Release Notes Date: September 2013



Similar documents
Sostenuto 4.9. Hardware and Software Configuration Guide. Date: September Page 1 of 13

Upgrade Guide BES12. Version 12.1

SSO Plugin. J System Solutions. Upgrading SSO Plugin 3x to 4x - BMC AR System & Mid Tier.

WhatsUp Gold v16.2 Installation and Configuration Guide

WhatsUp Gold v16.1 Installation and Configuration Guide

Migrating helpdesk to a new server

McAfee One Time Password

Install SQL Server 2014 Express Edition

Upgrading Your Web Server from ClientBase Browser Version 2.0 or Above to Version 2.1.1

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

SafeGuard Easy upgrade guide. Product version: 7

SharePoint Password Change & Expiration 3.0 User Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Reconfiguring VMware vsphere Update Manager

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Use Enterprise SSO as the Credential Server for Protected Sites

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Feith Dashboard iq Server Version 8.1 Install Guide

SAS 9.3 Foundation for Microsoft Windows

Reconfiguring VMware vsphere Update Manager

4cast Server Specification and Installation

Migrating MSDE to Microsoft SQL 2008 R2 Express

Technical Integration Guide for Entrust IdentityGuard 9.1 and Citrix Web Interface using RADIUS

G-Lock EasyMail7. Admin Guide. Client-Server Marketing Solution for Windows. Copyright G-Lock Software. All Rights Reserved.

Tableau Server Trusted Authentication

SSO Plugin. Installation for BMC AR System and WUT. J System Solutions. Version 3.4

Copyright 2011 DataNet Quality Systems. All rights reserved. Printed in U.S.A. WinSPC is a registered trademarks of DataNet Quality Systems.

Tableau Server Trusted Authentication

Customizing the SSOSessionTimeout.jsp page for Kofax Front Office Server 3.5.2

MadCap Software. Upgrading Guide. Pulse

SafeGuard Enterprise upgrade guide. Product version: 7

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

Avalanche Site Edition

EQUELLA. Clustering Configuration Guide. Version 6.0

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

Reconfiguration of VMware vcenter Update Manager

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

PowerLink for Blackboard Vista and Campus Edition Install Guide

SSO Plugin. Installation for BMC AR System. J System Solutions. Version 4.0

Setting Up B2B Data Exchange for High Availability in an Active/Active Configuration

Installation Guide for Pulse on Windows Server 2012

Marcum LLP MFT Guide

White Paper DEPLOYING WDK APPLICATIONS ON WEBLOGIC AND APACHE WEBSERVER CLUSTER CONFIGURED FOR HIGH AVAILABILITY AND LOAD BALANCE

Eylean server deployment guide

CHECK POINT MOBILE ACCESS VPN

Installation Guide for Pulse on Windows Server 2008R2

Administrator Manual

Administering Jive for Outlook

AVG Business SSO Connecting to Active Directory

Kaseya 2. User Guide. Version 6.1

QUANTIFY INSTALLATION GUIDE

1 of 24 7/26/2011 2:48 PM

Pre-Installation Instructions

OFFSITE BACKUP & RESTORE USER/ ADMINISTRATOR GUIDE

Setup guide. TELUS AD Sync

LAE 5.1. Windows Server Installation Guide. Version 1.0

XenClient Enterprise Synchronizer Migration

You may have been given a download link on your trial software . Use this link to download the software.

SMART Vantage. Installation guide

SafeGuard Enterprise upgrade guide. Product version: 6.1

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

Installing, Uninstalling, and Upgrading Service Monitor

Moving the TRITON Reporting Databases

Desktop Deployment Guide ARGUS Enterprise /29/2015 ARGUS Software An Altus Group Company

