IBM Tivoli Identity Manager, ver 5.1, Fixpack 5.1.0.13-ISS-TIM-FP0013

General Description: Contains accumulated fixes for problems encountered in IBM Tivoli Identity Manager (ITIM) Version 5.1.

The APAR numbers for all fixes included are listed under "Problems Fixed". Refer to the specific APAR descriptions for more detail.
This and other featured documents for IBM Tivoli Identity Manager can be found at:
http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html

New Problems Fixed:

APAR: IV27990
Symptom: Problems configuring SSL communication between IBM Tivoli Identity Manager server and IBM DB2 database server.
Note: As part of this APAR a new property 'database.db.security.protocol' has been introduced in the $ITIM_HOME/data/enRoleDatabase.properties file. Please refer to the $ITIM_HOME/extensions/5.1/doc/APAR_Doc/IV27990.pdf file for the documentation on how to configure SSL communication between IBM Tivoli Identity Manager server and the IBM DB2 database server.

APAR: IV31213
Symptom: You may get OutOfMemory and also experience performance issues while doing an unfiltered search for accounts through the "Manage Service" page.

APAR: IV31315
Symptom: The Audit Event report in PDF format does not contain "Report Generated By" information in the "Report Criteria" Section.

APAR: IV31673
Symptom: The ITIM Data synch stages all groups on all services into a table created upon schema mapping of a specific service group profile.

APAR: IV31744
Symptom: An OutOfMemory may occur when viewing a Provisioning policy with 7000 plus roles as membership the second time in. The first view works fine.

APAR: IV32295
Symptom: You may experience a Performance degredation while selecting a user on the Manage Users page.
Note: A new property, "ui.manageUsers.restoreButtonState.skipAccountValidationOnUserSelection" has been introduced in $ITIM_HOME/data/ui.properties file. To get more information about the new property, please refer to the $ITIM_HOME/data/ui.properties file.

APAR: IV33033 R52833
Symptom: NEW FUNCTION
Option to provide justifications on all requests
Note: As part of this fix, an option to provide justification has been implemented for following workflow initiated requests.
1. Add, modify, suspend, restore and delete operation performed on an account.
2. Add, modify, suspend, restore, delete and transfer operation performed on a person.
3. Add and remove access.
4. Suspend, restore and delete operations performed on multiple accounts and multiple persons.
Users cannot provide justification for automatically triggered requests. For example, requests triggered via LifeCycle Rule, HR Feed, provisioning policy modification, etc. To learn more about this new feature, please refer to the $ITIM_HOME/extensions/5.1/doc/APAR_Doc/IV33033.pdf.

APAR: IV33587 ROUTE OF IV29736 R71319
Symptom: When the FESI engine is set as the script interpreter in ITIM, then while evaluating JavaScript that has Unicode characters in it, you may get an exception similar to the one shown below.
<Exception><![CDATA[FESI.jslib.JSException: Unterminated string constant near line x, column xx ...

APAR: IV33588 R50490
Symptom: NEW FUNCTION
Add an option to have the Instruction Detail twistie on the Self Service UI - Review Request page default to be open and not collapsed.
Note: A new property, "ui.reviewRequest.instructionDetail.expandedbydefault" has been introduced in $ITIM_HOME/data/SelfServiceUI.properties file. This property determines the default behaviour of "Instruction Detail" twistie on the Self Service UI - Review Request page. To get more information about the new property, please refer to the $ITIM_HOME/data/SelfServiceUI.properties file.

APAR: IV33591 R50500
Symptom: NEW FUNCTION
Add access for non-admins to the "about ITIM" UI panel.
Note: As part of this ER, a new property, "ui.AboutPanel.visibleToAll" has been introduced in $ITIM_HOME/data/ui.properties file. This property decides whether "about ITIM" UI panel should be visible to all the users or only to administrators. To get more information about the new property, please refer to $ITIM_HOME/data/ui.properties file.

APAR: IV33592 R69113
Symptom: Performance improvement. The performance of new account synchronization is improved by creating primary keys and indices after all accounts have been synchronized.

APAR: IV33594 R70889
Symptom: Report Data Synchronization Utility should not include ojdbc5.jar or sqljdbc.jar. APAR IV22042 shipped a standalone utility which incorrectly included the ojdbc5.jar and sqljdbc.jar.
Note: The $ITIM_HOME/bin/itim_report_data_sync_utility.zip has been updated to remove the ojdbc5.jar and sqljdbc.jar file. The utility has been modified to accept a new optional argument, -JDBC_JAR. This argument can be used to specify the location of the JDBC jar file that the report data synchronization utility should use to access the Tivoli Identity Manager database. If this argument is not specified, the utility uses the db2jcc.jar file present in the lib directory where you extracted the utility. For more information, please refer to "Running the report data synchronization utility" section in README.pdf file present in the $ITIM_HOME/bin/itim_report_data_sync_utility.zip.

