Tivoli® Access Manager for Enterprise Single Sign-On
Release Notes
Version 5.0
���
Tivoli® Access Manager for Enterprise Single Sign-On
Release Notes
Version 5.0
���
Note:
Before using this information and the product it supports, read the information in “Notices,” on page 1.
First Edition (March 2006)
© Copyright International Business Machines Corporation 1996, 2006. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Release Notes
IBM Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 March, 2006
IBM is releasing version 5.0 of IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO). This is the latest edition of the TAM E-SSO Agent and the TAM E-SSO Administrative Console. These release notes provide information about the enhancements and open issues in this release. The information in this document supplements and supersedes information in the TAM E-SSO product documents.
The following topics are discussed:
What’s New................................................................................................................................2 Open Issues ...............................................................................................................................4 Technical Notes .........................................................................................................................5 Product Documentation .............................................................................................................5 Contacting Customer Support....................................................................................................6
What’s New
What’s New These topics describe the new features in this version.
16-bit Legacy Emulator Support TAM E-SSO provides Legacy Emulator Support for 16-bit legacy HLLAPI-based emulators.
To install support for 16-bit emulators, when installing the TAM E-SSO Agent, select a Custom install, and select Extensions > Logon Manager > Mainframe Emulator Helper > Legacy Emulator Support.
RSA SecurID Application Support for Mainframe, Web & Java RSA SecurID application support has been added for Mainframe, Web, and Java applications. This is for use with TAM E-SSO: Authentication Adapter.
Java Support Enhancements TAM E-SSO provides support for Oracle JInitiator version 1.3.x.
A new JHO is provided which adds support for SUN's Java 1.1.8 JRE, when combined with Swing-1.1. This includes SUN's Java Plug-In 1.X and Oracle JInitiator 1.1.8.X (which is based on SUN's Java Plug-IN).
Customizable Window Titles for Primary Logon Methods New settings are available in the Administrative Console to customize the Window titles and subtitles for authentication dialogs. The settings are optional and can be set on the Advanced settings page for each primary logon method.
Password Sharing Group Application Credentials Pre-Populated When adding a new logon for an application, if the application is part of a password sharing group, the credentials are pre-populated in the following fashion:
When adding the application logon, TAM E-SSO determines if the application is part of a password sharing group.
If an application has already been configured within this group, the credential fields are pre-populated with the data found in the first configured application from the same sharing group. The password field is grayed out and cannot be changed.
For example, a user launches the first application in a password sharing group and is prompted to enter the user id, password, and any additional credential fields. These credentials are then stored and provided to the application.
When the user launches the second application in the group, all fields from the first application are pre-populated. The user can retype or supplement the credentials, with the exception of the password field, which is populated and grayed out.
If the first application has fewer fields than the application currently being configured, the additional fields are left blank.
Initial Credential Storage Prompt Auto-populates Drop-down Boxes The TAM E-SSO initial credential storage prompt auto-populates drop-down boxes with data from Windows or Web applications. If an application provides a drop-down list, TAM
2 Release Notes
What’s New
E-SSO duplicates this list when requesting application credentials from users. For example, when adding an application logon through the Add New Logon Wizard (for either a Web or Windows application), if the application contains a drop-down list, TAM E-SSO copies the data from the application's list into the TAM E-SSO Add New Logon Wizard’s fields. Note: This is supported for the Third and Fourth fields. It is not supported for the User ID or Password field.
Configuration Objects Merged in Multi-Sync Environment The synchronization manager merges Configuration Objects in environments with multiple syncs. For example, if there are two ADAM instances with a CO on each, TAM E-SSO merges the CO's in the sync manager.
New Deployment Options Available
Two new deployment options have been added to the TAM E-SSO installer which will install TAM E-SSO without MDAC version 2.8 or JET version 4.03. The options are:
MDAC - Whether to install MDAC version 2.8: YES or NO
JET - Whether to install JET version 4.03: YES or NO
For example:
setup.exe /s /v"/qn MDAC="NO"
setup.exe /s /v"/qn JET="YES"
New Windows v2 Customizable Passphrase Dialog A new customizable pop-up dialog that precedes the passphrase initialization dialog for Windows v2 has been added. New settings are available in the Administrative Console (Global Agent Settings > Primary Logon Methods > Windows v2 > Advanced) that allow the text to be defined for the dialog. The dialog appears immediately before asking for a user's passphrase for the first time and asks if the user understands the importance of the passphrase question. The user must check a box agreeing to the terms in order to continue the process of creating a passphrase.