Mobility Services Platform Software Installation Guide

2X Cloud Portal v10.5

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

DameWare Server. Administrator Guide

educ Office Remove & create new Outlook profile

Sophos Enterprise Console server to server migration guide. Product version: 5.2

TANDBERG MANAGEMENT SUITE 10.0

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

NETASQ SSO Agent Installation and deployment

Studio 5.0 User s Guide

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

User Guide. Version R91. English

Installation Guide: Delta Module Manager Launcher

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

PingFederate. Identity Menu Builder. User Guide. Version 1.0

ChangeAuditor. Migration Guide CA-MG

AVALANCHE MC 5.3 AND DATABASE MANAGEMENT SYSTEMS

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

safend a w a v e s y s t e m s c o m p a n y

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

User Management Tool 1.5

FlexSim LAN License Server

TROUBLESHOOTING GUIDE

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

PHD Virtual Backup for Hyper-V

Configuring IBM Cognos Controller 8 to use Single Sign- On

SSO Plugin. Integration for BMC MyIT and SmartIT. J System Solutions. Version 4.0

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/ ARGUS Software, Inc.

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Figure 1: Restore Tab

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

CA Nimsoft Service Desk

Transcription:

Release Notes Date: September 2013

All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature without the prior written permission of Sunrise Software Limited, except for permitted fair dealing under the Copyright, Designs and Patents Act 1988. Sunrise Software Limited, 1994 2013 Sostenuto is a registered trade mark of Sunrise Software Limited. Sunrise Software Limited does not assume or accept any liability for any loss or damage of any kind to any person that may arise as a result of that person (or any other person) using this document or acting or refraining from action in reliance on any information (including expressions of opinion) contained in this document. This limitation/exclusion of liability does not apply in the case of death or personal injury caused by negligence on the part of Sunrise Software Limited, or to the extent (if any) that a limitations and/or exclusion in these terms is not permitted under applicable law. Sunrise 50 Barwell Business Park Leatherhead Road Chessington Surrey KT9 2NY United Kingdom Visit us at www.sunrisesoftware.co.uk Enquiries e: welcome@sunrisesoftware.co.uk t: +44(0) 20 8391 9000 Page 2 of 13

C O N T E N T S Introduction 4 Note for Sostenuto 4.0 Users 4 Hardware and Software Requirements 4 Known Deviations/Errors 4 Release Features in Sostenuto 4.1.3 4 Encryption 4 Forgotten Password 5 Deploying Sostenuto 4.1.3 7 Obtaining the Installation Media 7 Migration from Sostenuto 4.1 and above 7 Migration Procedure 7 Migrating an existing Sostenuto Database 8 Chameleon jar Files 9 After Migration 10 Update the JRE on Each Client Machine 10 Re-installing Web Start 10 Apache HTTP Server Settings 11 Corrections 13 Page 3 of 13

Introduction These Release Notes detail the changes and corrections available in Sostenuto 4.1.3. Sostenuto 4.1.3 includes two specific changes to improve account security and lessen the likelihood of account passwords being hacked. Specifically these changes include: Change of Sostenuto Account password encryption to a non-reversible type. Changes to the Forgotten Password feature of Sostenuto, Iguana, Sostenuto Mobile and Chameleon. Note that you must have Iguana 1.6.1 and Mobile 1.1.3 installed to use this feature. Sostenuto 4.1.3 is available both as a new installation and as a patch to existing 4.1.+ installations. You can migrate to Sostenuto 4.1.3 from Sostenuto 4.0 or any later Releases. If your current version of Sostenuto is earlier than 4.0, you must migrate to Sostenuto 4.0 before upgrading to Sostenuto 4.1.3. For information about upgrading from earlier versions of Sostenuto, please contact the Sunrise Service Desk. Note for Sostenuto 4.0 Users Sostenuto 4.1 is designed to run from within the Apache Tomcat Server and not, as previously, from the Sun Java System Application Server Platform. This means that you cannot upgrade the existing version of Sostenuto in the same folder. Instead, Sostenuto 4.1 will be installed into a different directory. Note: Do not follow the Sostenuto Installation Guide instructions for migrating the Sostenuto database (pages 23-24). Instead follow the instructions on page 8 of these Release Notes for Migrating an existing Sostenuto Database. This will migrate your database from release 4.0 to Release 4.1.3 in one step. Hardware and Software Requirements Hardware and software requirements vary depending on your deployment. See the Sostenuto ITSM Hardware and Software Configuration Guide for the specifications for your particular environment. Known Deviations/Errors All the issues outstanding on Sostenuto 4.1.2 are still outstanding, except those listed in the Corrections at the end of the Release Notes. Release Features in Sostenuto 4.1.3 All the features in Sostenuto 4.1+ are also available in this Release. Encryption Sostenuto 4.1.3 now uses a SHA-2 non-reversible encryption algorithm. After upgrading to Sostenuto 4.1.3 you must run a migration process on the Sostenuto database to update the database and any accounts to the new encryption type. This migration tool is provided with Sostenuto 4.1.3. This encryption type will be the standard encryption with all future versions of Sostenuto, including the forthcoming Sostenuto 4.5. Page 4 of 13