OSDB Certification updates, ITIM Server now supports the following Operating systems and middleware:

To get the latest updates for the ITIM 5.1 Software Requirements, please see the following URL.
http://www-01.ibm.com/support/docview.wss?uid=swg27020534

As of 12/14/2012
ITDI 7.1.1. Requires 7.1.1-TIV-TDI-FP0002.

As of 09/21/2012
Firefox 10 ESR (Extended Support Release).

As of 06/22/2012
Updated testing of Oracle 11g R2 OJDBC drivers and now recommend the 11.2.0.3 driver for ojdbc5 or ojdbc6, which ever is applicable.

As of 09/28/2011
Oracle 11g using AL32UTF8 character set.
Oracle Directory Server Enterprise Edition 11.1.1.5.0

As of 06/24/2011
RHEL 6.0 for all ITIM supported Linux platforms.
Includes x86 32 bit, x86 64 bit, pSeries, and zSeries.

Firefox 4.0
Internet Explorer 9 (IE 9)*
* Please refer to ITIM_HOME/extensions/5.1/doc/APAR_Doc/IV01635.pdf file for restrictions and implementation instructions

You may install ITIM with a non-root user.
The following steps are an example of how you may setup a user to allow you to install ITIM as a non-root user.
1. login as root user
2. cd <itim5.1_Installer>
3. chown -R wasuser <itim5.1_Installer> (wasuser is an example)
4. chmod -R g+rwx <itim5.1_Installer>
5. cd <Directory where ITIM5.1 is installing>
6. chmod -R g+rwx <Directory where ITIM5.1 is installing>
7. su wasuser (login to Non root user)
8. cd /<itim5.1_Installer>
9. ./instlinux.bin <ITIM5.1 installer>

The following steps are an example that you may use to ensure you can install ITIM Fixpacks and Interim Fixes.
1. Login as root user
2. groupadd wasgroup
3. useradd -m -d /home/wasuser -g wasgroup wasuser (wasuser is an example)
4. su wasuser
5. umask 0022
6. su root
7. cd /opt/IBM/WebSphere/
8. chmod –R g+rwx AppServer
9. chmod –R g+rwx Updateinstaller
10. chmod –R g+rwx<directory under which Fixpack 6 for ITIM5.1 resides> (Fixpack 6 is an example)
11. cd /opt/IBM/WebSphere/AppServer/profiles
12. chown -R wasuser AppSrv01
13. su wasuser
14. cd /opt/IBM/WebSphere/Appserver/bin
15. ./stopServer server1 –username <wasadmin> -password <password>
16. cd /opt/IBM/Websphere/Updateinstaller

As of 03/25/2011
MS SQL Server 2008 R2. This was tested with WebSphere 7.0.0.7 with iFix 13911. To use this version of MS SQL Server, please follow the instructions found below.
1) For MS SQL Server 2008 R2 with the JDBC driver 3.0, the following property should be set to false in ITIM_HOME\properties\version\nif\config\install\backdoors_user.properties file (this file needs to be created by the user)
Use any ascii editor, such as Notepad, add the following line and save as backdoors_user.properties. Make sure to save that file in ITIM_HOME\properties\version\nif\config\install\ directory.
skip.stopstartwasatdbupgrade = false
This will result in a longer time to complete the Fixpack Installation. Also, be sure to set com.ibm.SOAP.requestTimeout=0 (infinite) to ensure the process can complete.


As of 02/22/2011
Firefox 3.6.13

Oracle 11g R2 (with Oracle 11g R1 ojdbc5 or (ojdbc6 with 64 bit jvm) driver).


AIX 7.1 on a Power 7 LPAR
When installing WebSphere, you may get a pre-requisite check failure, but WebSphere will still install properly. For any additional information, please see the following:
http://www-01.ibm.com/support/docview.wss?uid=swg27007686
Test connection for LDAP profile service unsuccessful at port 16231 (default port for ITDI dispatcher). However, you will get a successful connection if you use port 1099.

