Component

Version

Release Date

18/05/2020

Adapter Version

7.1.40

Component Versions

Adapter Build 7.1.0040.00

Profile 7.1.0040

ADK 6.06.0033 z/OS

enRole Resource Management API 6.0.6

OpenSSL 1.0.2q

Documentation

Please check out the latest documentation on the IBM Knowledge Center.

Select the latest server release to navigate to the latest version of the adapter documentation.

Internal #

RFE /CASE#

Description

Items included in current release

No items included

Items included in release 7.1.39

No items included

Items included in release 7.1.38

No items included

Items included in release 7.1.37

RTC 55048

RFE 122650

RACF CSDATA segment support for single account lookup

Items included in release 7.1.36

No items included

Items included in release 7.1.36

182517

RFE 127701

ISIM RACF Adapter enhancement.

RTC 182687

Disallow external calls to agentCfg port.

Items included in release 7.1.35

RTC 182213

IGI 5.2.5 support -

As an adapter developer for z/OS I need to add support for supporting data and canonical values to the IGI profiles

Items included in release 7.1.34

No items included

Items included in release 7.1.33

No items included

Items included in release 7.1.32

RTC 174146

RFE 52070

Add an option to include “REMOVE <connect_group>” or “CONNECT <connect group>” for PRE MODIFY and POST MODIFY operations to be passed on to ISIMEXIT.

RTC 174284

N/A

As an adapter for RACF user I want to have an option to run RECOJOB outside of the adapter so that the adapter can instantly start processing the RECOSAVE contents.

RTC 176712

N/A

Add a registry setting to specify if the adapter should attempt to delete existing data set profiles before deleting an account.

RTC 174414

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2o to address PSIRT CVE-2018-0739

Items included in release 7.1.31

RTC 52661

RTC 173352

115005

As an AD for z/OS developer I need to offer the ability to explicitly disable TLS1.0 in all ADK based adapters.

RTC 173354

TS000074249

As an ADK for z/OS developer I need to add diagnostic messages to the ADK that allow troubleshooting 2-way ssl connections

RTC 173351

As an ADK for z/OS developer I need to upgrade to OpenSSL 1.0.2n

Items included in release 7.1.30

RTC1709009

Add support for WAEMAIL in WORK segment

Items included in previous releases

RTC 163356

Enable SSL by default in the ISPF installation panels

RTC 166577

Add tooltips to customlabels.properties

RTC 166584

PMR 22151,003,756

Registry setting to keep the RECOSAVE export data set

RTC158896

N/A

Status tab in IGI target.json, erLastAccessDate in target.json

RTC154227

N/A

TSO/E 8 Character Userid support

RTC156626

N/A

Upgrade expat libraries to 2.2.0

RTC154238

Update OpenSSL to release 1.0.2j

RTC154263

PMR 42182,122,000

Disable SSLV3 and RC4 ciphers and certify TLS 1.1 / 1.2 is supported by the ADK

RTC156347

IV32546

Adapter appears to be running while it was unable to connect to the socket.

RTC156101

IV45711

RACF adapter enhancement. How to know what attributes are being modified in a ISIMEXIT.

RTC154270

IV46597

Support ROAUDIT attribute in the RACF adapter

RTC152020

Include IGI specific profile with JSON in the adapter package

RTC152021

Update the adapter panels

RTC152022

Include adapter mapping file in the adapter package

RTC152023

Include a license folder in the adapter package

RTC149041

Add two initial lines to CustomLabels.properties which are required for translation

RTC 135237

Complex Attribute Handler for RACF Connect Groups

RTC 136795

ISIM Lookup transaction performance enhancements

RTC 93081

Remove APPC protocol dependency

RTC 74287

Added support for password phrases

RTC 35332

Added support for custom fields (CSDATA)

RTC 75819

Changed KERB form: Added AES and changed DESD description

Changed agent behavior:
Setting a boolean flag to blanks is now the same as setting it to FALSE

Internal #

APAR/CASE#

Description

Items closed in current release

RTC 186766

TS003664857

AGJB04 writes empty JOBCHAR to registry

RTC 186767

TS003554276

ISIM_ADAPTER_CIPHER_LIST variable is not having any effect with RACF adapter 6.0.39

RTC 186768

TS003680545

Error when processing unmodified values in reply message

RTC 186769

TS003568847

Abend when processing reconciliation request xmls

Items closed in release 7.1.39

RTC 186212

TS003341275

RACF "EDC5112I Resource temporarily unavailable”

RTC 186218

TS002493154

Increasing memory allocations for erracconxml values during reconcilitations.

