patch includes all fixes in earlier bundle patches for the same release and platform. Fixes delivered in bundle patches are rolled into the next release.
Bundle patches are released on a regular basis and are available on My Oracle Support (formerly Oracle MetaLink).
Note:
To remain in an Oracle-supported state, Oracle recommends that you apply the bundle patch to all installed components for which packages are provided.
Table 1-1 Bundle Patches versus Patch Sets
Mechanism | Description |
---|---|
Bundle Patch |
A bundle patch is an official Oracle patch mechanism for Access Manager components on baseline platforms. Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. This bundle patch must be applied to Access Manager 12.2.1.4.0 WebGates. |
Patch Set |
All of the fixes in the patch set have been tested and are certified to work with one another on the specified platforms. Each patch set provides the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. |
1.3 WebGate Bundle Patch Requirements
Requirements for this WebGate release are discussed in the following topics:
1.3.1 WebGate Bundle Patch 12.2.1.4.240919
Note:
This patch is for customers moving to DB19c. Customers who do not want to migrate to DB19c must request one-off fixes for WebGate bugs.See Also:
Certification Documentation for details about certification, installers, and downloads.
1.3.2 Bundle Patch Recommendations
Oracle recommends that you apply the WebGate bundle patch to all installed WebGates for which a bundle patch is provided.
Note:
This bundle patch is for DB19c customers.If you have ... | Perform Following Steps... |
---|---|
12.2.1.4.0 Webgates |
Apply the WebGate bundle patch:
|
1.4 Before Installing this WebGate Bundle Patch
1.5 Installing and Removing the Webgate Bundle Patch
This section contains the following topics to guide you, as you prepare and install the WebGate files (or as you remove a WebGate, should you need to revert to your original installation):
1.5.1 Preparing All Environments and Downloading the Bundle Patch
This section introduces the Oracle patch mechanism (Opatch) and requirements that must be met before applying the bundle patch. Opatch is a Java-based utility that runs on all supported operating systems and requires installation of the Oracle Universal Installer.
Note:
Oracle recommends that you have the latest version of Opatch from My Oracle Support. Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.The patching process uses both unzip and Opatch executables. After sourcing the $ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching.
Perform steps in the following procedure to prepare your environment and download the bundle patch. Due to formatting constraints in this document, some sample text lines wrap around. These line wraps should be ignored.
Note:
Ignore line wrapping in syntax examples and ignore steps that do not apply to your environment or intended Opatch use.Unless explicitly identified as relevant to only a specific condition, all steps apply to all Opatch environments. Steps that relate to only a specific condition are identified with a bold condition.
To prepare your environment and download the bundle patch:
1.5.2 Preparing 64-Bit Oracle HTTP Server 12c WebGates on Windows 64-Bit Platforms
If you are using Windows 64-bit operating systems, you must install updated Microsoft Visual C++ 2012 libraries on the machine hosting the Oracle HTTP Server 12c WebGate for Oracle Access Manager.
To install Microsoft Visual C++ 2012 Redistributable Package (x64)
Install the Microsoft Visual C++ 2012 Redistributable Package (x64) for x64 systems, which can be downloaded from the following web site:
https://www.microsoft.com/en-us/download/details.aspx?id=30679
Proceed to Installing a WebGate Bundle Patch on Any Platform
1.5.3 Installing a WebGate Bundle Patch on Any Platform
This section describes how to install WebGate bundle patches on any platform using Oracle patch (Opatch). While individual command syntax might differ depending on your platform, the overall procedure is the same for all platforms.
The files in each bundle patch are installed into the destination ORACLE_HOME. This enables you to remove (roll back) the bundle patch even if you have deleted the original bundle patch files from the temporary directory you created.
Oracle recommends that you back up the ORACLE_HOME
using your preferred method before any patch operation. You can use any method (zip, cp -r, tar, and cpio) to compress the ORACLE_HOME
.
When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your ORACLE_HOME:
-
Conflicts with a patch already applied to the
ORACLE_HOME
. In this case, stop the patch installation and contact Oracle Support Services. -
Conflicts with subset patch already applied to the
ORACLE_HOME
. In this case, continue installation because the new patch contains all the fixes from the existing patch in theORACLE_HOME
. The subset patch is automatically rolled back before installation of the new patch begins.