AIX 7.1 on a Power 7 WPAR
When installing WebSphere, you may get a pre-requisite check failure message indicating that 0 MB memory is left in the installation directory. Use the following command when installing WAS 6.1 on AIX 7.1 WPAR.
./install -W checklateprereqs.active=False –W lateprereqsfailedpanelInstallWizardBean.active=False -W checklateprereqs.prereqsPassed=True -W calculatediskspaceInstallWizardBean.active=False
For any additional information, please see the following:
http://www-01.ibm.com/support/docview.wss?uid=swg27007686
When applying the Fixpack for Websphere application server and ITIM5.1 using Update Installer 7.0.0.11. You may get a pre-requisite check failure indicating that 0 MB memory is left in the installation directory. Use the following command while applying a Fixpack when running on an AIX 7.1 WPAR.
./update.sh –DisableDiskSpaceCheck=True export
DB2 may get installation failures. You may need to manually create the instance and database.
Agentless Adapters do not get installed while installing ITIM 5.1. An empty timsol directory gets created in the TDI location.
To get the Adpapters installed, Run the installer (ITIM_home/Config/adapters) for Adapters manually. The Adapter then gets installed successfully and timsol and itim_listener.properties gets created successfully.


As of 12/17/2010

MS SQL Server 2008: For JDBC driver 3.0, the following property should be set to false in ITIM_HOME\properties\version\nif\config\install\backdoors_user.properties file(this file needs to be created by the user):
Use any ascii editor, such as Notepad, add the following line and save as backdoors_user.properties. Make sure to save that file in ITIM_HOME\properties\version\nif\config\install\ directory.
skip.stopstartwasatdbupgrade = false
This will result in a longer time to complete the Fixpack Installation. Also, be sure to set com.ibm.SOAP.requestTimeout=0 (infinite) to ensure the process can complete.

ITDI 7.1
Please note that tamimportsync fails. An enhancement request has been opened by the ITDI team to provide the necessary configuration parameters in ITDI7.x, so that the Configuration Editor can be used for discovering/browsing the available data, irrespective of connector mode.

ITDS 6.3

As of 04/02/2010

Solaris 10 Non-Global Zones

Sun One Directory Server 7.0

Red Hat Enterprise Linux AS release 5.3 for for all ITIM supported Linux platforms.
Includes x86 32 bit, x86 64 bit, pSeries, and zSeries.

As of 12/18/2009

DB2 9.7

As of 07/14/2009

MS Internet Explorer 8

Firefox 3.5.

SUSE Linux Enterprise Server 11.0 for all ITIM supported Linux platforms.
Includes x86 32 bit, x86 64 bit, pSeries, and zSeries.

AIX 6.1 WPAR (System WPAR)
Note: 1. Observation : While installing WebSphere Application Server 6.1 on AIX 6.1 WPAR using install command, a pre-requisite checking failed message appears stating that 0 MB memory left in the installation directory.
Workaround : Use the following command while installing WAS 6.1 on AIX 6.1 WPAR.
./install -W checklateprereqs.active=False –W lateprereqsfailedpanelInstallWizardBean.active=False -W checklateprereqs.prereqsPassed=True -W calculatediskspaceInstallWizardBean.active=False
Please see the follwoing URL or contact the WebSphere support group if you need any additional information.
http:01.ibm.com/support/docview.wss?rs=0&uid=swg21293695.

2. Observation : Agentless adapters do not get installed while installing ITIM 5.1 on AIX 6.1 WPAR. An empty timsol directory gets created in the TDI location.
Workaround : Run the installer (ITIM_home/Config /adapters) for adapter manually. The adapter will install successfully as will timsol directory and itim_listener.properties.

3. Observation : Test connection for LDAP profile service unsuccessful at port 16231(default port for ITDI dispatcher). Connection successful at port 1099 for AIX 6.1 WPAR and Solaris 10 11/06 LDom.

SOLARIS 10 LDOM UPDATE 11/06
1. Observation : Test connection for LDAP profile service unsuccessful at port 16231(default port for ITDI dispatcher). Connection successful at port 1099 for AIX 6.1 WPAR and Solaris 10 11/06 LDom.


Architecture(s): Windows, Solaris, AIX, and Linux.

Fixes superseded: ITIM 5.1 Fixpacks 5.1.0.1-TIV-TIM-FP0001, 5.1.0.2-TIV-TIM-FP0002, 5.1.0.3-TIV-TIM-FP0003, 5.1.0.4-TIV-TIM-FP0004, 5.1.0.5-TIV-TIM-FP0005, 5.1.0.6-TIV-TIM-FP0006, 5.1.0.7-TIV-TIM-FP0007, 5.1.0.8-TIV-TIM-FP0008, 5.1.0.9-TIV-TIM-FP0009, 5.1.0.10-ISS-TIM-FP0010, 5.1.0.11-ISS-TIM-FP0011, and Interim Fixes 5.1.0.11-ISS-TIM-IF0039, 5.1.0.11-ISS-TIM-IF0040, and 5.1.0.11-ISS-TIM-IF0041.

Dependencies: NONE.

Database Changes:
1. OPTIONAL changes. Please refer to APAR IV03678 for the manual steps to be performed.