Forgotten Password All Sostenuto interfaces, that is the Sostenuto JRE applet, Chameleon, Iguana and Mobile, now include a common Forgotten Password? link. This link leads to a page that allows the user to request a password reset by entering their configured Sostenuto username (as per the defined Account Profile configuration in Sostenuto). Note: While the screenshot above displays the input field as Account Name / Email Address, this can be changed depending on the configuration of the Account Profile. Different customer Sostenuto implementations can use different fields as the user s account name. In addition, the text displayed on each of the forms can be changed by editing the appropriate entries contained within the messages_en.properties file found in the classes\resources\common folder of the Sostenuto instance. Once the user has entered their Account Name, an email containing a password reset link is sent to the email address associated with the account and a confirmation is displayed. The content of the email sent to the user is configurable. Figure 1: Requesting a Password Reset Clicking the link within the email launches a new window, allowing the user to specify a new password. This link can only be used once, and expires after three days. Should the link expire, the user will need to follow the forgotten password process once again. The length of time that the password reset link will remain active is specified in the password-config.xml file located in the classes\settings\sostenuto folder of the Sostenuto instance. For example, the default is: <expiry-duration unit="days">3</expiry-duration> However, this can be changed to HOURS or even MINUTES if required and an appropriate value specified, for example: or <expiry-duration unit="hours">12</expiry-duration> <expiry-duration unit="minutes">60</expiry-duration> Page 5 of 13

To ensure high security, the generated password reset link is highly unique and cannot be guessed. An example can be seen below: http://172.120.1.18:8080/sostenuto/servlet/reset?refid=htkd17%2brpw0t2ci61s29nppcr3x EFh71IZDVaS6AswkBMsNxig5ipFH4jEYe962hBhXhqMtP%2B%2FIxXT2KPm6DgS47zhLxUk d28qrulvlvn5zjnq7tpyvh4gygfvogvu7fvudyklwewczhcoxkqzzgefa%2bowbmwmiu 57dIccSZK13K5g8cciOEHdz%2FMiJ0CmGwBrllLhyqwi8tqCO47KH%2Fqw8X%2ByujkC9tsV FHkOcbuaRh%2BbwfX5EDBa4EcJ5BXsmUba6ZgcIOWpOPERUmI1G7fUycwV8qGuJf9NSe w1djn1nteunacpst29qzbr9buamgdjypsxweav4buebjvd8qnup91zttukmhksqhxa7q N0IZyTNXa3wwtE%2BKcEXrJrvmbczSaKzdxMBX3dfOs0n%2FOr8daEsX3pCGXKMidAJ7Tf8 15xHtBwdoOTxparwnaDzDxW96nBIHzLUKYV1Q%2B1koqFlCBOpDGqeJLY8YN%2F0mNNJ u2ucadutztprb0kt8fwduczn1rqaj2xf1b8drz5kchdf%2b08dedvqk1zgbo8armpzp5 oz%2bhkqlnttvcyu5cv04tkzckzui9gsfik1i3ej3jw%3d%3d In the email received by the user, the link can be included as part of hyperlink text, i.e. Click here to reset your password. You can configure the contents of the email by editing the forgot-password-email_en.txt file in the classes\resources\common folder of the Sostenuto instance. The email text supports HTML tags so there is additional control over the look of the email if corporate branding is required. The reset password screen can contain an optional challenge field that must be entered alongside the new password in order for the change to be successful. In the following screenshot the challenge question requires the user to confirm the email address of the account, but this can be changed to any other Sostenuto field within the account s parent Service. The field used for the challenge question is identified in the <question_fieldid>field ID</question_fieldId> section of the classes\settings\sostenuto\password-config.xml file of the Sostenuto instance. To edit the challenge question, update the <question_fieldid>field ID</question_fieldId> with the FIELDID that you want to use. The user is also required to enter their password twice to ensure no mistypes. An indicator next to the password field shows the relative strengths of the new password. The current version of Sostenuto does not enforce password strength via policy as yet, but it is hoped that including the indicator will educate users as to what is an acceptable password. On click of the Reset Password button, the password for that account will be changed provided that: the challenge question is correct the entered passwords both match the password is not blocked by Sostenuto password history tracking. The user can then navigate back to the login page they came from and log in with the new password. Page 6 of 13

