SummaryThe 5.0 MLE release is a Multi-Language European release which includes an English version. The English version contains fixes for issues found in the 5.0 release. This document contains the list of the issues addressed in the English version since the IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO) 5.0 release. It also discusses the features and/or support added into this 5.04 MLE release. |
|||||||||||||
Product Version |
IBM Tivoli Access Manager for Enterprise Single Sign-On version 5.0.129 | ||||||||||||
Features/Support AddedPlease click on the link for more detailed information. |
|||||||||||||
Issues AddressedPlease click on the link for more detailed information. |
|||||||||||||
|
|||||||||||||
How to Install |
| ||||||||||||
|
|||||||||||||
Feature/Support Details
|
|||||||||||||
|
New Multi-Language Installer A new multi-language installer is included in this release. Upon launching the InstallShield, a dialog appears prompting you to choose what language you want to install. The five supported languages are English, German, Spanish, French and Italian. The ability to set the language via command line for use by the TAM E-SSO Agent is also included in this release. To do this, the TAM E-SSO Agent must be installed with the appropriate language pack. Open the command prompt and type "ssoShell /language <language code>", for example:
|
|||||||||||||
|
This feature adds the ability to allow a user to re-use a previous password as their passphrase in Windows Auth v2 and ensures that a sync is forced after the passphrase is changed. It adds the following functionality to TAM E-SSO 5.0 MLE:
|
|||||||||||||
|
New Host/Mainframe Application Setting Added This feature adds the ability to allow an administrator to set an interval (in milliseconds) between TAM E-SSO prompts requesting the user to create a logon for a mainframe session. For example, when a user logs onto a mainframe session that matches a configured application that they do not have a stored password for, TAM E-SSO will prompt the user with the following question: "There are no matching Logons for this mainframe session. Would you like to create one now". If the user selects “No”, the next time the user presses any key on the mainframe screen, TAM E-SSO prompts the user again. This delay setting is the amount of time TAM E-SSO should wait before displaying the question again. A new registry setting has been added to the Administrative Console under Global Agent Settings > End-User Experience > Response > Host/Mainframe Apps : Application Credential Request Delay. |
|||||||||||||
| Issue Details | |||||||||||||
|
Error occurred in the Administrative Console when accessing the ADAM "People" container When accessing the Microsoft ADAM People container through the TAM E-SSO Administrative Console, an error occurred (approximately when the 2000 user number was reached).To resolve this issue, the console has been modified so that a large amount of ADAM users are properly handled without an error occurring. |
|||||||||||||
|
Deny rights to CO objects could not be given to users or groups An Administrator could not "deny" rights to CO objects for users or groups through the TAM E-SSO Administrative Console. To resolve this issue, the console has been modified so that DN's are converted properly and deny rights can be given to CO objects. |
|||||||||||||
|
Administrative Console's AD Usage Report does not support foreign characters TAM E-SSO Administrative Console's Active Directory Usage Report did not support foreign characters within the username. For example, "John Doé" was not supported. To resolve this issue, the console has been modified so that it now uses default character encoding rather than UTF8 so that foreign (extended) characters are properly supported. |
|||||||||||||
|
TAM E-SSO stopped functioning if Application Data directory was redirected TAM E-SSO would stop functioning if the Windows Application Data directory was redirected through the Microsoft Management's Group Policy Object editor. In addition, the Passlogix folder was created in a different location than the intended redirected location. To resolve this issue, TAM E-SSO has been modified so if the Application Data directory is redirected, TAM E-SSO will function as expected and the Passlogix folder will be created in the correct APPDATA path. |
|||||||||||||
|
Multiple Password Policy issues addressed The following Password Policy issues were seen in TAM E-SSO 5.0:
This release contains the fixes for all of the above Password Policy issues. |
|||||||||||||
|
Administrative Console performance not optimal when retrieving information The Administrative Console was not performing optimally when retrieving information for large groups of users (approximately 7000+). To resolve this issue, LDAP search performance has been
improved in the console. |
|||||||||||||
|
TAM E-SSO's ssogina.dll could cause a crash that would hang Windows during shutdown. To resolve this issue, a new ssogina.dll file has been generated.. |
