IDM Roles Based Provisioning Module 360 Field Patch C
This document (5033841) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| UA360B-Linux.tar.gz | Identity Manager Roles Based Provisioning Module 3.6 | Obsolete | IDM Roles Based Provisioning Module 360 Field Patch B |
patches that supersede this patch
| Product | Status | Next Superceded By | Last Superceded By |
|---|---|---|---|
| Novell Identity Manager Roles Based Provisioning Module 3.6 | Obsolete | IDM Roles Based Provisioning Module 360 Field Patch D | IDM Roles Based Provisioning Module 360 Field Patch D |
patch attributes
document
abstract
Field Patch 360C for Identity Manager Roles Based Provisioning Module 3.6.0 (User Application 3.6.0)
details
Overview: Field Patch 360C for User Application 3.6.0
System Requirements: Windows, SLES, or Solaris
Installation: This is explained in the README.1st within the archive file
Outline of the Patch Installation Steps
1) Stop the Application Server
2) Make a back-up of the User Application war file and place it is a safe folder (outside of your install directory)
3) Extract the contents of the archive to your hard drive
4) Launch PatchUserApp (as the same user who installed the User Application. and make sure to use the correct installer)
4.a) On the second screen you will select the 'Choose' button, navigate, select patch file (For Example: UAPatch360A.zip), then press Open, and then press Next
4.b) On the third screen you will select the 'Choose' button, navigate to your install directory and select the install.properties file, then Press Open, and then press Next
4.c) Take the defaults on the reset of the screens
*If this installation of the User Application is the non-provisioning version, near the end of the Patch process, you will receive errors about not finding jar(s) Please press OK and let the patch install continue. This is expected behavior since you have the non-provisioning Install of the UA. We only create one version of the patch*
**If this installation of the User Application is on Windows, you will receive an informational warning at the end of the patch install that the "openwar" directory may not have been deleted and that you need to check. If the openwar directory (located in \idm\jboss\server\IDM\deploy directory for example) does exist, please delete as the informational warning outlines. **
5) Once the Patch installation has finished, complete the manual steps that are outlined in the README (They are located under "Special Instructions" for the bug that they apply to:
For Example:
**********************************************************
********************Special Instructions******************
**********************************************************
6) Once the above has been completed and the Application Server has been restarted or the war has been re-deployed, you can confirm the patch level. To accomplish this, login to the User Application and press the Help link in the Header you will see the information similar to the following at the bottom of the page:
Identity Manager version 3.6.0 Patch A
Build Revision 25199
NOTE: The Patch level should match the version of the patch you just installed.
Uninstalling: This is explained in the README.1st within the archive file
Known Problems and Limitations:
======================================================================
Patch 360A
======================================================================
* Bug 353117 - Clicking Reset or Filter in 'View Role Status' after toggling Recipient/Requester buttons clears the result set
* Bug 353097 - Trying to sort role assignments by column takes a very long time
* Bug 348369 - Loc_Roles - UA UI: Incorrect translation of "*- indicates required"
* Bug 352370 - Role Assignment List - Deep linking from User to Container
* Bug 353060 - No Assignment Details display when role assignment is viewed by Group
* Bug 335907 - SessionWarning localized text not imported into portal
* Bug 352705 - Manage Roles: Create New Role NPE when no subcontainer specified and debug
* Bug 352428 - Incorrectly defined BestLocaleServletFilter_roles-resgrp
* Bug 352058 - Login Portlet is not shown on welcome page
* Bug 354220 - Left side task frame do not appear with Request Resource on shared page
* Bug 354747 - Field Patch: Need to perform Validation on ForgotPassword's Challenge Response Page
* Bug 356661 - A Class Name with an underscore in the Name breaks the Detail Portlet
======================================================================
Patch 360B
======================================================================
*Bug 359951 - Inconsistent relational integrity when updating with entity activities
*Bug 359575 - ForgotPassword fails with a NegativeArraySizeException
*Bug 359291 - Query for today does not work correctly on every day of the Month
*Bug 361930 - Field Patch (360): Any $ sign value in flowdata breaks the flow
*Bug 363996 - Query for today does not return any Approval Flows in certain Time Zones before 12noon
*Bug 364565 - Field Patch (360) Request Resource Complex preference portlet not working with Default Locale
*Bug 364954 - NPE in LocalizedException when driver is not found in eDir
*Bug 360236 - Role Manager should ONLY be able to see Role Assignment request status for groups and roles that he has trustee rights on
*Bug 363263 - Field Patch (360): Unable to hide any fields that are a Control Type of "Title"
*Bug 363265 - Field Patch (360): A hidden field will maintain its Line Breaks
*Bug 363268 - Field Patch (360): Unable to programmatically hide any fields that are a Control Type of "Title"
*Bug 367087 - Field Patch (360): User Application : User Password Sync Status : ISO-8859-1 instead of UTF-8
*Bug 367089 - Field Patch (360): IDM User Application : User Password Sync Statusfailure depending on Server Time Zone configuration
