IBM Security Access Manager for Enterprise Single Sign-On AccessAgent fix pack 8.2.1-ISS-SAMESSO-AA-FP0006

Download Description

This fix pack corrects the following issues that are found in IBM Security Access Manager for Enterprise Single Sign-On AccessAgent, Version 8.2.1 release:

• APAR IV61009
  Symptom: ESSO Credential Provider may blink and user is unable to logon or unlock Windows.

• APAR IV61403
  Symptom: Ocassionally, logoff from Windows requires user to close all applications that are currently opened.
• APAR IV61604
  Symptom: Unable to logon to AccessAgent via Network Provider when using User Principal Name attribute.
• APAR IV62561
  Symptom: Word/Excel or other Microsoft Office Application may hang when saving a file that was initially opened from a Sharepoint Server.
• APAR IV62567
  Symptom: Windows Interactive Service Detection window may be displayed during iFix or Fixpack installation.
• Defect
  Symptom: While installing an iFix/Fixpack or uninstalling ISAM ESSO Access Agent, user may encounter a message box "Unexpected Error - A critical process was terminated unexpectedly.  The ESSO components have been restarted. Log in to AccessAgent to continue using Single Sign-On."
• Defect
  Symptom: After installing an iFix, the Software Version in the "Session Information" window is not the same as the one displayed in "About ISAM ESSO AccessAgent" window.

• APAR IV61961
  Symptom: Random password generation does not work in AccessAgent 8.2.1 FP0004.

• Defect
  AccessAgent file was not digitally signed - AttisService.exe.

• APAR IV54553
  Symptom: Microsoft Internet Explorer might hang when a user browses a website with modal windows.

• APAR IV54384
  Symptom: The ESSO Credential Provider is not displayed after a user resumes a computer from hibernation or standby.

• APAR IV55556
  Symptom: When you are using Windows Vista and Windows 7, the ESSO Credential Provider and AccessAgent encounter unexpected errors after you start the computer or log on to AccessAgent.

• APAR IV60073
  Symptom: The "Enforce the use of both upper case and lower case characters?" policy is not enforced during random password generation.

• APAR IV50311
  Symptom: The rotation of the log files is inconsistent.

• APAR IV54444
  Symptom: When Ctrl+Alt+Del is enabled in Windows, the policy "Allow logon bypass through Windows?" is not enforced when you close the AccessAgent window by clicking the "X" button.

• APAR IV55584
  Symptom: When you attempt to export credentials to a Linux network share, the export creates an empty file.

• APAR IV56195
  Symptom: AccessAgent triggers an inactivity timeout even if the user is still active when the user is using only the mouse and not the keyboard.

• APAR IV56197
  Symptom: If the Ctrl+Alt+Del screen is enabled, the user name field is not auto-filled when the user unlock the computer.

• APAR IV60074
  Symptom: The Microsoft Internet Explorer might crash when user switch from console to remote session if the Ask window is shown.

• APAR IV60770
  Symptom: The Microsoft Internet Explorer might crash or display a data execution prevention error when you navigate away from a Java applet.

• Defect
  Symptom: If you failed to reauthenticate due to incorrect password for a number of consecutive times, AccessAgent might still prompt that the password is incorrect after you entered the correct password.

• Defect
  Symptom: When you apply the IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1, fix pack 3 on Microsoft Windows XP, you cannot logoff or shutdown your computer.
• Enhancement

For provisioned users, an option to remove the requirement to cache wallet on AccessAgent is added.
This enhancement can be enabled by creating a DWORD key CreateProvKeyPairOnLoginEnabled with value 1 under HKLM\SOFTWARE\IBM\ISAM ESSO\Temp.

• Enhancement

The policy pid_auth_capture_prompt_enabled is supported for Windows Credential Provider.

• APAR IV56196
  Symptom: Occasional display issues with the ESSO Credential Provider when the machine resumes from Hibernate or Sleep mode.

• APAR IV58820

Symptom: Automatic login with shared credentials do not work when many (10 or more) sessions are running in Citrix XenApp.

The following enhancement was released in the interim fix 8.2.1-ISS-SAMESSO-AA-IF0001:

• Enhancement (This applies to IBM Security Privileged Identity Manager users)

This provides support for non-exclusive credentials. When non-exclusive shared access credentials are defined in IBM Security Identity Manager, multiple users can log on by using the same non-exclusive credentials concurrently. When prompted to select a shared access ID to check out, you select the non-exclusive shared access credential.

For more information about the check-out process of shared access credentials in a privileged identity management workflow, see Shared access credential check-out process in the IBM Security Privileged Identity Manager documentation.

To configure a non-exclusive credential, see Configuring a non-exclusive credential setting in IBM Security Identity Manager.

Limitation: The non-exclusive credential must be a shared access account. The credential cannot be in a credential pool.

Configuring the non-exclusive credential setting in IBM Security Identity Manager

Take the following steps to configure the non-exclusive credential setting in IBM Security Identity Manager for a shared access account.

Procedure
1. Start the IBM Security Identity Manager self-service interface.
2. Select Manage Shared Access > Manage Credential Vault.
3. Click Refresh.
4. Select a credential that you want to define as a non-exclusive credential.
5. Select the Credential Setting tab.
6. Select Do not require the checkin and checkout process for shared IDs.
For more information about the other credential settings, see Modifying credentials in the vault in the IBM Security Identity Manager product documentation.
7. Save the settings.

• Supplementary release notes for IBM Security Access Manager for Enterprise Single Sign-On
• Product documentation
• Release notes