IV33489: TITLE: TAM ESSO V8.2- LOTUS NOTES PROFILE VERSION 1.3 SAVES INCORRECT PASSWORD

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as fixed if next.

Error description

  • Title: TAM ESSO v8.2- Lotus Notes profile version 1.3 saves
    incorrect
    password
    
    Problem Description:
    
    Lotus Notes profile version 1.3 saves incorrect password
    
    .
    Problem description
    In testing the newer Lotus Notes profile version 1.3 published
    under
    http://www-01.ibm.com/support/docview.wss?uid=swg21470500 we
    have found
    an issue during password change with the following scenario:
    
    A client is presented with the password change window within
    Lotus
    Notes (regardless of expiration, early warning or manual). If
    the
    client enters a previous password (password history is set for
    13) that
    has been used before, Lotus Notes will pop-up a dialog that
    indicates
    that it is a previous password and directs the client to "pick a
    new
    one". If the client clicks ok they are taken back to the change
    password window. As part of this process ESSO is saving that
    previous
    password entry in the wallet even though the password change was
    not
    successful.
    
    If the client were to then click cancel and not change their
    password
    they will retain some previous version of the password in the
    wallet.
    If they continue to change their password and enter a valid
    password
    that Lotus Notes accepts then the correct password will be saved
    wallet.
    
    Business impact ( BusImpact )
    saves an invalid password to the wallet.
    
    
    
    Steps to Duplicate: see problem description
    
    Desired Behavior:  see problem description
    
    Environment:  ISAM ESSO 8.2, Lotus Notes,profile, 1.3
                             AA 8.2  fixpack 2,
                                 Lotus Notes
    
    Release 8.5.1 Revision 20090929.1223 (Release 8.5.1)
    
    Solutions/Workaround:
    
    Under state_chg_pwd_wnd-destroyed there are three triggers (1)
    Fire
    
    after a specified time, (2) Window is activated (includes save
    action),
    (3) Window is activated (not equal to your password change
    succeeded).
    In that order (3) always fires regardless of the message dialog
    that is
    produced. (1) will fire if a dialog is not produced and
    "password set"
    is presented in the status bar.
    
    it works correctly is reordered to (1) Window is activated
    (not equal to your password change succeeded), (2) Window is
    activated
    (with save action), (3) Fire after a specified time.
    .
    

Local fix

  • 36690
    

Problem summary

  • The Lotus Notes AccessProfile version 1.3 can not handle a
    change password workflow
    if the new password is not accepted by Lotus Notes. The rejected
    password will be stored in the AccessAgent wallet. The problem
    will be addressed in next release of the profile.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IV33489

  • Reported component name

    SSO ACCESSSTUDI

  • Reported component ID

    5724V6701

  • Reported release

    820

  • Status

    CLOSED FIN

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-14

  • Closed date

    2012-12-26

  • Last modified date

    2012-12-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

  • R810 PSY

       UP

  • R820 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Access Manager for Enterprise Single Sign-On
Base

Software version:

820

Reference #:

IV33489

Modified date:

2012-12-26

Translate my page

Machine Translation

Content navigation