IDM User Application 350 Field Patch AE
This document (5040020) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| UA350AD-Linux.tar.gz | Identity Manager 3.5 | Obsolete | IDM User Application 350 Field Patch AD |
patches that supersede this patch
| Product | Status | Next Superceded By | Last Superceded By |
|---|---|---|---|
| Novell Identity Manager 3.5 | Obsolete | IDM User Application 350 Field Patch AF | IDM User Application 350 Field Patch AF |
| Novell Provisioning Module 3.5 for Identity Manager | Obsolete | IDM User Application 350 Field Patch AF | IDM User Application 350 Field Patch AF |
patch attributes
document
abstract
Field Patch 350AE for Identity Manager User Application 3.5.0
details
Overview: Field Patch 350AE for Identity Manager User Application 3.5.0
System Requirements: Windows, SLES, or Solaris
Installation: This is explained in the README.1st and README files within the archive file
Outline of the Patch Installation Steps
1) Stop the Application Server
2) Make a back-up of the User Application war file and place it is a safe folder (outside of your install directory)
3) Extract the contents of the archive to your hard drive
4) Launch PatchUserApp (as the same user who installed the User Application. and make sure to use the correct installer)
4.a) On the second screen you will select the 'Choose' button, navigate, select patch file (For Example: UAPatch350A.zip), then press Open, and then press Next
4.b) On the third screen you will select the 'Choose' button, navigate to your install directory and select the install.properties file, then Press Open, and then press Next
4.c) Take the defaults on the reset of the screens
*If this installation of the User Application is the non-provisioning version, near the end of the Patch process, you will receive errors about not finding jar(s) Please press OK and let the patch install continue. This is expected behavior since you have the non-provisioning Install of the UA. We only create one version of the patch*
**If this installation of the User Application is on Windows, you will receive an informational warning at the end of the patch install that the "openwar" directory may not have been deleted and that you need to check. If the openwar directory (located in \idm\jboss\server\IDM\deploy directory for example) does exist, please delete as the informational warning outlines. **
5) Once the Patch installation has finished, complete the manual steps that are outlined in the README (They are located under "Special Instructions" for the bug that they apply to:
For Example:
**********************************************************
********************Special Instructions******************
**********************************************************
6) Once the above has been completed and the Application Server has been restarted or the war has been re-deployed, you can confirm the patch level. To accomplish this, login to the User Application and press the Help link in the Header you will see the information similar to the following at the bottom of the page:
Identity Manager version 3.5.0 Patch A
Build Revision 18784
NOTE: The Patch level should match the version of the patch you just installed.
Uninstalling: This is explained in the README.1st within the archive file
Problems Resolved:
======================================================================
Patch 350A
======================================================================
*Bug 255010 - Support delegation for list of approvers
*Bug 251611 - Javascript added to the Submit Action is called twice in IE, once in FF.
======================================================================
Patch 350B
======================================================================
*Bug 260544 - This is for IDM 3.5 - The approval form for a PicklistCheckBox control is showing as enabled before Claim is pressed
*Bug 257248 - Javascript added to the Submit Action is called twice in IE, once in FF.