RTC 186218

TS002493154

Adapter STC does not abort when running out of memory required for new connection pthreads.

RTC 186213

TS003405510

vulnerability CVE-2016-2183(SWEET32) reported on ISIM V6.0.

RTC 186214

DT040780

TS001615497

Memory leak in ConnectionTest operations.

Items closed in release 7.1.38

No items included

Items closed in release 7.1.37

RTC 184015

TS002309740

Adapter abend 40D, RC10 with the below messages in the CEEDUMP

5 _ermAlloc +00000076 libErmApi.dll Call

6 ErmSBCSStrtoUCS2Str

+000000C0 libErmApi.dll

RTC 184017

TS002309740

Excessive non-ISIM server connections causing abend

Starting SSL handshake (OpenSSL)...

Handshake failed. Error code: 1

SD_SEND to socket

Start SSL cleanup

Shutting down SSL server...

Received a segmentation violation...

RTC 183205

TS000891911

Debug output in agentCfg tool causes DAML protocol configuration issues

RTC 184018

TS002307533

Account DELETE continues with ISIMEXIT POST DELETE even if the account can’t be deleted.

RTC 184019

TS002357498

<adapter_rw_home>/data/proc.xxx.out files not removed after attempt to delete data set profiles

Items closed in release 7.1.36

RTC 182687

Disallow external calls to agentCfg port

RTC 182516

IJ12296

Reconciliation doesn't return all accounts.

RTC 182686

Upgrade to OpenSSL 1.0.2.q

Items closed in release 7.1.35

RTC 181312

TS001341481

RACF adapter returns rc ‘20030’ on account ADD

RTC 181313

IKJ567161I when provisioning/modifying a custom attribute

RTC 181314

TS001529597

Adapter abends during the reconciliation of CSDATA segment attributes

RTC 181315

Upgrade to ADK 6.0.6

RTC 181319

TS001548171

IKJ56702I INVALID USERID returns error for account DELETE where this should return a success as the account no longer exists in RACF

Items closed in release 7.1.34

RTC 179053

TS001248452

IKJ56716I when provision/modify a comma-separated CSDATA value

RTC 179043

Upgrade to OpenSSL 1.0.2p

Items closed in release 7.1.33

RTC 177574

TS000991007

Add an option to continue to use tsocmd to allow authorized TSO/E commands to be executed from ISIMEXIT.

RTC 177573

IJ07503

TSO/E STATUS command fails if the JOBNAME contains a $ character.

RTC 177575

TS001115032

SURROGATE ID ignored on account MODIFY

Items closed in release 7.1.32

RTC 174285

TS000145251

RACF Adapter for ISIM 6.0 - tsoCmd: return code 255

when using ISIMEXEC.

RTC 175922

TS000864011

Inconsistent erraculogtime between full and filtered reco

Items closed in release 7.1.31

RTC 173353

TS000114491

As an ADK for z/OS developer I need to ensure that manually dropping the DAML_PORT socket doesn't result in a loop

RTC 173360

TS000013259

Since installing 6.0.29 customer cannot longer change the DAML password

RTC 173359

change the group profile name from RacfGroupProfile to RACFgroupProfile

RTC 173723

Attempt to destroy context for invalid socket results in dump in _ermListFree

Items closed in release 7.1.30

RTC169659

PSIRT Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

RTC170595

TS000026507

Report Data Sync does not synchronize RACF Group memberships

Items closed in previous releases

RTC 166463

PMR

22742,003,756

RSA key length used by certTool increased from 1024 to 4096, which

allows it to be NIST compliant beyond 2021.