JMS (Java Messaging Service) Changes: NONE

LDAP Changes:
1. OPTIONAL changes to update the erjavascript attribute value for Default adoption policy for ITIM.
Please refer to APAR IZ74342 for the manual steps to be performed.
2. OPTIONAL changes to update the erXML attribute value for selfRegister operation of BPPerson. Please refer to APAR IZ81042 for the manual steps to be performed.
3. OPTIONAL changes to update the erXHTML and erText attribute values for User Recertification Pending template. Please refer to APAR IZ86888 for the manual steps to be performed.
4. MANDATORY changes. A new attribute 'erPasswordLastChangedBy' has been added to the LDAP schema. The objectclass definition of 'erAccountItem' and 'erSystemUser' have been updated to include this new attribute. The updated schema definition is present in $ITIM_HOME/config/ldap/er-schema.dsml file. The fixpack installer will execute ldapUpgrade utility that will update the directory server schema with these changes. Although these schema changes have been introduced to support the new functionality provided in APAR IV08054, this new attribute will be populated internally by ITIM irrespective of whether the new feature is used or not.
5. MANDATORY changes. To support the new functionality provided for APAR IV22039, a new directory entry is added to store configurable default delegation email notification template. The Distinguished Name of the new entry is “cn=Delegation,erglobalid=00000000000000000033,ou=config,ou=itim,<tenant-dn>”. This entry will get added when ldapUpgrade utility runs as part of fixpack upgrade.
6. MANDATORY changes. The changeRoleHierarchy operational workflow has been modified as part of APAR IV20189. The erXML attribute of changeRoleHierarchy operation will be updated by the ldapUpgrade utility, which runs as part of fixpack upgrade.

Files Replaced or Added or Modified by this Fixpack:

ITIM ear, home, and updi files (embedded inside of the *.pak file)

Patch Contents:
- This README file
- 5.1.0.13-ISS-TIM-FP0013.pak


MD5 Checksums:
c6a21945fd8b0c9f12da1017328e010b 5.1.0.13-ISS-TIM-FP0013.zip
5e3cef3ce271723825c01963b4b3efac 5.1.0.13-ISS-TIM-FP0013.pak

none

Applying the Patch:

1) Extract the Fixpack zip file to a temporary directory on your hard drive:

# jar xvf 5.1.0.13-ISS-TIM-FP0013.zip

NOTE: You may also use any unzip equivalent to unpack the zip file.
Back-level versions of jar, FastJar or PKZIP may report errors.
Use the jar executable supplied with java or another zip utility
to uncompress the file.

2) Copy the file(s) to the appropriate directory. The following is a typical example. Yours may be different.
/opt/IBM/WebSphere/UpdateInstaller/maintenance/

NOTE: *************************************************************************
Always BACKUP your old files in a safe place in case an unforseen
event occurs. It is recommended to backup ITIM_HOME/data directory.
Especially, be sure to backup any configuration files you
may have modified such as properties or xml files.
NOTE: *************************************************************************
When performing this Fixpack installation on a slower system the deployment could take a long time.
We have seen times in the 30 to 60 minute range or higher. It is recommended to extend the WebSphere SOAP Request Timeout value from 180 to 1800 seconds or higher as needed.
Configuration file:
WAS_HOME/profiles/PROFILE_NAME/properties/soap.client.props
Property to change:
com.ibm.SOAP.requestTimeout=1800 (30 minutes)
NOTE: com.ibm.SOAP.requestTimeout=0 will provide an infinite timeout.

If you encounter a timeout problem you will see the following entries in the update installer logs:
WASX7017E: Exception received while running file
"/opt/IBM/itim/properties/version/nif/config/install/was/updateEar.py";
exception information: com.ibm.websphere.management.exception.ConfigServiceException
com.ibm.websphere.management.exception.ConnectorException
org.apache.soap.SOAPException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Read timed out;
targetException=java.net.SocketTimeoutException: Read timed out]
NOTE: *************************************************************************
You must use the WebSphere Update Installer Version V6.1.0.13 or newer. You may download the
latest version and get more information about the WebSphere Update Installer here:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg24012718
NOTE: *************************************************************************
Fixpack Installation procedure

NOTE*** For Installing on a Cluster:
Perform the procedure starting at step 2 first on the NDM and then on every node in the cluster.
Do not perform Step 1. on a Cluster.
Before starting Fixpack Installation on cluster:
A. Ensure all node agents are up and can communicate with the NDM.
B. Ensure ITIM application cluster and ITIM Messaging cluster are stopped.
C. If the DM node and a cluster member are in the same host, perform this procedure only once.
NOTE*** For Installing on a Cluster end.