Deploying Sostenuto 4.1.3 Obtaining the Installation Media Sostenuto 4.1.3 is available to download from Sunrise Software Ltd. To obtain the Sostenuto 4.1.3 installation media please contact the Sunrise Service Desk for a URL. T: +44 (0) 20 8391 4646 E: support@sunrisesoftware.co.uk Using the URL provided, download the Sostenuto 4.1.3 Migration from 4.1.0 or above folder from the website and save it locally. Migration from Sostenuto 4.1 and above Sostenuto 4.1.3 will be available both as a new installation and as a patch to existing 4.1.x installations. The password encryption utility will be updated when you migrate the Sostenuto database. You are recommended to back up the database before running this utility. The Sostenuto 4.1.3 Migration from 4.1.0 or above folder contains all the.jar and.js files for updating Chameleon, to correct the update issues for users who access Chameleon with SSO. Notes Users migrating from Sostenuto 4.1 will now be able to use the PSN validation feature, which was added in Release 4.1.1. PSN validation is added to the ticketing mechanism to ensure that you only access the correct Sostenuto database via SSO. A new property at the end of the server.properties file enables you to set PSN validation on or off. The password encryption feature is available to Iguana and Sostenuto Mobile users who have installed Iguana 1.6.1 and Mobile 1.1.3. Migration Procedure To migrate from Sostenuto 4.1+ to Sostenuto 4.1.3: 1 Stop the Apache Tomcat Services. 1 Back up the current Sostenuto home directory and the Sostenuto database. 2 Open the Sostenuto 4.1.3 Migration from 4.1.0 or above\installation folder. 3 To upgrade your Sostenuto application, extract the 03-sostenuto-tomcat-webapps.zip file into C:\Program Files (x86)\apache Software Foundation\Tomcat 7.0\webapps\[Sostenuto application] to update the Sostenuto files. 4 The migration process replaces the server.properties file in \[Sostenuto Application]\WEB- INF\classes\settings\sostenuto. If you have migrated from Sostenuto 4.1.1 or above, you can replace the updated file with the one from your backup. If you have migrated from Sostenuto 4.1.0, please compare the new file with your backup and re-enter any missing information, particularly the DBServer and Password information. 5 The migration process also replaces the web.xml file in \[Sostenuto Application]\WEB-INF. If you have Iguana or Mobile, you will need to uncomment these sections again. If you have any extra access points (for Customers or Third parties etc.), you will need to add them again. Please do not replace the file with your backup as there are new options included within the upgraded file. Page 7 of 13

Migrating an existing Sostenuto Database Existing Sostenuto 4.1.x database versions are required to be migrated to the latest version. To complete the migration of the database, follow the steps below. 1 Ensure that the <docrootpath>\setenv.bat file shows the Java path, Sostenuto installation path and the Sostenuto web app name. 2 If you are configuring Sostenuto for NT authentication and didn t log in as the desired user account (the account to be used for NT authentication), right-click on the migration.bat file to see the context menu shown below. Specify the credentials of the desired user account and click OK. 3 Execute the migration.bat file. The migration log can be viewed in the location specified in the log4j.properties file. 4 Restart the Apache Tomcat Services. Note that the migration process clears the existing password tracking history data. 5 If your installation is configured for Single Sign On (SSO) or load-balancing, check the contents of the httpd.conf.file. See Apache HTTP Server Settings on page 11. Page 8 of 13