RTC 166581

PMR

06883,999,724

Lock file that is created during reconciliations is not removed when switching between the SURROGATID and the ADAPTERID

RTC154305

RACF Adapter Complex Attribute Handler NullPointerException while trying to remove or add a connect group.

RTC162773

PMR 17895,001,862

The adapter allowed multiple parallel reconciliation requests without closing pipes and failing the duplicate requests.

RTC162775

IV96644

Memory allocation related abends during reconciliation when processing large amounts of connect groups for individual user accounts.

RTC162776

IV97317

erraculogtime value is incorrect if the account has not been used after creation.

RTC156346

Attribute values following the string PASSWORD are masked in the adapter log

RTC156842

PMR 17895,001,862

Heap storage problem in RACF agent

CEE3204S The system detected a protection exception (System Completion Code=0C4).

From entry point _ermFree at compile unit offset +0000008A at entry offset +0000008A at address 2500BF4A.

RTC154272

PMR 70620,704,704

RACF adapter abend

CEE0802C Heap storage control information was damaged. From entry point _ermAlloc at compile unit offset +00000076 at entry offset +00000076 at address 2932CDAE.
From entry point tsocmd_exec at compile unit offset +00002660 at entry offset +00002660 at address 29113BE0.
CEE0802C Heap storage control information was damaged. From entry point _ermFree at compile unit offset +00000084 at entry offset +00000084 at address 2932CF44.
CEE0802C Heap storage control information was damaged. From entry point tsocmd_exec at compile unit offset +00002660 at entry offset +00002660 at address 29113BE0.

RTC154273

PMR 91447,L6Q,000

RACF 6.0.23 Abend 0c4

RTC154274

PMR

74909,077,649

RACF agent started task on Z/OS 2.1 abends 0c4

RTC154275

IV92222

RACF adapter crashes when handling ISIM requests

RTC154298

Adapter abends when not receiving a connect owner value

RTC156631

PMR 75768,122,000

Abend U4038

RTC 153442

IV90064

ErRacConXml changed from string to binary in the IGI specific profile, this change had to be undone in the standard profile to prevent abends. KerbIsAES was changed back from KerbisAES128 to KerbIsAES to prevent errors in existing installations.

RTC 153443

PMR 27999,200,838

Deleting an account may fail if data set profiles for the account are still defined in RACF.

RTC 153444

IV90607

The adapter should first set a password before setting the password interval when adding a new account.

RTC 151566

PMR 65622,004,000

Reconciliation runs longer starting release 7.0.23 due to Fix0205 message improvements

RTC 151007

subattribute values from ComplexAttributeValue Object reset to default

RTC 151009

PMR 76787,122,000

Lookup fails due to duplicate erracuname when NAME is specified in the instdata field

RTC 151010

Stickybit set on adapter_readonly_home subfolders

RTC 148905

PMR 76787,122,000

ISIMRECO 0C4 on fclose in Fix0205 message

RTC 148907

Lookup: Connect attributes not updated.

RTC 148908

Error while modifying BINDDN in PROXY segment

RTC 148909

Erraculogtime is not returned with the lookup operation

RTC 148910

Accounts with only BASE segment fail lookup

RTC 148911

Inconsistent results when supplying AES as encryption parameter in KERB segment

RTC 148912

Reconciliation and lookup not supported for erracuopmonitor

RTC149034

IV84697

Issue changing from SURROGAT ID to Agent ID.

RTC 136796

IV79365

"Unload 0102 record is missing" message during reconciliation.

RTC 141112

PMR 91113,003,756

RACF Adapter 0C4 (protection exception) socket.

RTC 145789

Adapter uptime on connectiontest is not updated.

RTC 144303

When you send a request to modify multiple connect groups and all of these connect commands fail, the adapter should return a failure.

RTC 144305

Change erracunoexpire from semi-supported to supported

by re-adding it to the account form.