======================================================================
Patch 350C
======================================================================
*Bug 264943 - User Application 3.5 Challenge Response Questions are not prompted until after final Grace login is used
*Bug 267999 - Value displayed by the return from a DNLookup UI control has a 'null' appended to it
*Bug 264951 - User Application 3.5 Challenge Response Questions are not prompted until after the second Login
======================================================================
Patch 350D
======================================================================
*Re-Spin Bug 267999 - Value displayed by the return from a DNLookup UI control has a 'null' appended to it
======================================================================
Patch 350E
======================================================================
*Bug 262536 - UA 3.5 Challenge Response fails with generic error when no Challenge Set in Password Policy
*Bug 261766 - User Application 3.5 requires and displays hint when PW is set to Reset Password
*Bug 266172 - Retrieval of a large number of comments from AFComment will freeze the User Application 3.5
*Bug 272965 - Server restart in clustered environment may result in indeterminate state for running workflow processes
======================================================================
Patch 350F
======================================================================
*Bug 263461 - Date in flowdata set wrongly for dates in Daylight Savings Period
*Bug 280246 - Can't define the URL and location of "war" file to include the "js" library in a workflow
======================================================================
Patch 350G
======================================================================
*Bug 285520 Retrieval of a large number of comments from AFComment will freeze the IE Browser with UA 3.5
======================================================================
Patch 350H
======================================================================
*Bug 284370 The View Comment History Button is disable after Form is claimed until it is signed
======================================================================
Patch 350I
======================================================================
*Bug 228717 Get "Validation Error" after submitting the username for Forgot Password
======================================================================
Patch 350J
======================================================================
*Bug 291260 - Login Portlet does not exist any more
*Bug 291507 The fix for Bug 284370 removes the 'UpdateAction' from appearing on the form
======================================================================
Patch 350K
======================================================================
*Bug 293513 Field Patch - IDM User App & Access Manager Password Management First Last Prev Next
======================================================================
Patch 350L
======================================================================
*Bug 292719 - Field Patch - DetailPortlet: JUICE-Error at DN-Lookup for single-valued attributes
*Bug 292215 - Prompt for Password Hint occurs during Login with the fix for bug 261766 applied
======================================================================
Patch 350M
======================================================================
*Re-Spin Bug 291260 - Login Portlet does not exist any more
*Bug 294724 - page title set incorrectly when going to "Change Password" page
*Bug 292215 - Prompt for Password Hint occurs during Login with the fix for bug 261766 applied
======================================================================
Patch 350N
======================================================================
*Re-Spin Bug 291260 Login Portlet does not exist any more
*Bug 296061 - logging out should redirect to GuestContainerPage
======================================================================
Patch 350O
======================================================================
*Bug 296230 - User object created then deleted within eDir when password does not match advance password rules(exclude Surname)
*Bug 298587 - Field Patch: Normal user is not able to update the preferences of a Portlet on a page in UA 3.5
*Bug 297334 - Forgot Password Return Link does not work
*Bug 300710 - Challenge Response failed error upon clicking on Forgot Password
*Bug 298740 - 3.5 field patch branch copy : Word 'OU' is appearing appended to fields Assigned To: , recipient in the Approval Forms
*Bug 302166 - Australia EN_AU time zone is not included for the Date Picker in the User Application
*Bug 302538 - Field Patch: Scroll bar is not available in MVEditor that is loaded via a Global Query
*Bug 305018 Field Patch: backslash character is not properly (un)escaped
======================================================================
Patch 350P
======================================================================
*Bug 307277 - UserApp does Full-Table-Scan on the top element of relationship hierarchy
*Bug 309904 - Receive error after updating Challenge Response answers with Field Patch N or O applied
*Bug 284870 - Have the Intruder Detection work for incorrect answers to the Challenge Response Questions, not just Login
======================================================================
Patch 350Q
======================================================================
*Bug 329115 - If "Login Attribute' not 'cn' then 'Forgot Password' errors with 'User not found' on ForgotPassword.jsf.
*Bug 331070 - A flow with a Timedout link, fails with a DataItemException if the timedout action occurs
*Bug 336888 - A collision at the Merger Activity will cause the flow to complete unexpectedly
*Bug 333164 - JasperException: /jsps/pwdmgt/PasswordSyncStatus.jsp(16,0)
======================================================================
Patch 350R
======================================================================
*Bug 334158 - Should receive a confirmation after changing password on Forgotten Password
*Bug 339362 - Challenge Response Questions are not presented according to defined Locale
*Bug 340456 - How case sensitive works in forgotten password
======================================================================
Patch 350S
======================================================================
*Re-Spin Bug 284870 - Have the Intruder Detection work for incorrect answers to the Challenge Response Questions, not just Login
*Bug 344582 - Unable to save URL Post Parameters in the Shortcut Portlet in UA 3.5.
