IDM Roles Based Provisioning Module 370 Field Patch B
This document (5069700) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| UA370A-Windows.zip | Identity Manager Roles Based Provisioning Module 3.7 | Obsolete | IDM Roles Based Provisioning Module 370 Field Patch A |
patches that supersede this patch
| Product | Status | Next Superceded By | Last Superceded By |
|---|---|---|---|
| Novell Identity Manager Roles Based Provisioning Module 3.7 | Obsolete | IDM Roles Based Provisioning Module 370 Field Patch C | IDM Roles Based Provisioning Module 370 Field Patch C |
patch attributes
document
abstract
Field Patch 370B for Identity Manager Roles Based Provisioning Module 3.7.0 (User Application 3.7.0)
details
Overview: Field Pathc 370B for Identity Manager Roles Based Provisioning Module 3.7.0 (User Application 3.7.0)
System Requirements: Windows, SLES, RHEL, or Solaris
Installation: This is explained in the README.1st and README files withing the achieve file.
Outline of the Patch Installation Steps
1) Stop the Application Server
2) Make a back-up of the User Application war file and place it is a safe folder (outside of your install directory)
3) Extract the contents of the archive to your hard drive
4) Launch PatchUserApp (as the same user who installed the User Application. and make sure to use the correct installer)
4.a) On the second screen you will select the 'Choose' button, navigate, select patch file (For Example: UAPatch370A.zip), then press Open, and then press Next
4.b) On the third screen you will select the 'Choose' button, navigate to your install directory and select the install.properties file, then Press Open, and then press Next
4.c) Take the defaults on the reset of the screens
*If this installation of the User Application is the non-provisioning version, near the end of the Patch process, you will receive errors about not finding jar(s) Please press OK and let the patch install continue. This is expected behavior since you have the non-provisioning Install of the UA. We only create one version of the patch*
**If this installation of the User Application is on Windows, you will receive an informational warning at the end of the patch install that the "openwar" directory may not have been deleted and that you need to check. If the openwar directory (located in \idm\jboss\server\IDM\deploy directory for example) does exist, please delete as the informational warning outlines. **
5) Once the Patch installation has finished, complete the manual steps that are outlined in the README (They are located under "Special Instructions" for the bug that they apply to:
For Example:
**********************************************************
*******************Special Instructions******************
**********************************************************
6) Once the above has been completed and the Application Server has been restarted or the war has been re-deployed, you can confirm the patch level. To accomplish this, login to the User Application and press the Help link in the Header you will see the information similar to the following at the bottom of the page:
Identity Manager version 3.7.0 Patch A
Build Revision 35233
NOTE: The Patch level should match the version of the patch you just installed.
Uninstalling: This is explained in the README.1st within the archive file
Problems Resolved:
======================================================================
Patch 370A
======================================================================
*Bug 443089 - Using special characters with IDVault.globalQuery() causes script error
*Bug 471569 - Localization will overwrite Patch Level information
*Bug 477961 DNContainer control: Allow attribute name to be displayed instead of O/OU name
*Bug 523810 - Audit: Attestation_Request_Failure event is not logged in Audit
*Bug 524831 User Application NOOP thread can cause a Sendmail server to slow down responses
*Bug 528744 - I18N: The tooltips for some buttons in the creating user page always display in language set for browser
*Bug 530331 Filter criteria values in the Filter dialog on the Role Relationship tab is not cleared
*Bug 531265 Label for Value Field is not displaying the correct locale when assigning - always show EN
*Bug 531268 Field Patch (370): User Application and DNContainer control doesn't sort alphabetically
*Bug 531882 IE: seesion timeout warning dialog hide behind lookup window