1. Stop WebSphere using your normal procedures, eg.
$WAS_HOME/profiles/AppSrv01/bin/stopServer.sh server1
Or if you wish to submit userid and password when WAS admin security is used:
$WAS_HOME/profiles/AppSrv01/bin/stopServer.sh server1 -username xxxx -password yyyy
Proceed to step 2, only after the stop confirmation is displayed.

2. Execute the WebSphere Update Installer, eg.
/opt/IBM/WebSphere/UpdateInstaller/update.sh
C:\Program Files\IBM\WebSphere\UpdateInstaller\update.bat

3. When the update installer asks for Product Selection,specify your ITIM_HOME directory,
typically, /opt/IBM/itim. Later steps will prompt for the location of the fix deliverable (*.pak file).
When you go forward in the update installer panels, you should see the Fixpack listed in the
"Available Maintenance Package to Install" panel.

4. Select the Next Button and confirm in the next panel by selecting the Next button.

5. After the Maintenance Installation is complete, you may exit the Update Installer

6. Perform the COMMON TASKS listed below these instructions.

7. After you are done with the COMMON TASKS, then:

8. You may begin using ITIM. WebSphere is automatically restarted during the update process.

NOTE: *********************************************************************************
The following are COMMON TASKS that you need to perform prior to restarting the
AppServer or Cluster.
NOTE: *********************************************************************************
1. OPTIONAL: Required Additional steps for IZ74342.
Connect to the directory server instance with the help of any ldap client such as Ldap Browser Editor.
Navigate to the entry for 'Default adoption policy for ITIM', under ou=policies,erglobalid=00000000000000000000,ou=<tenantID>,<root suffix>.
Replace the erjavascript attribute value for Default adoption policy for ITIM

if ((subject[ "eruid"]==null))
{
return null;
}
else if (subject["eruid"]!=null)
{
var buff='(|';

for(i=0;i<subject["eruid"].length;i++) {
var escaped = "";
var obj = subject["eruid"][i];
for(var j=0;j<obj.length;j++) {
var ch = obj.charAt(j);
if(ch == '\\') { escaped += '\\5C'; }
else if (ch == '*') { escaped += '\\2A'; }
else if (ch == '(') { escaped += '\\28'; }
else if (ch == ')') { escaped += '\\29'; }
else if (ch == '?') { escaped += '\\3F'; }
else if (ch == '+') { escaped += '\\2B'; }
else if (ch == '[') { escaped += '\\5B'; }
else if (ch == ']') { escaped += '\\5D'; }
else if (ch == '^') { escaped += '\\5E'; }
else if (ch == '$') { escaped += '\\24'; }
else if (ch == '\"') { escaped += '\\22'; }
else if (ch == '\'') { escaped += '\\27'; }
else if (ch == '=') { escaped += '\\3D'; }
else if (ch == ';') { escaped += '\\3B'; }
else if (ch == '<') { escaped += '\\3C'; }
else if (ch == '>') { escaped += '\\3E'; }
else if (ch == '{') { escaped += '\\7B'; }
else if (ch == '}') { escaped += '\\7D'; }
else { escaped += ch; }
}
buff+='(uid='+escaped+')';
}
buff+=')';
var ps = new PersonSearch();
var searchResult = ps.searchByFilter("",buff, 2);
if (searchResult!=null && searchResult.length>0)
return searchResult;
else { return null; }
}

* Note: Ensure that you change/edit tenantID and root suffix according to your system configuration.

2. OPTIONAL: Additional steps for IZ81042.
A. Connect to the directory server instance with the help of any ldap client such as Ldap Browser Editor.
B. Navigate to the selfRegister operation of BPPerson.
C. Copy the erXML attribute of selfRegister operation of BPPerson using LDAP browser and paste in a textpad as follows:
<?xml version="1.0" encoding="UTF-8"?> <PROCESSDEFINITION NAME="bpPersonSelfRegProcessName" WORKFLOWID="EU" AUTHOR="Corey Williams" COUNTRY_KEY="SR" DESCRIPTION="bpPersonSelfRegProcessDesc" DURATION_UNIT="m" LIMIT="43200000" CREATED="04-March-2003" VALID_FROM="04-March-2003" VALID_TO="04-March-2004" CLASSIFICATION="SO" VERSION="1.0" > <ESCALATION_PARTICIPANT PARTICIPANTID="SystemAdmin" TYPE="SA" NAME=""/> <PARAMETERS> <IN_PARAMETERS PARAM_ID="person" TYPE="BPPerson" RELEVANT_DATA_ID="person"/> </PARAMETERS> ..............................</PROCESSDEFINITION>