*Bug 369993 - Upgrade from 3.5.1 Prov to 3.6 Prov with context change fails
*Bug 373959 - 3.6.0 Field Patch - Forgot Password returns incorrect information if the User has not answered their Challenge Response Questions
*Bug 374138 - Field Patch (360): If "Login Attribute' not 'cn' then 'Forgot Password' errors with 'User not found' on ForgotPassword.jsf
*Bug 377172 - Upgrade from 3.5.1 Prov to 3.6 Prov with context change using MySQL 5.0.27 fails
======================================================================
Patch 360C
======================================================================
*Bug 379555 - Need to perform Validation on Challenge Response to ensure a User Defined Question has been supplied
*Bug 380518 - Field Patch (360): SearchListPortlet - Search Fails if browser closed and re-opened for Welcome page guest
*Bug 381380 - Field Patch (360): Multiple required Challenge\Response uses only the "User Response Character Length" for first question
*Bug 382073 - UA 360 is case sensitive with ForgotPassword when login attribute is not cn
*Bug 382304 - Field Patch (360): If an email notification contains a backslash character, the mail is not sent
*Bug 382081 - Allow Wild cards in Forgot Password does not work when login attribute is not cn
*Bug 374890 - User Application does not look at all of the attributes in the configuration for RoleConfig in dealing with SoD
*Bug 368723 - 3.6.0 Field Patch - Attribute Values not Lookup Values being displayed when selecting 'Print' button on Detail Portlet
*Bug 374955 - Roles Service Driver throws an exception when a SoD Conflict Approval completes
*Bug 386695 - Picklist loaded via DAL Query that is disabled via code only shows one line in UA360 with IE
*Bug 385387 - LocalizedException missing from MigrateObjects.jar file
*Bug 385557 - Field Patch (360): Directory search export gives java exception on non-ascii characters
*Bug 387957 - Field Patch (360): LDAP connections from ForgotPassword are held onto until UA session time-out
*Bug 389074 - DNLookUp control mapped to an Automatically Queried Entity fails at runtime
*Bug 389773 - Field Patch (360): Success page for ForgotPassword only shows cn and not the value of loginAttribute
*Bug 389910 - Field Patch (360): ForgotPassword notification uses cn and not the value of loginAttribute in the greeting
*Bug 387971 - Team Tasks has extra object level search when dealing with Cascading Relationships
*Bug 388996 - 3.6.0 field patch: Getting annoying dialogs on IE/SP2 with ssl
*Bug 391598 - Accessing Roles Area in https mode with IE will present a pop-up about mix content
*Bug 393074 - Receive NotSerializableException in ForgotPassword when running in a Cluster
*Bug 391589 - Field Patch (360): Accessing Team Tasks in https mode with IE will present a pop-up about mix content
*Bug 395420 - Receive Missing window.tzServer declaration ! error with DatePicker controls and the Resource Portlet
*Bug 397915 - No Buttons will appear of the form if the last Field is hidden and has no Linebreaks
*Bug 398528 - Field Patch (360): Unable to select 'Self' under Select Object Entity when using a different Entity other than 'User'
*Bug 399012 - ForgotPassword does not complete if the user tries to reset their password before it can be changed
*Bug 394583 - Field Patch (360): Export portlet does not resolve DN type attributes
*Bug 401458 - User Activity Approver Type Group - Escalated task displays wrong timeout, some cases leave extra task queued
*Bug 407988 - Field Patch (360): Themes CSS is Truncating Title on Identity Portlets
*Bug 405951 - User App allows 5 tries instead of 3 to answer challenge questions
*Bug 411284 - Field Patch (360): Canceling a Request will return the user to the last accessed page when executed from the Resource Portlet
*Bug 409326 - Field Patch (360): Cannot see custom themes when using farm deployment in JBoss
*Bug 400678 - Patch: Persistent (stored) XSS vulnerabilities for input fields
*Bug 400679 - Patch: Potential XSS vulnerability in portal
*Bug 413913 - Field Patch (360): PasswordChange.jsf Displays w/o Login
*Bug 412736 - Field Patch (360): Change reset link in SearchListPortlet to button
*Bug 401938 - 360: OrgChartPortlet, click on "Show info" generates error
*Bug 408380 - Requests & Approvals area does not stay localized in UA 360
*Bug 415029 - Field Patch (360): Potential XSS vulnerability in ForgotPassword.jsf
*Bug 413918 - Field Patch (360): After clicking OK on expired pwd warning msg, user goes to default page instead of requested page
*Bug 415212 - Field Patch (360): User does not land on their default page when using iChain or Access Manager
======================================================================
Technical Support Information: If you experience any issues with this Patch, please open a Service Request with the IDM User Application Support Team.
security fixes
There is the ability to save scripts into inputs fields in the Detail Portlet and in Request &Approval Forms within the User Application
*Bug 400678 - Patch: Persistent (stored) XSS vulnerabilities for input fields
There is the ability to Post scripts to a page within the User Application
*Bug 400679 - Patch: Potential XSS vulnerability in portal
There is the ability to Post scripts into the attribute rtnaddr that is used with the ForgotPassword.jsf for the User Application
*Bug 415029 - Field Patch (360): Potential XSS vulnerability in ForgotPassword.jsf
file contents
| Files Included | Size | Date |
|---|---|---|
| UA360C-Windows.zip | 27.5 MB (28859715) | 2008-08-26 12:29:25 |
| UA360C-Linux.tar.gz | 33.3 MB (34938949) | 2008-08-26 12:30:06 |
| readme_5033841.html | N/A | 2008-12-17 10:53:29 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.