IBM Tivoli Access Manager for Enterprise Single Sign-On 6.00 Rollup E Fix Pack 10 Release Notes

This document contains information about the fixes addressed by IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO) 6.00 Rollup E Fix Pack 10, as well as a list of known issues, if applicable. It also provides instructions for installing and uninstalling this fix pack.

Contents:

• Issues addressed in this fix pack
• Installation instructions
• Known issues or considerations

Issues addressed in this fix pack

This section contains the list of issues addressed in this fix pack with the corresponding tracking numbers:

• s4788: When a user added multiple logons using the Add Another Logon checkbox, the Logon Chooser did not appear or did not display all of them.
• s4948: With the mainframe helper object (ssomho.exe) running, the Agent did not Auto Enter credentials after a logon was created. The user was required to redisplay the logon page.
• s5109, s5130, s5132, s5138: The Agent erroneously reacted to undefined Web logons with the Limit user to predefined Web apps setting turned on after installation of Rollup E Fix Pack 7.
• s5269: After installation of Rollup E Fix Pack 9, the Agent did not launch in Windows 2000 on a workstation using LDAP synchronization.

Cumulative from Fix Pack 9

• s4019, s4373, s4576, s4648, s4790, s4905: Active Directory locked accounts after one incorrect password entry.
• s4111, s4536, s4648: Share Credentials with Primary Logon Method only worked for accounts with administrative privileges. Non-administrative accounts were prompted to authenticate multiple times. Also, when using local computer credentials to synchronize, TAM E-SSO could not share the credentials and caused an error message to display.
• s4570, s4821, s4890, s4959, s5021, s5105: An ssoshell.exe synchronization process sporadically used nearly 100% of CPU time and did not exit.
• s4648: TAM E-SSO did not support LDAP v1 authentication to an AD domain when the workstation was outside the domain.
• s4705, s4796, s4841, s4834: TAM E-SSO intermittently stopped responding to Internet Explorer web pages, causing the browser to stop responding as well. This occurred most frequently after submitting credentials.
• s4756: The Agent responded to Host/Mainframe applications even after disabling the setting for Host/Mainframe support in the Administrative Console.
• s4833: TAM E-SSO failed to connect to IBM Tivoli Directory Server with anonymous access disabled.
• s4907: The primary logon method did not work for LDAP in SSL mode.
• a10568: Using the Administrative Console, an administrator was unable to import templates from an entlist file in a Database or Filesync repository.

Cumulative from Fix Pack 8

• s4558, s4993: The Agent terminated unexpectedly after credentials were submitted to an application with SendKeys using Journal Hook.
• s4604: Non-administrative domain users were able to create active domain users within the ou=People container in Active Directory.
• a10415: The Agent did not sync to LDAP without a default locator object.
• a10568: Using the Administrative Console, an administrator was unable to export a template as an entlist.ini file to a Database or Filesync repository.
• a10712: Settings for Proximity Card, RSA SecurID, SecureDataStorage, and Smart Card have been added to the Administrative Console.
• a10716: The Administrative Console with Fix Packs terminated unexpectedly under Vista.
• a10738: Sphinx, Proximity Card, and RSA SecurID have been added to the Administrative Console under the Kiosk Adapter > Session States > [session state name] > Authenticators tab.

Cumulative from Fix Pack 7

• s4293, s4489: A dropdown menu containing a single item caused the browser to terminate unexpectedly when a user selected that menu a second time.
• s4473: The Ignore match function failed to differentiate a non-logon window from a logon window.
• s4515: The Agent mistakenly performed an auto-submit on an application after the application was renamed in the Logon Manager.
• s4526: The existing credentials for unknown web pages stopped being submitted after an administrator disabled the Allow Unknown setting.
• s4608: A telnet application did not appear correctly after being added to the Exclude list.
• s4681: The German TAM E-SSO help file contained an incorrect screen shot.
• s4747: The Applications to Ignore setting did not work properly. As a result, the v-GO SSO browser helper object was unable to ignore applications with which v-GO SSO did not interact properly.
• a10466: The Console help file lacked documentation for the setting, Web Pages to ignore.