To install a Webgate bundle patch on any platform:
1.5.4 Failure During WebGate Bundle Patch Installation
If there is a failure during your WebGate installation, your original WebGate installation is restored automatically.
Note:
You can check the window to see if you can discern the problem, then correct the problem and restart the bundle patch installation.1.5.5 Rolling Back a WebGate Bundle Patch on Any System
Note:
If you see "Patch not present in the Oracle Home, Rollback cannot proceed", enteropatch rollback -help
to get more information. If the patch was applied using
-no_inventory
option, use -ph
option.
Rollback is not supported for Oracle HTTP Server(OHS) and Oracle Traffic Director(OTD) WebGates.
After the WebGate bundle patch is removed, the system is restored to the state it was in immediately before the bundle patch installation.
To roll back a WebGate bundle patch on any system:
1.6.1 Resolved Issues in 12.2.1.4.240919
Table 1-2 Resolved Issues in 12.2.1.4.240919
Base Bug No | Description |
---|---|
36945930 | CANNOT AUTHENTICATE MORE THAN ONE RESOURCE WEBGATE WITH OAM 12.2.1.4.0 DCC WEBGATE IN OAP OVER REST |
36828018 | CVE-2024-23807 |
35215745 | WEBGATE LOG FILES ROTATION: MAX_FILE_COUNT SETTING DOESN'T WORK IN WEBGATE 12C? |
16198444 | WEBGATE DOESN'T HAVE MECHANISM TO LIMIT NUMBER OF LOG FILES GENERATED |
36708247 | WEBGATE SUPPORT FOR PROTECTED COOKIE OPTION FOR
OAMAUTHNCOOKIE
Note: For this fix to work, set the WebGate user defined parameterssoCookie=Partitioned |
33974688 | OAP HANDSHAKE - CONFIRM TRANSPORT IS ESTABLISHED AS PER PROFILE SETTINGS |
35955438 | CVE-2023-37536 |
30144004 | OAM 12C VALIDATION NOT HAPPENING ON INCORRECT USER LOGIN IN DCC LOGIN PAGE |
1.6.2 Resolved Issues in 12.2.1.4.230106
Table 1-3 Resolved Issues in 12.2.1.4.230106
Base Bug No | Description |
---|---|
34856084 | IHS SERVER FAILED TO START AFTER APPLYING WEBGATE PATCH 34848733 |
34256602 | WEBGATE.INI FILE IS MISSING THE '1' AFTER THE INSTALLATION |
33488626 | WEBGATE HTTP 200 RESPONSE DOESN'T INCLUDE SECURITY
DIRECTIVES FROM HTTPD.CONF
Note: Security headers configured in Webgate user-defined parameters likeX-Frame-Options ,
Content-Security-Policy , and so on can also
be set on Webgate requests like obrar.cgi . You
can disable this feature by setting
setXResponsesForWG=false in Webgate's
user-defined parameters.