D. Modify the value of attribute WORKFLOWID from "EU" to "SR" and attribute COUNTRY_KEY from "SR" to "US" of PROCESSDEFINITION tag as follows:
<?xml version="1.0" encoding="UTF-8"?> <PROCESSDEFINITION NAME="bpPersonSelfRegProcessName" WORKFLOWID="SR" AUTHOR="Corey Williams" COUNTRY_KEY="US" DESCRIPTION="bpPersonSelfRegProcessDesc" DURATION_UNIT="m" LIMIT="43200000" CREATED="04-March-2003" VALID_FROM="04-March-2003" VALID_TO="04-March-2004" CLASSIFICATION="SO" VERSION="1.0" > <ESCALATION_PARTICIPANT PARTICIPANTID="SystemAdmin" TYPE="SA" NAME=""/> <PARAMETERS> <IN_PARAMETERS PARAM_ID="person" TYPE="BPPerson" RELEVANT_DATA_ID="person"/> </PARAMETERS> .............................</PROCESSDEFINITION>

E. Copy this modified erXML attribute from textpad and replace the original erXML attribute of the selfRegister operation of BPPerson through LDAP browser.
F. Restart ITIM application for the changes to be effective.

3. OPTIONAL: Additional steps for IZ86888.
A. Connect to the directory server instance with the help of any ldap client such as Ldap Browser Editor.
B. Navigate to the entry for ( cn=00000000000000000078,erGlobalid=00000000000000000033,ou=config,ou=itim,ou=<tenantID>,<root suffix> )
C. Replace the value of erXHTML attribute of this entry with the following value.
<Value>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>$TITLE</title> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> <link type="text/css" title="Styles" rel="stylesheet" href="$BASE_URL/console/css/imperative.css" /> </head> <body topmargin="0" marginheight="0" leftmargin="0" marginwidth="0" bgcolor="ffffff"> <!-- Block for the Template Header part --> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <!-- Tivoli logo --> <td width="186" background="$BASE_URL/console/html/images/mid-part-1.gif"><img src="$BASE_URL/console/html/images/left-tiv-1.gif" alt="$LOGO_ALT" /></td> <!-- Middle part --> <td background="$BASE_URL/console/html/images/mid-part-1.gif" width="692"></td> <!-- IBM logo --> <td align="right" background="$BASE_URL/console/html/images/mid-part-1.gif"><img border="0" src="$BASE_URL/console/html/images/ibm_banner.gif" width="105" height="50" /></td> </tr> </tbody> </table> <!-- Title Bar --> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr bgcolor="#a8a8a8"> <td height="20" width="8"></td> <!-- ITIM Notification Label --> <td height="20" class="text-description" width="979" valign="middle">$TITLE</td> <td height="20" width="5"></td> </tr> </tbody> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <!-- Background for the template body --> <td background="$BASE_URL/console/html/images/portfolio_background.gif" height="148"> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td width="5"></td> <td align="left" class="text-description" valign="middle" height="65"> <!-- Start of notification body --> <p> <RE key="userRecertTemplateBody"><PARM><JS>process.requesteeName</JS></PARM><PARM><JS>var doc = ApprovalDocument.get(); var count = doc.getDecisionItemCountByType(doc.TYPE_ROLE); return count.toString();</JS></PARM><PARM><JS>var doc = ApprovalDocument.get(); var count = doc.getDecisionItemCountByType(doc.TYPE_ACCOUNT) + doc.getDecisionItemCountByType(doc.TYPE_GROUP) + doc.getDecisionItemCountByType(doc.TYPE_ITIM_GROUP) + doc.getDecisionItemCountByType(doc.TYPE_GROUP_ACCESS); return count.toString();</JS></PARM></RE> </p> </td> </tr> <!-- XTTL Tag templates --> <tr> <td width="5"></td> <td align="center" valign="middle"> <table width="98%" border="0" cellspacing="1" cellpadding="1" bgcolor="gray"> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="itimRequestUrl"/>:</td><td width="773" class="text-description" bgcolor="white"><ITIMURL/></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="name"/>:</td><td width="773" class="text-description" bgcolor="white"><RE><KEY><JS>process.name;</JS></KEY></RE></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="timeScheduled"/>:</td><td width="773" class="text-description" bgcolor="white"><RE key="readOnlyDateFormat"><PARM><JS>if (process.scheduled != null){ return process.scheduled.getTime(); }else{ return '';}</JS></PARM></RE></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="recertRequestType"/>:</td><td width="773" class="text-description" bgcolor="white"><RE key="recertRequestTypeName"/></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="recertRequestedFor"/>:</td><td width="773" class="text-description" bgcolor="white"><JS>process.requesteeName;</JS></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcol
or="EBEDF3"><RE key="recertRequestedBy"/>:</td><td width="773" class="text-description" bgcolor="white"><JS>process.requestorName;</JS></td></tr> <tr align="left" valign="middle"><td class="text-description" bgcolor="EBEDF3"><RE key="recertDueDate"/>:</td><td width="773" class="text-description" bgcolor="white"><RE key="readOnlyDateFormat"><PARM><JS>if (activity.duedate > 0){ return activity.duedate;} else{ return '';}</JS></PARM></RE></td></tr> </table> <!-- End of notification body --> </td> </tr> <tr> <td align="center" valign="middle" height="30"></td> </tr> </table> </td> </tr> </tbody> </table> <!-- Copyright Table --> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr bgcolor="#a8a8a8" align="center" valign="middle"> <td class="text-description">IBM Copyright 2008, 2009</td> </tr> </tbody> </table> </body> </html>
</Value>
D. Replace the erText attribute of this entry with the following value.
<Value>
<RE key="userRecertTemplateBody"><PARM><JS>process.requesteeName</JS></PARM><PARM><JS>var doc = ApprovalDocument.get(); var count = doc.getDecisionItemCountByType(doc.TYPE_ROLE); return count.toString();</JS></PARM><PARM><JS>var doc = ApprovalDocument.get(); var count = doc.getDecisionItemCountByType(doc.TYPE_ACCOUNT) + doc.getDecisionItemCountByType(doc.TYPE_GROUP) + doc.getDecisionItemCountByType(doc.TYPE_ITIM_GROUP) + doc.getDecisionItemCountByType(doc.TYPE_GROUP_ACCESS); return count.toString();</JS></PARM></RE> <RE key="itimRequestUrl"/>: <ITIMURL/> <RE key="name"/>: <RE><KEY><JS>process.name;</JS></KEY></RE> <RE key="timeScheduled"/>: <RE key="readOnlyDateFormat"><PARM><JS>if (process.scheduled != null){ return process.scheduled.getTime();}else{ return '';}</JS></PARM></RE> <RE key="recertRequestType"/>: <RE key="recertRequestTypeName"/> <RE key="recertRequestedFor"/>: <JS>process.requesteeName;</JS> <RE key="recertRequestedBy"/>: <JS>process.requestorName;</JS> <RE key="recertDueDate"/>: <RE key="readOnlyDateFormat"><PARM><JS>if (activity.duedate > 0){ return activity.duedate;} else{ return '';}</JS></PARM></RE>
</Value>
E. Restart ITIM application for the changes to be effective.
F. Log in to ITIM.
G. Save all the existing recertification policies again without any modification.