RTC 144236

IV84697

ISIM 6 RACF adapter acct creation error after delete / Thread security environment not reset after using SURROGAT ID.

RTC 141532

PMR 91113,003,756

erracupwinterval error message bogus.

RTC 141531

PMR 91113,003,756

ADK bogus characters in Bind message.

RTC

145790

Missing profile description: update racf2profile and racf2profiledesc

RTC 134668

IV79192

Adapter ignores erracupwnoexpire on password change

RTC 134667

IV79171

R_Admin is called during reconciliation when RECOSAVE data set name contains “CO” characters.

RTC 134666

OpenSSL upgrade to 1.0.1m

RTC 126656

IV77890

Update ISIMEXIT to support current TSO/E implementation.

RTC 134037

Agent abends after single account lookup from PIM server while processing entries for all accounts defined to RACF

RTC 134036

RACF recon fails because JOBCHAR(R) does not meet the standard for jobnames

RTC 134035

IV77890

RACF DELUSER returns ISIM console success but it fails

RTC 125820

IV74312

RACF Adapter failed to open output file when processing >1000 simultaneous requests

RTC 124239

IV74312

Clear text password visible while changing password using ISIM

RTC 121370

IV68067

Recon failed, adapter didn't wait 99 seconds

RTC 121366

IV68479

RACF adapter crashes when using PASSEXPIRE is true in combination with a pass phrase ending with a '$' character.

RTC 121368

IV71138

Reconciliation fails due to prefixing.

RTC 121369

IV67084

Errors in CSDATA processing for one-character fields and integer fields.

RTC 121371

IV67900

Help panel message AMGRA034 should be AGRMA034.

RTC 118499

Pre-Delete exit does not work

IV65985

Add account fails if 'KJ56644I NO VALID TSO USERID, DEFAULT USER ATTRIBUTES USED' is returned from RACF.

IV65547

RACF adapter password command formatting errors when creating a new account.

RTC 117760

AGRCCFG utility not working as expected

IV65076

ISIM RACF 6.0.7 SHORTCONNECT REGISTRY DEFAULT

IV65073

ISIM RACF 6.0.7 ADAPTER MISSING PERMISSION INFO

RTC 113676

IV63089

Password is set to EXPIRED on password change although "PASSEXPIRE" is set to "TRUEADD"

RTC 112167

IV62670

Password not propagated on password change

RTC 109531

IV60839

Erracupwinterval: Interval 0 not interpreted as NOINTERVAL

RTC 67672

Update on previous fix: now also includes solution for agentCfg dumping when entering a 4 character key when starting agentCfg

RTC 99335

AgentCfg -codepages does not return information

RTC 108483

RacfAgent.dat overwritten every IPL

RTC 108485

Openssl upgraded to 10.1.g

RTC 109528

Changed max thread settings and additional debug messages

RTC 109530

Running the adapter in -console mode does not open remote socket

RTC 98358

IV52342

Warning messages CONNECT group: incorrect characters returned in errorMessage when creating a new account on the ISIM server and specifying a connect group to which the user can not be added by the adapter resulting in the following message on the ISIM server:

CTGIMD812E An error occurred while processing the adapter response

message. The following error occurred.

Error: An invalid XML character (Unicode: 0x7) was found in the value of

attribute "errorMessage" and element is "attr".

RTC 95787

IV47040

Adapter issue with CONNECT group

RTC 95782

IV42240

Incorrect characters present in some account attributes

RTC 64756

IV25449

Error in setting the READ_TIMEOUT parameter.

RTC 67672

IV27957

When trying to change the ISIM adapter Configuration Key using agentCfg, a problem is encountered if the length of the new key is less than 5 characters. If it is 4 characters or less the registry will be corrupted.

Internal #

APAR #

PMR # / Description

N/A

This release of the RACF Adapter does not support FIPS.

N/A

The lookup operation will not return UAUDIT settings for an account when the ADAPTER ID does not have the AUDIT attribute.