Download
Abstract
This fix pack for IBM Security Privileged Identity Manager, Version 2.1.0 contains new enhancements and fixes.
Download Description
IMPORTANT: The license file is updated. Refer to the license file in the fix pack package.
Enhancements:
- IBM® Security Access Manager as a supporting program
IBM Security Access Manager is now offered as a supporting program in IBM® Security Privileged Identity Manager. See Supplementary release notes for IBM Security Privileged Identity Manager V2.1.0
- Support for Virtual Appliance SSL certificate with the Subject Alternative Name (SAN) attribute
The SSL certificate generated by the virtual appliance now includes the Subject Alternative Name (SAN) attribute. See Generating the SSL Certificate with the Subject Alternative Name (SAN) attribute for post installation steps.
This fix pack corrects security vulnerabilities and the following issues that are found in IBM® Security Privileged Identity Manager 2.1.0 release:
- APAR IV95439
When the checkout justification field is set to mandatory and a user checks out a credential without providing a justification in the Privileged Identity Manager Self-service console, a blank page is displayed.
- APAR IV95896
The user is unable to remove any requested access that is approved in the Privileged Identity Manager Self Service Console.
- APAR IV96484
In a virtual appliance cluster deployment, if the database configuration is set to run on non-SSL connection, reconfiguring any database related configuration parameters will cause the member nodes synchronization to fail.
- APAR IV96942
An error message is shown in the Administrative Console when the user is performing a search for a credential or credential pool by using the resource name as the filtering condition.
- APAR IV92329
The REST API request for creation of resource does not fail when there are spacing character(s) in the resource UID.
- APAR IV89554
When a user is executing commands on the virtual appliance with the command line interface (CLI), the system generates misleading error messages. For example, No such file or directory errors, even though the command execution is successful.
- APAR IV97169
Unable to check in or delete a credential when the user that has the credential checked out is deleted in IBM Security Privileged Identity Manager.
- APAR IV88917
The fix pack version is not reflected correctly in the About page in the Administrative Console.
- Defect
The configured syslog from the IBM Security Privileged Identity Manager Virtual Appliance is not sent to IBM QRadar Security Intelligence Platform.
- Defect
Once an Access, with the "By Rule" assignment type is created, the rule cannot be modified anymore.
For more information on new features and enhancements, see New in Version 2.1.0.
Installation Instructions
Note:
- This fix pack can take up to 10 minutes to install. Do not shut down or reboot the virtual appliance while installation is in progress.
- This fix pack is certified for use with virtual appliances that are operating in FIPS-compliant mode.
Installation from the LMI User Interface (recommended)
Access the LMI of the virtual appliance by using a web browser at https://<pimva>:9443/login.
Procedure
- Download the fix pack to your local workstation.
- From the IBM Security Privileged Identity Manager dashboard, select Manage.
- Under Manage, click Fix Packs.
- In the Fix Pack page, select New.
- In the Add Fix Pack, select Browse for Fix Pack.
- Select the required fix pack.
- Select Save Configuration in the Add Fix Pack panel.
- Restart the virtual appliance.
Installation from the command line interface (CLI)
Access the command line interface of the virtual appliance by using either an SSH session or the console.
Procedure
- Copy the fix pack to a USB device.
Note: The fix pack must not be in a folder on the USB device. - Attach the USB device to your virtual appliance.
- In the virtual appliance CLI, run the command, fixpacks.
- Run the command, install.
Note: It lists all the fix packs that are available in the USB device. - Select the index of the 2.1.0-ISS-ISPIM-VA-FP0006.fixpack and press Enter.
- Run the list command to view the list of installed fix packs.
- Restart the virtual appliance.
Post Installation
Generating the SSL Certificate with the Subject Alternative Name (SAN) attribute
Note: Ensure that you have installed the fix pack before you generate the SSL certificate with the SAN attribute.
Procedure
- Log in to the command line interface (CLI) as an administrator.
- Run lmi reset_lmi_cert.
Step Result: The SSL certificate is renewed with the SAN attribute. The value that is generated in the certificate is the virtual appliance hostname.
On
[{"DNLabel":"2.1.0-ISS-ISPIM-VA-FP0006","DNDate":"30 Jun 17","DNLang":"English","DNSize":"124779603","DNPlat":{"label":"Platform Independent","code":"PF025"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.0&platform=Linux&function=fixId&fixids=2.1.0-ISS-ISPIM-VA-FP0006&includeRequisites=1&includeSup","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSRQBP","label":"IBM Security Privileged Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.1.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24043785