*Bug 532034 Expiration Date option should not be displayed when the type of assignment is Group or Container
*Bug 532092 All the roles are not listed in the Filter in Administrator Assignment Page
*Bug 532270 - Disable revoke resource approval configurations with checked Same as Grant Configuration
*Bug 532316 - No way to refresh the result list after 'Rows' value is changed via keyboard
*Bug 532448 - Provisioning Admin is not able to see the history comments of 'Provisioning Manager' Role
*Bug 532504 Errors generated when creating a resource in non-EN languages with a space at the end
*Bug 532510 Exception occurs when creating a role in a non-EN language that contains a space at the end
*Bug 532576 - Roles should not be added to ACLs when user creating them is role admin and role manager
*Bug 532723 I18N - Resouce name is always displayed as English in "Resource Assignment" process
*Bug 533359 User Application not connecting to metadirectory using non secure port (389)
*Bug 533639 Manage Mode: User selected Role is not selected through Look Ahead support
*Bug 533999 - I18N - Resource Description is always English in "Add Resource Association" page
*Bug 534355 - L10N (zh_CN,zh_TW) - String "Add Resource To User" is not localized in "Task Notification"
*Bug 534679 - I18N - In Role Report, double byte and Russian characters can not be displayed for "Role Name" and "Description" when locale is English
*Bug 534682 - I18N - Roles can not be exported completely in the role report when locale is double-byte locale or Russian
*Bug 534715 - I18N - Error message is displayed in browser locale language in "Request User Profile Attestation Process" page
*Bug 535069 - IE 7, IE 8 only - "Select driver" list can not pop up if "Add Language" list is expanded
*Bug 535229 - Doing password management with rest, if User in URI is not the same as logged in user, stacktrace generated
*Bug 535520 - I18N - Portlet names are not localized after they are imported
*Bug 536381 - icons are not disabled when the first time Resource/Role custom approval is not selected
*Bug 536562 Field Patch (370): Email notification on delegate assignment is not working
*Bug 536700 The Session Timeout Warning is unclickable if shown on top of a GWT dialog
*Bug 537042 EboClusterManager error when logging in to one of the servers in a cluster
*Bug 537110 Using SAP SSO user is not landing on WorkDashboard
*Bug 537241 Modifying a Container Page throws ResourceBundle errors
*Bug 537416 NMAS Timeout causes intruder lockout increment
*Bug 538004 - I18N - SoD name is always displayed in English in "Assign Role" window
*Bug 538396 - Proper Validation message should be displayed for 'DisplayLabel' in Attestations, if the user does not enter any value
*Bug 538437 Password: User is still allowed to navigate to Workdashboard/Roles tab without changing the password
*Bug 538439 Resource Administrator not able to assign Configure Resources Settings Permission to user
*Bug 539225 Manage Mode:Error message displayed when a role/resource team member is selected
*Bug 539597 Red Error Message Escape from incomplete Resource Assignment
*Bug 539741 - I18N: The tooltips for two buttons in the Work Dashboard page always display in language set for browser
*Bug 539827 SCRIPT in userid causes XSS attack on user application
*Bug 540041 - I18N: error.jsp does not specify UTF-8 encoding
*Bug 540219 Password Hint causing XSS vulnerability in Forgot password page
*Bug 540911 Unable to create/Edit/Delete SoD
*Bug 541342 XSS vulnerability was found in Resource Catalog page
*Bug 541346 No warning is displayed for the wrong user name in look ahead support
*Bug 541703 XSS vulnerability was found in Attestation request process
*Bug 541706 Juice Error is displayed after filtering assignments in Administrator Assignments
*Bug 541868 Workflow XSS blacklist should be consistent on both client and server
*Bug 541899 - database migration fails with duplicate key error
*Bug 550461 - Duplicate key error updating PORTALPRODUCERS table when changing context name
*Bug 551149 - Attestation table foreign key creation fails during migration
*Bug 542542 - Incorrect translation for Admin Defined Challenge Questions
*Bug 542825 - Field Patch (370): Error message appears in server console when attempting to delete a resource without proper permissions
*Bug 542841 - Field Patch (370): identities end point contains broken link to roles