* Note: Ensure that you change/edit tenantID and root suffix according to your system configuration.

4. REQUIRED: Additional steps for IV06892.
While required for the above APAR, it is recommended that the java plugin cache be cleared after every Interim Fix installation, since it may affect your deployment. Problems have shown up with the form designer when the java plug-in cache had not been cleared. After applying this fix you must clear the java plugin cache for the changes to take effect. The plugin cache has to be cleared on every machine from which you access ITIM applets in a browser.
Execute the following steps to clear the Java Plug-in cache for the JRE.
1. On a Windows box, click Start > Control Panel and double-click the Java icon in the control panel. The Java Control Panel appears.
If you are on a unix box, you can launch the java control panel by running the program:
<JRE installation directory>/bin/ControlPanel or
<JRE installation directory>/bin/JavaPluginControlPanel
On some systems you can also load the Control Panel applet with a web browser by running
<JRE installation directory>/ControlPanel.html.
2. Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

Based on your version of java plugin perform the following steps:
==> For JRE version 1.5x:
3. Click Delete Files. The Delete Temporary Files dialog box appears.
There are three options on this window to clear the cache.
1. Delete Files
2. View Applications
3. View Applets
4. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache. Please verify that all the downloaded applications and applets got deleted from file system (at the Location of java plugin cache specified on Temporary Files Settings dialog e.g.:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache"). If not, please delete the applications manually from file system.

==> For JRE version 1.6x:
3. Click Delete Files. The Delete Temporary Files dialog box appears. There are two options on this window to clear the files.
1. Applications and Applets
2. Trace and log files
4. Select both checkboxes i.e. Applications and Applets, Trace and log files and click ok.
Note: This deletes all the Downloaded Applications and Applets and logs from the cache. Please verify that all the downloaded applications and applets got deleted from file system (at the Location of java plugin cache specified on Temporary Files Settings dialog e.g.:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache"). If not, please delete the applications manually from file system.