*Bug 347422 - NetStorage Portlet only works when browser or User local is set to English (US)
*Bug 346393 - Query for today does not return any Approval Flows from the My Requests page
======================================================================
Patch 350T
======================================================================
*Bug 350069 - Password Portlets leaving connections open
*Bug 349579 - UserApp LDAP reconnection failing due to NullPointerException
======================================================================
Patch 350U
======================================================================
*Bug 352696 - The fix for bug 261766 does not work with eDirectory 8739
======================================================================
Patch 350V
======================================================================
*Bug 354423 - Need to perform Validation on ForgotPassword's Challenge Response Page
*Bug 354718 - Some serialization issues on forgot password functionality
======================================================================
Patch 350W
======================================================================
*Bug 356661 - A Class Name with an underscore in the Name breaks the Detail Portlet
*Bug 356922 - Updating challenge response questions 2 times causes same question to appear multiple times
======================================================================
Patch 350X
======================================================================
*Bug 357675 - ForgotPassword fails with a NegativeArraySizeException
*Bug 359289 - Query for today does not work correctly on every day of the Month
======================================================================
Patch 350Y
======================================================================
*Bug 360776 - Incorrect Random questions are being displayed
======================================================================
Patch 350Z
======================================================================
*Bug 362333 - Field Patch (350): SearchListPortlet - Search Fails if browser closed and re-opened for Welcome page guest
*Bug 363991 - Query for today does not return any Approval Flows in certain Time Zones before 12noon
======================================================================
Patch 350AA
======================================================================
*Bug 371139 - error when submitting the workflow using startAsProxy()
*Bug 369753 - team proxy assignments gives error APWAAccessViolationException: You do not have write right to proxy
*Bug 371743 - Cannot alter shortcut portlet preferences after export/import from 301 to 350
*Bug 369751 My Team's Work and Settings do not display options in UA 3.5.0 and 3.5.1 when accessed via Proxy
======================================================================
Patch 350AB
======================================================================
*Bug 382526 - Password Policy information appears in the incorrect order with UA350
======================================================================
Patch 350AC
======================================================================
*Bug 351636 - Getting annoying dialogs on IE/SP2 with ssl
======================================================================
Patch 350AD
======================================================================
*Bug 409240 - Field Patch (350): User App allows 5 tries instead of 3 to answer challenge questions
*Bug 400891 - 350 Patch: Persistent (stored) XSS vulnerabilities for input fields
*Bug 400899 - 350 Patch: Potential XSS vulnerability in portal
*Bug 415030 - Field Patch (350): Potential XSS vulnerability in ForgotPassword.jsf
======================================================================
Patch 350AE
======================================================================
*Bug 423719 - Field Patch (350): Forgot Password does not work if Return Link is relative
*Bug 437700 - Field Patch (350): Potential XSS vulnerability in Page Navigation
*Bug 436468 - Field Patch (350): Potential XSS vulnerability with UIQuery
*Bug 425694 - Field Patch (350): UA Driver fails to start on NetWare
======================================================================
Technical Support Information: If you experience any issues with this Patch, please open a Service Request with the IDM User Application Support Team
security fixes
There is the ability to Post scripts to a page navigation within the User Application
*Bug 437700 - Field Patch (350): Potential XSS vulnerability in Page Navigation
There is the ability to Post scripts to the UIQuery within the User Application
*Bug 436468 - Field Patch (350): Potential XSS vulnerability with UIQuery
file contents
| Files Included | Size | Date |
|---|---|---|
| UA350AE-Linux.tar.gz | 34.2 MB (35910790) | 2008-12-17 09:41:30 |
| UA350AE-Windows.zip | 28.3 MB (29775581) | 2008-12-17 09:42:09 |
| readme_5040020.html | N/A | 2009-08-29 17:02:23 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.