IBM Support

IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 Issues and Limitations



This document identifies the issues and limitations and provides workarounds for IBM Security Access Manager for Enterprise Single Sign-On. This document is continuously updated as critical issues requiring workarounds are discovered.



  • AccessAgent does not work properly if you install AccessAgent in a custom installation path with non-ASCII characters.
    - An error occurs when running the JVMSupport.vbs script.
    - The Cryptoboxes folder is not created.
    Workaround: Do not use non-ASCII characters in the installation path.
  • When you install AccessAgent on Windows 7 64-bit, if ConsoleAppSupportEnabled in the SetupHlp.ini file is set to 1, the InstallConsoleSupport.vbs error occurs.
    Workaround: Set the ConsoleAppSupportEnabled to 0 and run the InstallConsoleSupport.vbs after installation.

  • AccessAgent related activities on Windows 8 and Windows 8.1 can cause a Windows Defender process to use 99% of the computer resources. As such, this issue can affect the performance of the computer.
    Workaround: Add the following processes in the Windows Defender process exception list:
    • SOCIAccess.exe
    • AATray.exe
    • LogonManager.exe
    • Sync.exe
    • SOCIMonitor.exe
    • AA.exe
  • On Windows 8 and Windows 8.1, the AccessProfile action Click a menu option does not work if the context menu is displayed close to the outer edges of the Windows 8 and Windows 8.1 application main window.

    Workaround: Move the application window closer to the left side of the Windows desktop.

  • The authentication service that is provisioned through an API does not work. The corresponding user name for the provisioned authentication service is not stored in the Wallet Manager.

    Workaround: The provisioned user must log on to AccessAgent and choose to cache the user Wallet. The user Wallet must be cached so that AccessAgent can process the user credentials for the provisioned authentication services.

  • When you install the IBM Security Access Manager Single Sign-On Suite, the values that you saved in the Setuphlp.ini file are not reflected in the IMS Server Setting window.
  • When you start Microsoft Internet Explorer 10 in Windows 8 and Windows 8.1 for the first time, you are prompted to enable the ISAM ESSO Browser Helper Object add-on. Single sign-on works only after you enable the add-on and then open a new browser window or a new tab.
  • Windows 8 and Windows 8.1, 32-bit and 64-bit Windows Store apps are not supported.
  • Single sign-on to console applications are not supported in Windows 8, Windows 8.1, and Windows Server 2012.
  • Transparent Screen Lock is not supported on a remote desktop session because of a Windows Aero limitation.
  • The Transparent Screen Lock window might not update or refresh as fast as your application if the application refresh interval rate is lower than 500 milliseconds.
  • Some of the hot key combinations might not work as it can conflict with Windows Secure Attention Sequence such as Ctrl+Alt+Del.


  • The "Installer User Interface Mode Not Supported" error occurs when you run the IMS Server installer on Windows Server 2012.

    Workaround: To fix this problem, you can do any of the following tasks:

    • Run the IMS Server installer in command line and add argument "-i GUI" or "-i Console".
    • Change the compatibility level of IMS Server installer to Windows 7 by doing the following tasks:
      1. Right-click the IMS Server installer exe file.
      2. Go to Properties > Compatibility > Compatibility mode.
      3. Select the Run this program in compatibility mode for checkbox.
      4. Select Windows 7 from the drop-down menu.
      5. Click OK.
  • The "IMS Server KeyStore setup failed" error occurs when you configure the IMS Server with the IMS Configuration Wizard.

    Workaround: Install the required fix packs and interim fixes for the appropriate WebSphere software version.

    • For WebSphere Application Server, Version 8.5. install Fix Pack 2 and the required interim fix for WebSphere Application Server and the Java SDK.
    • For WebSphere Application Server, Version 7.0, install Fix Pack 29 for WebSphere Application Server and the Java SDK.

    For more information, see Considerations when installing and configuring WebSphere Application Server and IBM HTTP Server for IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1.

    On clustered deployments, remember to install the fix packs on the deployment manager and all custom nodes.

  • Enterprise directory validation fails when you create a new directory and apply the following configurations:
    1. Set the Use SSL to No in the Advanced window.
    2. Set the Enable AccessAssistant/Web Workplace password reset? to Yes but you do not provide details of the IBM Security Identity Manager Adapter.
    3. On the same page, set the Use SSL to Yes, which hides the IBM Security Identity Manager Adapter settings.
    4. Complete the required directory settings and click Next.

    Workaround: Go to the Enterprise Directories page and re-create or edit the enterprise directory settings and set the SSL setting correctly.

  • The following deprecated features might exist in the AccessAdmin and IMS Configuration Utility user interface:
    • Transparent Screen Lock for Windows XP
    • Entries for Active Proximity Badge


  • The following triggers do not get fired when you run the AccessProfile in Windows 8 and Windows 8.1:
    • Window position changes
    • Window is shown
    • Text is displayed on a window
    • Text is displayed on a console window
  • Cannot pass property value of property store item from the AccessProfile widget to the main AccessProfile.

      Workaround: Transfer the property value contents to an Account Data bag and pass the Account data bag by reference.

    • Cannot pass the value of an Account data bag or Property Store Item parameter variable by value. The data becomes null after providing a value.

        Workaround: Copy the value assigned to the parameter variable into a new variable and pass the new variable by reference.

      Cognos Reporting

      When generating a Cognos-based report, if you require only the records for the current date, you must specify both the start date and end date. Otherwise, the previous data are also displayed in the report.

      Third-party limitations

      • AccessAgent Installer cannot display the following text in bidirectional mirroring:
        • Language selection options
        • IMS Server error message
      • AccessStudio cannot display the following fields with bidirectional mirroring:
        • Drag-and-drop bar and icon
        • Title and subtitle bar
      • Some GB18030 G1 characters are not displayed correctly in some AccessStudio fields.
      • AccessStudio cannot import an AccessProfile from the IMS Server if the AccessProfile contains a field with characters outside the Basic Multilingual Plane (BMP).

[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018