Cumulative from Fix Pack 6

• s3984: TAM E-SSO did not respond to an application until the user performed a manual synchronization.
• s4236: TAM E-SSO occasionally stopped responding. In some cases, all workstation activity ceased.
• s4262, s4477: TAM E-SSO did not respond to Appworx and delayed loading a Java applet in Internet Explorer. This occurred with JRE 1.6 and the Java Helper files installed.
• s4307: TAM E-SSO caused certain applications to cease responding.
• s4329: TAM E-SSO did not respond to some applications on startup.
• s4539: TAM E-SSO did not respond to a web application.
• s4550: TAM E-SSO did not recognize the Home key command within a mainframe template.
• s4636: TAM E-SSO did not recognize special German characters on Windows 2000 workstations, and prevented user authentication.
• a10412: TAM E-SSO did not perform a synchronization after users changed their primary logon methods.

Cumulative from Fix Pack 5

• s4021: TAM E-SSO did not recognize the change password window in a Windows application or the Confirm button in a web application.
• s4502: Users could not write objects to the People container in Oracle Internet Directory.
• s4516: TAM E-SSO responded intermittently to a windows application when another template was configured to match on a blank window title.
• s4557: The Japanese text of the Retry Logon and Password Change dialog boxes was unreadable.
• a10177/a10184: The Add/Remove Programs component for Fix Pack 4 was not branded or displayed properly when Show updates was selected.

Cumulative from Fix Pack 4

• s4452: The TAM E-SSO Agent stopped responding and a black box appeared over the system tray icon menu.
• s4587: The TAM E-SSO Title Bar Button displayed in window titles although the user did not turn on this setting.

Cumulative from Fix Pack 3

• s3819: TAM E-SSO stopped responding following an LDAP password change.
• s3846: After enabling provisioning permissions in application templates, TAM E-SSO was slow adding the templates to the ADAM repository.
• s4004: TAM E-SSO did not set a new password after multiple submission attempts. Instead, it injected the old password in the New Password field.
• s4346: TAM E-SSO pre-populated the Username field and made it unavailable for change in certain applications that were the first to receive credentials in a credential-sharing group.
• s4348: TAM E-SSO did not permit logon modification after the logon was excluded from a credential-sharing group.
• s4353, s4418: The TAM E-SSO Title Bar Button disappeared when the user navigated to a Web site with a logon form.
• s4358: TAM E-SSO did not learn and inject credentials for applications in a second RDP session through terminal services.
• s4361: TAM E-SSO displayed the Retry Logon dialog box instead of injecting credentials into a scrolling screen emulator.

Cumulative from Fix Pack 2

• s3563: The Add New Application wizard did not display drop-down menus for the third and fourth fields after configuration of a Password Change form.
• s3843, s4084, s4175: SSObho.exe caused TAM E-SSO to stop responding when launching a Java application from within Internet Explorer.
• s4221: TAM E-SSO returned an XML validation error upon re-launch after an SAP application template had been defined and saved.
• s4374: TAM E-SSO did not respond to the host application following a password change in the application.

Cumulative from Fix Pack 1

• s4164, s4127, s4191: Credential-sharing groups did not function when using role/group support.
• s4069: Using a host or web template, TAM E-SSO could not access a template after adding a credential-sharing group to it and publishing to a repository.

Installation instructions

To help ensure a satisfactory installation of this fix pack:

1. Ensure that TAM E-SSO 6.00 Rollup E is installed.

Note: This fix pack console .msp file requires the presence of IBM_TAM E-SSO_Console_6E_FixPack02.msi. You cannot upgrade this fix pack console from IBM TAM E-SSO 6.0 Rollup E Gold or from Fix Pack 1. Fix Pack 2 console must be present for all subsequent fix pack console installations (that is, Fix Pack 3, Fix Pack 4, and so on).

2. Read these release notes entirely.
3. Back up all data. IBM strongly recommends that you back up data prior to the installation of any software.
4. Close all IBM software.

To install this fix pack using the installation wizard:

1. Double-click the IBM_E-SSO_Agent_6E_FixPack10.msp and follow the on-screen instructions.
2. Double-click the IBM_E-SSO_Console_6E_FixPack10.msp and follow the on-screen instructions.