|||||||||||||
The following BHO issues were seen in TAM E-SSO 5.0:
This release contains the fixes for all of the above BHO issues. |
|||||||||||||
|
User receives prompts for LDAP sync credentials after updating TAM E-SSO Agent data After updating TAM E-SSO Agent data (i.e. adding or modifying logons), some users were prompted for their LDAP synchronization credentials. For example, after a user added a Web site logon to the TAM E-SSO Agent, TAM E-SSO would prompt the user for their LDAP synchronization credentials. The prompt issue was occurring because TAM E-SSO had lost access to the specific user's encryption container. To resolve this issue, the user's encryption container (i.e. C:\Documents and Settings\<username>\Application Data\Microsoft\Crypto\RSA) has been migrated to the machine encryption container (i.e. C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys). |
|||||||||||||
|
SendKeys not functioning properly When configuring an application (i.e. Notepad) using SendKeys, and only new password and confirm password were specified, the TAM E-SSO Agent would send the old password to the application even though it was not specified. To resolve this issue, the console has been modified so that the old password is not sent when not specified. |
|||||||||||||
|
Anchor tags display incorrect ordinal values on Web wizard forms When using the Web wizard form with anchor tags (i.e. Submit button), the anchors displayed an ordinal value of "0", instead of a unique value. To resolve this issue, the console has been modified so that anchor tags display the correct ordinal values. |
|||||||||||||
|
Invalid placement of the Passphrase Disclaimer dialog The Passphrase Disclaimer dialog box was positioned partially off the screen and could not be resized or moved. This issue did not occur for all users. To resolve this issue, TAM E-SSO has been modified so that the disclaimer dialog box is now centered based on screen size. |
|||||||||||||
|
Web site attachments hang When a file download was initiated in Internet Explorer by clicking a link or button, the file download dialog would “hang” and the file did not download. This only occurred when BHO was running. To resolve this issue, TAM E-SSO has been modified so that a check is in place in the BHO for the file download event and auto-detect of fields has been disabled to prevent the hang from occurring. |
|||||||||||||
|
Credentials
did not appear to be submitted to Web sites When "Force Authentication" was turned on, TAM E-SSO would not inject credentials properly for some URLs. TAM E-SSO would show that it had responded and successfully injected credentials, however, the actual credentials were not submitted. The issue was that TAM E-SSO did not handle multiple notifications properly when authentication was forced. To resolve this issue, TAM E-SSO has been modified so that the number of scans performed per document is limited. This allows TAM E-SSO to inject credentials properly. |
|||||||||||||
|
Improved support for windows with dynamic
window classes When creating a Windows template, TAM E-SSO would not recognize an application that had dynamic window classes. TAM E-SSO would only recognize the application when all of the supported window classes were removed for both the “Applications” and “Services” settings in the Global Agent Settings. Removing the supported window classes caused issues with other applications that had windows classes added in either the “Applications” or “Services” settings. To resolve this issue, regular expressions for class name matching have been added to TAM E-SSO. A repost condition has also been added for applications that create their windows hidden or disabled. |
|||||||||||||
|
An incorrect credentials error message
appeared after TAM E-SSO logged into an application with the correct credentials Some applications require that passwords are entered via a keyboard. When TAM E-SSO attempted to inject credentials into such applications, an incorrect credentials error message was generated, even though the credentials were correct. When manually entering the password, the user was logged in. This issue was seen with new Citrix 9.15 ICA Client. To resolve this issue, a new setting has been added to TAM E-SSO to use WM_CHAR messages to set text within controls. This setting simulates keyboard entry in an alternate way. This resolved the issue seen with the new ICA Client, and any other applications that require keystroke password entry. |
|||||||||||||
|
Imported Global Agent Setting incorrectly included "CN=GUID" in object name When a Global Agent Setting was imported from the repository, the imported object's name incorrectly included "CN=GUID", which was from the object's display listing. To resolve this issue, TAM E-SSO has been modified so that the "CN=GUID" portion of the display text is no longer included in the object's display listing. |
|||||||||||||