Chameleon jar Files In your previous build of Sostenuto, style sheets may have been changed to alter the colours and images displayed within Chameleon. Copy the following folders and files from the Sostenuto backup to the Sostenuto installation to restore the Chameleon look to your customised settings. <docrootpath>\resources\chameleon\images <docrootpath>\resources\chameleon\css\en\chameleon.css Next, run the Chameleon compile.bat file for the fix to take effect. This generates the HTML folder containing the JSP files. For more information on compiling Chameleon please refer to the Chameleon Configuration Guide. When the HTML folder has been recreated, copy the custom JSP files from the Sostenuto backup folder into the <docrootpath>\web-inf\jsp\chameleon\templates\en folder where any custom JSPs have been added. Please refer to your consultancy documentation for details of any JSP files that have been altered. Page 9 of 13

1. After Migration Update the JRE on Each Client Machine Sostenuto 4.1.3 can only run on client machines which have the correct JRE installed. If the correct JRE is not present on a client machine, a prompt similar to this will be displayed when you attempt to run Sostenuto: Click one of the Allow options to continue. Re-installing Web Start If the Sostenuto client is being accessed via Web Start, this must be uninstalled and re-installed to work with the updated version of Sostenuto 4.1.3. Please refer to the Sostenuto Installation Guide for details of installing Web Start. Page 10 of 13

Apache HTTP Server Settings Read the following information if your system is configured for SSO and/or load balancing. A detailed explanation of all the settings can be found in the Load Balancer Configuration section of the Sostenuto Installation Guide. The final part of the Apache Software Foundation\Apache2.2\conf\httpd.conf file must contain the settings for load-balancing, SSO and Proxy servers. If any of the code is missing, copy and paste it from this document in the order it appears here, then edit it as explained below. Load-balancing settings: ProxyRequests off ProxyPass / balancer://mybalancer/ stickysession=jsessionid scolonpathdelim=on ProxyPassReverse / balancer://mybalancer/ <Proxy balancer://mybalancer > BalancerMember http://localhost:8080 route=tomcata loadfactor=100 </Proxy> SSO settings: <Location /Sostenuto > # Order allow,deny # Allow from all SetEnv proxy-chain-auth On Require valid-user AuthType SSPI AuthName "Windows Authentication" SSPIAuth On SSPIAuthoritative On SSPIDomain DOMAIN NAME SSPIOmitDomain On SSPIOfferBasic Off SSPIUsernameCase lower Proxy server settings: RewriteEngine On RewriteCond %{SERVER_NAME} (.+) RewriteRule. - [E=SERVER_NAME:%1] RewriteCond %{SERVER_PORT} (.+) RewriteRule. - [E=SERVER_PORT:%1] RequestHeader set X-Remote-Address %{SERVER_NAME}e:%{SERVER_PORT}e" </Location> RequestHeader set X-PSN Remote User s PSN RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule. - [E=RU:%1,NS] RequestHeader set X-Forwarded-User %{RU}e RewriteCond %{LA-U:HTTPS} (.+) RewriteRule. - [E=RP:%1,NS] RequestHeader set X-Forwarded-Https %{RP}e Load-balancing settings These settings are needed for load balancing. They are ignored until the load-balanced parameter in the server.properties file is set to true. If you are using load-balancing, ensure that route= is set to the ID of your Tomcat server, shown in red above. Page 11 of 13

SSO settings Enter the SSO settings that are appropriate for your installation. If SSO is enabled, keep all the SSO settings and enter your domain name at SSPIDomain, as shown above. If SSO is NOT enabled, keep the first three lines and remove the comments then delete all the following SSPI settings, as shown below: <Location /Sostenuto > Order allow,deny Allow from all Proxy server settings These settings are used in conjunction with the load-balancing settings above to rewrite the server address with the address of the remote user s proxy server, before sending it to the user. They should be present even if you do not have load-balancing. If you have load-balancing, enter the Remote User s PSN as shown above. Page 12 of 13

Corrections This section details the corrections that have been included in this release. Issue No.: PRB002259 Summary: When Encountered: Description Sostenuto to store passwords using one-way hash encryption. Sostenuto should be able to store passwords in one-way hash encryption, rather than reversible encryption as is currently configured. This also means that the Forgotten Password link would need to be configured with a verified password reset rather than being emailed in plain text. Page 13 of 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information