IBM Support

IBM Security Access Manager for Enterprise Single Sign-On AccessAgent fix pack 8.2.1-ISS-SAMESSO-AA-FP0004

Download


Abstract

Fix pack for IBM Security Access Manager for Enterprise Single Sign-On, AccessAgent, Version 8.2.1.

Download Description

This fix pack corrects the following issues that are found in IBM Security Access Manager for Enterprise Single Sign-On AccessAgent, Version 8.2.1 release:

  • APAR IV54553
    Symptom: Microsoft Internet Explorer might hang when a user browse a website with modal windows.
  • APAR IV54384
    Symptom: The ESSO Credential Provider is not displayed after a user resume a computer from hibernation or standby.
  • APAR IV55556
    Symptom: When you are using Windows Vista and Windows 7, the ESSO Credential Provider and AccessAgent encounter unexpected errors after you start the computer or log on to AccessAgent.
  • APAR IV60073
    Symptom: The "Enforce the use of both upper case and lower case characters?" policy is not enforced during random password generation.
  • APAR IV50311
    Symptom: The rotation of the log files is inconsistent.
  • APAR IV54444
    Symptom: When Ctrl+Alt+Del is enabled in Windows, the policy "Allow logon bypass through Windows?" is not enforced when you close the AccessAgent window by clicking the "X" button.
  • APAR IV55584
    Symptom: When you attempt to export credentials to a Linux network share, the export creates an empty file.
  • APAR IV56195
    Symptom: AccessAgent triggers an inactivity timeout even if the user is still active when the user is using only the mouse and not the keyboard.
  • APAR IV56197
    Symptom: If the Ctrl+Alt+Del screen is enabled, the user name field is not auto-filled when the user unlock the computer.
  • APAR IV60074
    Symptom: The Microsoft Internet Explorer might crash when user switch from console to remote session if the Ask window is shown.
  • APAR IV60770
    Symptom: The Microsoft Internet Explorer might crash or display a data execution prevention error when you navigate away from a Java applet.
  • Defect
    Symptom: If you failed to reauthenticate due to incorrect password for a number of consecutive times, AccessAgent might still prompt that the password is incorrect after you entered the correct password.
  • Defect
    Symptom: When you apply the IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1, fix pack 3 on Microsoft Windows XP, you cannot logoff or shutdown your computer.
  • Enhancement

    • For provisioned users, an option to remove the requirement to cache wallet on AccessAgent is added.
    This enhancement can be enabled by creating a DWORD key CreateProvKeyPairOnLoginEnabled with value 1 under HKLM\SOFTWARE\IBM\ISAM ESSO\Temp.
  • Enhancement

    • The policy pid_auth_capture_prompt_enabled is supported for Windows Credential Provider.

The following issues were corrected by interim fix 8.2.1-ISS-SAMESSO-AA-IF0002:
  • APAR IV56196
    Symptom: Occasional display issues with the ESSO Credential Provider when the machine resumes from Hibernate or Sleep mode.
  • APAR IV58820

    • Symptom: Automatic login with shared credentials do not work when many (10 or more) sessions are running in Citrix XenApp.

The following enhancement was released in the interim fix 8.2.1-ISS-SAMESSO-AA-IF0001:
  • Enhancement (This applies to IBM Security Privileged Identity Manager users)


    • This provides support for non-exclusive credentials. When non-exclusive shared access credentials are defined in IBM Security Identity Manager, multiple users can log on by using the same non-exclusive credentials concurrently. When prompted to select a shared access ID to check out, you select the non-exclusive shared access credential.

    For more information about the check-out process of shared access credentials in a privileged identity management workflow, see Shared access credential check-out process in the IBM Security Privileged Identity Manager documentation.

    To configure a non-exclusive credential, see Configuring a non-exclusive credential setting in IBM Security Identity Manager.

    Limitation: The non-exclusive credential must be a shared access account. The credential cannot be in a credential pool.

    Configuring the non-exclusive credential setting in IBM Security Identity Manager



    Take the following steps to configure the non-exclusive credential setting in IBM Security Identity Manager for a shared access account.

    Procedure
    1. Start the IBM Security Identity Manager self-service interface.
    2. Select Manage Shared Access > Manage Credential Vault.
    3. Click Refresh.
    4. Select a credential that you want to define as a non-exclusive credential.
    5. Select the Credential Setting tab.
    6. Select Do not require the checkin and checkout process for shared IDs.
    For more information about the other credential settings, see Modifying credentials in the vault in the IBM Security Identity Manager product documentation.
    7. Save the settings.


Related links

For more information about the IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1, see the following links:

Prerequisites

Before you install the fix pack, ensure that you installed one of the following versions of AccessAgent:

  • AccessAgent 8.2.1.0191 (GA)
  • AccessAgent 8.2.1.0227 (Interim fix 1)
  • AccessAgent 8.2.1.0230 (Interim fix 2)

If you are an IBM Security Privileged Identity Manager customer, ensure that the IBM Privileged Session Recorder Server, Version 1.0.1.1.96 is installed before you apply this fix pack.

Installation Instructions

1. Download the AccessAgent installer file from Fix Central into your local computer. For example: C:\Temp.

    • For Windows 32-bit

      • 8.2.1-ISS-SAMESSO-AA-FP0004_32.msp
    • For Windows 64-bit

      • 8.2.1-ISS-SAMESSO-AA-FP0004_64.msp
   
2. Run the AccessAgent installer file with administrator privileges.

Note: For Windows 7, right-click cmd.exe and choose Run as Administrator.
    • For Windows 32-bit

      • msiexec /p "8.2.1-ISS-SAMESSO-AA-FP0004_32.msp"
    • For Windows 64-bit

      • msiexec /p "8.2.1-ISS-SAMESSO-AA-FP0004_64.msp"

3. Click Finish. The ISAMESSO AccessAgent Installer Information window is displayed.

4. Click Yes.

5. Restart the computer.

6. Right-click the AccessAgent tray icon in the system tray and select About ISAMESSO AccessAgent. The AccessAgent version is displayed.
    If you successfully installed 8.2.1-ISS-SAMESSO-AA-FP0004, the AccessAgent version is updated to 8.2.1.1120 and the AccessAgent maintenance level is FP0004.

Silent Installation Procedure

You can also install the fix pack silently.

Before you begin
Ensure that you have administrator privileges.

Procedure
Use the following script for silent installation on a command line.

Note: For Windows 7, right-click cmd.exe and choose Run as Administrator.
  • For Windows 32-bit

    • msiexec /p "8.2.1-ISS-SAMESSO-AA-FP0004_32.msp" /quiet
  • For Windows 64-bit

    • msiexec /p "8.2.1-ISS-SAMESSO-AA-FP0004_64.msp" /quiet

On
[{"DNLabel":"8.2.1-ISS-SAMESSO-AA-FP0004","DNDate":"20 Jun 2014","DNLang":"English","DNSize":"57028608","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+Enterprise+Single+Sign-On&release=8.2.1&platform=All&function=fixId&fixids=8.2.1-ISS-SAMESSO-AA-FP0004&includeRequisites=1&includeSupersedes=0","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"AccessAgent","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Problems (APARS) fixed
IV54553;IV54384;IV54553;IV55556;IV56196;IV60073;IV50311;IV54444;IV55584;IV56195;IV56197;IV60074;IV60770

Document Information

Modified date:
15 June 2018

UID

swg24037818

Page Feedback