*Bug 543360 - Field Patch (370): Focus differently set for IE and FF when selecting the object selector for the DNcontainer control type
*Bug 544932 - Help page is not opening on Websphere
*Bug 545003 - Field Patch (370): "EboHttpSession; no valid constructor" error on WebSphere intermittently
*Bug 545723 - Custom Theme Deploy as Separate WAR not found by User Application
*Bug 546886 - Filter does not work for Role Levels and Relationship in Role Relationships
*Bug 547631 - Deleted user causes listing of "my requests" to fail
*Bug 548779 - Enter Request name Field in the Attestation Save request details prompt should be filled up with the selected template name
*Bug 551864 - Field Patch (370): Need to fix the code to save the correlation ID properly when executing the startWithCorrelationId SOAP end point
*Bug 554963 - Field Patch (370): DN is case sensitve in PwdMgt using REST
======================================================================
Patch 370B
======================================================================
*Bug 552310 - Dynamic Groups are not saved as Team Managers
*Bug 554926 - Field Patch (370): If there is an additional cn, Forgot Password fails with 'User not found'
*Bug 555059 - Unable to complete Challenge Response enrollement with trace enabled on com.novell.pwdmgt.actions
*Bug 555843 - Field Patch (370): User Application allows the same user to open 2 Tabs
*Bug 556588 - Need a "healthcheck" page in RIS.war for load balancers to detect that RIS.war is up
*Bug 556772 - Field Patch (370): Link in help is not localized
*Bug 558449 - Field Patch (370): Login for 15 concurrent users is ~8s to 12s when roles and resource catalogs are "large" (i.e. 20k)
*Bug 558484 - Field Patch (370): Help links contain incorrect product version
*Bug 560634 - Field Patch (370): Warning should not be displayed for the correct Resource Selected
*Bug 557214 - Unable to use Roles when the DriverSet is in a container that start with star ('*')
*Bug 550888 - Parameters do not appear if the Resource has an Entitlement
*Bug 561686 - Field Patch (370): Approval information is not being stored on nrfResourceHistory
*Bug 561865 - Field Patch(370): impossible to remove resource when using advanced entitlement capabilities
*Bug 554360 - entitlement results not getting cleaned up
*Bug 559128 - Unable to Save search results when 'Display Search criteria with the results' is set to true
*Bug 560068 - Field Patch (370): Reassigned workflow approver generates 2 emails
*Bug 561761 - Expose NrfResource and Code Map tables in workflow as scriptable objects
*Bug 561765 - Expose CRUD resource management as soap endpoint
*Bug 563866 - Static resource parameters are missing from the resource assignment request form
*Bug 567265 - Threads become blocked when accessing cache during AuthManagerService in 3 server cluster
*Bug 567418 Field Patch(370): Organization Chart - DNLookups, FullName not resolved
*Bug 567565 Field Patch (370): SOAP: createRoleRequest & setRoleLocalizedString endpoint can cause xss vulnerability
*Bug 567573 Field Patch (370): XSS vulnerability for Entitlement value information in Resource page
*Bug 567581 - Field Patch (370): XSS: Admin cannot see the content in PageAdmin when a page is created under Uncategorized list
*Bug 567602 Field Patch (370): Create Resource endpoint is causing xss vulnerability
*Bug 568014 - Response time for logging in degrades in a cluster scenario, probably due to cache invalidations
*Bug 568579 - Need to allow non-Provisioning Admin to run REST Service /wf/processes/filter=Initiator=?
======================================================================
security fixes
Potential XSS vulnerability when creating a Role or updating the Localized Name via the SOAP endpoints
*Bug 567565 - Field Patch (370): SOAP: createRoleRequest & setRoleLocalizedString endpoint can cause xss vulnerability
CVE-2009-4485
Potential XSS vulnerability when defining the Label for an Entitlement that will be apart of a Resource
*Bug 567573 - Field Patch (370): XSS vulnerability for Entitlement value information in Resource page
CVE-2009-4485
file contents
| Files Included | Size | Date |
|---|---|---|
| UA370B-Windows.zip | 243.9 MB (255828501) | 2010-02-26 09:31:51 |
| UA370B-Linux.tar.gz | 38.7 MB (40607769) | 2010-02-26 09:25:55 |
| UA370B-Solaris.tar.gz | 38.7 MB (40607586) | 2010-02-26 09:26:42 |
| readme_5069700.html | N/A | 2010-06-30 20:10:13 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.