Red Hat Single Sign-On 7.3 Update 1 Release Notes
This software patch resolves a number of security defects and customer reported bugs in Red Hat Single Sign-On 7.3. RH-SSO will deliver patches on a repeating schedule to resolve security defects and customer reported bugs. Fixes for RH-SSO 7.3 will continue until RH-SSO 7.4 is released, and at that time maintenance will be delivered on RH-SSO 7.4.
Updated client adapters are released as needed to resolve customer reported issues or security fixes. The adapters are released as needed so often a given cumulative patch version will not have an associated client adapter for all products.
For more information on which client adapters are tested and supported with Red Hat Single Sign-On versions see:
Red Hat Single Sign-On adapter and server compatability
Red Hat Single Sign-On Server component also includes Red Hat JBoss Enterprise Application Platform and this update includes JBoss Enterprise Application Platform 7.2 Update 1. See the JBoss Enterprise Application Platform 7.2 Update 1 Release Notes for a list of changes included in that release.
Download This content is not included.Red Hat Single Sign-On 7.3 Update 1
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2019-3868 | Server | session hijack using the user access token |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.KEYCLOAK-8996 | Authenticator | Provide a way to set a responder certificate in OCSP/X509 Authenticator |
| Content from issues.jboss.org is not included.KEYCLOAK-9489 | Admin - Console, Admin - REST API | User not able to log in to admin console when using query-* roles |
| Content from issues.jboss.org is not included.KEYCLOAK-8688 | Server | Pagination issue when syncing users from LDAP |
| Content from issues.jboss.org is not included.KEYCLOAK-9387 | Admin - Console | Role select box is too narrow for long role names and has no horizontal scroll bar |
| Content from issues.jboss.org is not included.KEYCLOAK-4640 | User Federation - LDAP | LDAP memberships are being replaced instead of being added or deleted |
| Content from issues.jboss.org is not included.KEYCLOAK-9167 | Server | Using kcadm to update an identity-provider instance via a json file does not work without an "internalId" present in the json |
Known Issues
The following are new known issues for this release. For additional known issues present see Red Hat Single Sign-On 7.3 Release Notes.
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.KEYCLOAK-10260 | Server | Invalid permissions on the .installation directory prevents installing a patch. To work around this issue, navigate to the rhsso-7.3 directory and issue this command: chmod 775 .installation |
| Content from issues.jboss.org is not included.KEYCLOAK-10211 | Server | SSSD integration is not working on RHEL8 because libunix-dbus-java is missing |
| Content from issues.jboss.org is not included.KEYCLOAK-10238 | Documentation | The Securing Applications and Services Guide is missing instructions for adapter installation on RHEL 8. The installation process is the same as in the previous release, but requires RHEL 8 repository names. Be sure to install EAP from the same repository first. |
| Content from issues.jboss.org is not included.KEYCLOAK-10239 | Documentation | The Securing Applications and Services Guide has obsolete package names in the RPM installation section. |
Installation
Note: This update should only be applied to zip-based installations.
For instructions on applying Red Hat Single Sign-On cumulative patch (also referred to as a Micro Release) see Micro Upgrades in Red Hat Single Sign-On 7.3 Patching And Upgrading Guide.
The adapters are distributed as a full release which is intended to replace the existing adapter. Full details are available in Upgrading Red Hat Single Sign-On Adapters.