==> For JRE version 1.7x:
3. Click Delete Files. The Delete Files and Applications dialog box appears. There are three options on this window to clear the files.
1.Trace and log files
2.Cached Applications and Applets
3.Installed Applications and Applets
4. Select all the checkboxes, Trace and log files, Cached Applications and Applets, and Installed Applications and Applets, and click ok.
Note: This deletes all the Downloaded Applications and Applets and logs from the cache. Please verify that all the downloaded applications and applets got deleted from file system (at the Location of java plugin cache specified on Temporary Files Settings dialog e.g.:/Documents and Settings/Administrator/Application Data/Sun/Java/Deployment/cache"). If not, please delete the applications manually from file system.

5. OPTIONAL: Required additional steps for IV25434.
As part of this fix, a new property 'ui.logoff.validateSession' has been introduced in $ITIM_HOME/data/SelfServiceUI.properties file and 'toolbar.jsp' has been modified. Since the fix pack installer does not automatically apply the changes to these files, please execute the following steps to manually apply the changes.
a. Stop the application server.
b. Take a back up of following files:
$ITIM_HOME/data/SelfServiceUI.properties.
$WAS_HOME/profiles/PROFILE_NAME/installedApps/NODE_NAME/ITIM.ear/itim_self_service.war/custom/toolbar.jsp.
c. Copy the toolbar.jsp file from <ITIM_HOME>/defaults/custom folder to WAS_HOME/profiles/PROFILE_NAME/installedApps/NODE_NAME/ITIM.ear/itim_self_service.war/custom folder. Please note that you will have to redo any additional customizations that might have been done in this file.
d. Restart the application server.
e. In a clustered installation, repeat the above steps on each node of the cluster.

6. OPTIONAL: Required additional steps for IV25435.
As part of the fix, $ITIM_HOME/extensions/5.1/examples/selfregistration/src/examples/selfregistration/ValidateData.java has been modified to append the list of missing or schema violating attributes at the end of the current message. To get the changes reflected after applying this patch please execute the following steps:
1) If a Self Registration application is already installed, follow the steps listed below to uninstall the sr_war application:
a) Open the Administrative Console for WebSphere.
b) Under Applications -> Enterprise Applications, select sr_war application to uninstall.
c) Save your settings.
d) Restart the WebSphere Application Server.
2) To build and install self-registration application please follow the instructions given in $ITIM_HOME/extensions/5.1/examples/selfregistration/Readme.html

7. OPTIONAL: Required additional steps for IV26027.
After applying the fix for this APAR the changes made as part of it would be incorporated in the updated $ITIM_HOME/bin/itim_report_data_sync_utility.zip file. The customers who have already unzipped the utility folder and are using it (possibly with some customization or even on the other non-ITIM systems) will have to execute the additional steps given below in order to implement this fix.

1) Locate the folder where $ITIM_HOME /bin/itim_report_data_sync_utility.zip file is extracted.
2) Copy $ITIM_HOME/lib/regexp.jar file to the /lib directory present in the folder located in step1.
3) Locate SyncData.cmd (for Windows platform) or SyncData.sh (for Unix platform) file in the folder located in step 1 and take a backup of the desired file depending on the platform used for running the utility.
4) Open the SyncData.cmd or SyncData.sh file in any text editor and modify it as shown below and save the file:
In the SyncData.cmd file add the following statement after the line "set ClassPath=!ClassPath!;!LIB_DIR!\aspectjrt.jar" :

set ClassPath=!ClassPath!;!LIB_DIR!\regexp.jar

In the SyncData.sh file add the following statement after the line "export CLASSPATH=$CLASSPATH:$LIB_DIR/aspectjrt.jar" :

export CLASSPATH=$CLASSPATH:$LIB_DIR/regexp.jar

8. OPTIONAL: Required additional steps for IZ95180 and IV27030.
In the IZ95180 fix, java classes and jsp files from the folder $ITIM_HOME/extensions/5.1/examples/self_care/ have been changed.
In the IV27030 fix, $ITIM_HOME/extensions/5.1/examples/self_care/src/examples/expi/ForgotPasswordServlet.java have been modified to add a check for an empty user id when the request is submitted.

To get the above changes reflected after applying the fixpack, you need to follow the steps listed below:
1. If the Self Care application is already installed, execute the steps listed below to uninstall the application:
a) Open the Administrative Console for WebSphere.
b) Under Applications -> Enterprise Applications, select self care application to uninstall. By default the name of the application is itim_expi_war.
c) Save your settings.
d) Restart the WebSphere Application Server.
2. To build and install the Self Care application follow instruction given in $ITIM_HOME/extensions/5.1/examples/self_care/Readme.html. Please note that you will have to redo any customizations done to this application.

END OF COMMON TASKS

5.1.0.13-ISS-TIM-FP0013