|
34236162 | JWT SIGNATURE VERIFICATION FAILING ON AIX DUE TO NZ API ZTPK_VERIFY RETRUNING FAILURE |
34494730 | OAP VIA REST WEBGATE LOGGING DOES NOT LOG UNENCRYPTED MESSAGES |
34036914 | WEBGATE OAP OVER HTTP SHOULD PRESERVE ECID OF OHS REQUESTS FROM END-USERS |
33397046 | CWG HANGS ON APACHE PREFORK MPM AWS TO OCI AFTER ONE HOUR |
33398391 | STRESS:FA:OAM:FMW12C: CORE DUMPS SEEN IN OHS FROM OBHTTPREQUESTHANDLER::HANDLEMESSAGE DURING LOGON_STORM TEST |
33245317 | LOGOUT CALLBACK NOT WORKING PROPERLY FOR IDCS WEBGATE |
33088004 | OHS12C WEBGATE ON CONFIGURING IN 2WAY SSL WITH OAM FIRST ACCESS GIVE ACCESS SERVER ISSUE |
32074849 | NEED TO SUPPORT 2-WAY SSL FOR OAP OVER REST OR HTTP |
32801155 | OHS 12.2.1.3.200813 (BP05) CAUSES 20 ERROR PER HOUR AFTER BEING APPLIED |
32078823 | WEBGATE 12C MEMORY LEAK ISSUE |
32843839 | NEED CASE INSENSITIVE FILTER IN CLOUD.POLICY |
31918824 | DELAYS WHEN LOADING RESOURCES IF ONE OR MORE NODES HAVE IPTABLES DROP |
1.6.3 Resolved Issues in 12.2.1.4.210816
Table 1-4 Resolved Issues in 12.2.1.4.210816
Base Bug No | Description |
---|---|
28793688 | WEBGATE CHANGES REQUIRED FOR BUG 28562000 |
31115416 | FRC AND EPM WORKSPACE ERROR THE REQUESTED URL CONTAINS ILLEGAL CHARACTERS. |
31861763 | END_URL SET TO VALUE OF LOGOUT TARGET URL INSTEAD OF USING AS QUERY PARAM NAME |
32107421 | DIAG: NEW 12.2.1.4.0 WEBGATE LOG SHOWS "ERROR PERFORMING LIBCURL OPERATION" |
1.6.4 Resolved Issues in 12.2.1.4.200811
Table 1-5 Resolved Issues in 12.2.1.4.200811
Base Bug Number | Description |
---|---|
31316696 | OHS/WEBGATE THROWING AH00027: NO AUTHENTICATION DONE |
31062117 | WEBGATE : CHROME VERSION 80+ AND SAMESITE=NONE ISSUE (OTHER BROWSERS TO FOLLOW) |
31134868 | DIAGNOSTIC IMPROVEMENT FOR BUG#30806559 - HMAC FLOWS NEED MORE LOGGING |
28200446 | Fix for Bug 28200446 |
30884653 | Fix for Bug 30884653 |
29213867 | URL IS GIVING ACCESS MANAGER ERROR |
25429284 | ENHANCED THE WEBGATE LOGGING WHEN CONNECTION ISSUES ARE SEEN |
29204353 | OHS FAILS TO START AFTER UPGRADE FOR 11G WEBGATE |
1.7 Known Issues
Known issues and their workarounds in Oracle Access Management Release 12.2.1.4.0 are described in the Oracle Access Management chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:
https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmrn/index.html
Note:
Some known issues listed in the Release Notes for Oracle Identity Management may have been resolved by this Bundle Patch. Compare the issues listed in Resolved Issues of this document when reviewing the Release Notes for Oracle Identity Management
1.8 Documentation
This section describes the documentation that is available to support the latest bundle patch and the original release. This section provides the following topics:
1.8.1 Oracle Access Manager Manuals and Release Notes
You can find release notes and manuals on Oracle Technology Network (OTN). If you already have a user name and password for OTN, you can go directly to the documentation section of the OTN Web site at:
http://www.oracle.com/technetwork/indexes/documentation/index.html
Oracle Access Manager 12c documentation link:
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/index.html
1.8.2 Patch Set Notes and Bundle Patch Notes
You can download notes with software patches and bundle patches from My Oracle Support (formerly MetaLink) at:
http://support.oracle.comThis document, Oracle Access Manager WebGate Release Notes Bundle Patch 12.2.1.4.240919 for All Server Platforms, provides the following information for this specific bundle patch release:
-
General information about bundle patches.
-
General WebGate bundle patch requirements and installation details.
-
Details about what is included in the Webgate bundle patch.
The Oracle Access Manager WebGate Release Notes Bundle Patch 12.2.1.4.240919 for All Server Platforms is available in HTML format, as readme.htm, that you can view without downloading the zip file.
1.8.3 Certification Documentation
Certification Matrix |
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html |
Oracle Fusion Middleware Requirements |
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html |
Oracle Fusion Middleware Downloads |
http://www.oracle.com/technetwork/middleware/downloads/index-087510.html |
1.9 Documentation Accessibility
Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology.
This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Deaf/Hard of Hearing Access to Oracle Support Services
To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html.
Oracle Access Management Webgate Release Notes, Bundle Patch 12c (12.2.1.4.240919)
G14589-02