New SSOLauncher Command A new command-line, /SSOCOMMAND LOGON, has been added to the SSOLauncher. This is used to initiate a command to the TAM E-SSO "Logon Using TAM E-SSO" trigger, located in the TAM E-SSO system tray icon.
3 Release Notes
Open Issues
Open Issues This section describes issues that remain open in this release. The table lists the issue and a detailed description, if applicable.
Issue Description TAM E-SSO Administrative Console
Exception Error A program exception error occurs when changing desktop appearance from “Windows Classic style” to “Windows XP style” and then back to “Windows Classic style”.
TAM E-SSO Agent
Password Sharing Group
Changing applications from one password sharing group to another may cause problems. The workaround is to create a new group or a new configuration.
Running a Repair When running a repair on TAM E-SSO, the size displayed in the Add/Remove Programs dialog shows an increase of 30mb each time the repair is run.
Additional Logons After adding additional logons through the "Add Another Logon" checkbox, the Logon Chooser only shows the first logon created with the correct application name (for Web applications only). For example, the first entry is “Sign In - Yahoo!” and the second entry appears as 'yahoo.com'.
Java Applet Incorrect functionality of “Logon Using” in the Java Applet. This occurs if auto-recognize is turned off and the title bar icon is turned on. In this scenario, the Agent does not provide credentials if you click “Logon using TAM E-SSO”.
Logon Chooser Logon Chooser may briefly flicker when an error loop is working.
Title Bar Icon On the Title Bar Button drop-down menu, the "Add Logon" option does not respond if a Host emulator is being used.
4 Release Notes
Technical Notes
Technical Notes
Synchronization Database support requires that client connectivity support be installed for the specific database(s).
Event Manager The XML log file plug-in continually expands/appends file; log file should be cleaned up periodically (from the user’s AppData\Passlogix folder) if it is used as part of a solution.
Logon Support Embedded browser support, such as from within Lotus Notes, requires that IE 6.0 be installed. It is not consistent with previous versions of the browser.
Under Windows Server 2003 (as well as Windows XP SP2), browser helper object support is (or can be) turned off; this security setting is no longer required to be on for TAM E-SSO to function properly and can be turned off if it is no longer needed.
Backup/Restore Conflicts may occur when using Backup/Restore functionality in conjunction with synchronizer usage; it is not suggested that a deployed solution utilize both mechanisms and that Backup/Restore only be used in Stand-alone installations.
Java Sun Plug-in Applets The Java Applet using Java Sun Plug-in 1.1.3 must be clicked on before the TAM E-SSO Agent responds to it. The plug-in loads the JHO only after the user clicks into the applet UI.
Oracle JInitiator 1.1.8.X functions without this problem.
Product Documentation The following documents support this product:
SSOAdmin Guide TAM E-SSO User Guide
5 Release Notes
Contacting Customer Support
Contacting Customer Support Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web address:
http://www.ibm.com/software/support
If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web address:
http://techsupport.services.ibm.com/guides/handbook.html
The guide provides the following information:
• Registration and eligibility requirements for receiving support
• Telephone numbers, depending on the country in which you are located
• A list of information you should gather before contacting customer support
6 Release Notes
Appendix. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM® representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2006 1
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
All statements regarding IBM’s future direction or intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which
illustrate programming techniques on various operating platforms. You may copy,
modify, and distribute these sample programs in any form without payment to
IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to
IBM for the purposes of developing, using, marketing, or distributing application
programs conforming to IBM’s application programming interfaces.
2 IBM Tivoli Access Manager for Enterprise SingleSign-On: Release Notes
If you are viewing this information softcopy, the photographs and color
illustrations may not appear.
Trademarks
The following terms are trademarks or registered trademarks of International
Business Machines Corporation in the United States, other countries, or both:
AIX
DB2
IBM
IBM logo
Tivoli
Tivoli logo
Universal Database
WebSphere
z/OS
zSeries
Lotus is a registered trademark of Lotus Development Corporation and/or IBM
Corporation.
Domino is a trademark of International Business Machines Corporation and Lotus
Development Corporation in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United
States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Sun Microsystems, Inc. in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, and service names may be trademarks or service marks
of others.
Appendix. Notices 3
4 IBM Tivoli Access Manager for Enterprise SingleSign-On: Release Notes
����
Printed in USA
SC32-2296-00