News
Abstract
This document contains release information that was not documented in the published Release Notes.
Content
Tab navigation
Overview
IBM Security Privileged Identity Manager, Version 1.0.1.1, is a manufacturing refresh. The manufacturing refresh includes updates to the following components:
- IBM Privileged Session Recorder Server, Version 1.0.1.1
- IBM Security Privileged Identity Manager Virtual Appliance, Version 1.0.1.1
- IBM Cognos Reporting components
For more information about what's new in the manufacturing refresh, see New in 1.0.1.1.
Installing
To download version 1.0.1.1, go to http://www.ibm.com/support/docview.wss?uid=swg24036286.
Important: IBM Security Privileged Identity Manager, Version 1.0.1.1, with session recording requires IBM Security Access Manager for Enterprise Single Sign-On, V8.2.1, Fix Pack 3. You must upgrade the server components first before you upgrade AccessAgent. See Upgrading IBM Security Privileged Identity Manager.
For more information about the IBM Security Privileged Identity Manager installation, see the following additional technotes:
- Considerations when installing and configuring WebSphere software for IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1
- Considerations when installing and configuring WebSphere software for the IBM Privileged Session Recorder Server
- Preparing server SSL certificates for deploying on the AccessAgent client computers
Issues and limitations
Privileged Session Recorder
- In session recordings with IBM Personal Communications, the status-bar is not recorded.
- The IBM Privileged Session Recorder configuration utility is available in English language only.
- The IBM Privileged Session Recorder configuration utility cannot start when there are non-ASCII characters in the installation path.
- For Arabic locales, the Privileged Session Recorder console does not use Arabic-Indic digits and does not use the correct date and time format.
- On a monitored application, when you complete actions with modifier keys, for example Ctrl+A, the Privileged Session Recorder on the client computer logs the action as two separate events. For example: Ctrl and Ctrl+A.
- The IBM Privileged Session Recorder ignores Microsoft Windows accessibility settings for StickyKeys, ToggleKeys, FilterKeys, and MouseKeys.
- Issue: When the user simultaneously opens several instances of RDP, the Allow me to save credentials check box is not automatically selected. Check out of shared access credentials fails.
Workaround: User must select the check box and click Connect to successfully check out the credential.
- Issue: Credential injection fails when the user starts any of the applications, and at the time of injection the application is overlaid with another application, or with the lease expiry window.
Workaround: Ensure that you place focus on the application until application logon is complete.
- Issue: When using Remote Desktop Connection, AccessAgent offers to save the shared credentials after injecting the checked out user name and password. This issue occurs after the PIM_Profiles.eas AccessProfile is uploaded to the IMS Server.
Workaround: Disable the sso_site_wnd_rdp6_with_options AccessProfile.
1. Log in to AccessAgent as an ISAM ESSO administrator.
2. Open AccessStudio.
3. Choose File > Import data from local AccessAgent.
4. From the list of AccessProfiles, select sso_site_wnd_rdp6_with_options.
5. Select the General Properties tab.
6. Under Signatures identifying web-page or exe where this AccessProfile is to be loaded, click Remove.
7. Right-click sso_site_wnd_rdp6_with_options.
8. Click Upload to IMS.
- Issue: The password injection process does not start if you resized the PuTTY window to a width that is too small. This situation occurs if you resize the window to 24 columns wide, or a width where the user password prompt splits into a new line, as shown in the following example.
login as: adminaccount
adminaccount@192.0.2.24's passw
ord
The password injection process with the bundled AccessProfile cannot find a match for the word, password, because the keyword password is split into separate lines. As a result, the password is not injected.
Workaround: Resize the PuTTY window so that the line for the password does not split. - The bundled IBM Security Privileged Identity Manager AccessProfiles are not designed for Microsoft Remote Desktop Connection clients with versions 6.1.76xx.
- The IBM Security Privileged Identity Manager AccessProfile for Microsoft Remote Desktop Connection RDP client does not support the injection of shared credentials at the RDP lock screen.
- Check-out and check-in of shared credentials cannot work for mainframe applications that run on z/OS® and i5 series, which have the following workflow:
1. Inject user name.
2. Press Tab.
3. Inject password.
See Automating the credential check-out and check-in process in the product documentation. - Multiple IBM Security Identity Manager credentials for one AccessAgent user is not supported.
- When the user does not have an IBM Security Identity Manager credential in the user Wallet and simultaneously starts two applications, such as RDP and VMware vSphere Client, checking out shared credentials only works for one application where the user enters the IBM Security Identity Manager credentials when prompted by AccessAgent.
- Shared access credential check-out in RDP only works when the General tab is selected.
- 1.0.1.1: When an administrator checks out a credential for an endpoint, a justification is added and captured in IBM Security Identity Manager. If the administrator performs another checkout with the same endpoint, and reuses the same credentials, the justification added is not shown in IBM Security Identity Manager.
Archival
Exporting to a non-existent directory or a directory with spaces or special characters throws an error. The error occurs when you run sp_export_psr_partitionset
Error Message : Unexpected error occurred : SQL0480N The procedure "SYSPROC.ADMIN_CMD " has not yet been called. SQLSTATE=51030
Virtual appliance
For information about the IBM Security Privileged Identity Manager virtual appliance, see Troubleshooting and support for version 1.0.1.1.
Cognos reporting
When generating a Cognos-based report, if you require only the records for the current date, you must specify both the start date and end date. Otherwise, the previous data are also displayed in the report.
Documentation updates
Upgrading the Privileged Session Recorder Server from 1.0.1 to 1.0.1.1
Error in step 16. The correct version should have read as:
16. Start the ISPIMRecorder application.
Related Information
[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"1.0.1;1.0.1.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21653782