Release Notes RSA Authentication Agent 7.1.2 for Web for IIS 7.0, 7.5, and 8.0 Web Server



Similar documents
Release Notes RSA Authentication Agent for Web for IIS 7.0, 7.5, and 8.0 Web Server

RSA Authentication Agent 7.1 for Web for IIS 7.0 and 7.5 Installation and Configuration Guide

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

WatchDox SharePoint Beta Guide. Application Version 1.0.0

Owner of the content within this article is Written by Marc Grote

How To Secure An Rsa Authentication Agent

Citrix Access Gateway Plug-in for Windows User Guide

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

Hosted Microsoft Exchange Client Setup & Guide Book

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

TROUBLESHOOTING GUIDE

Siteminder Integration Guide

NSi Mobile Installation Guide. Version 6.2

Active Directory Self-Service FAQ

NovaBACKUP xsp Version 12.2 Upgrade Guide

RSA Authentication Manager 7.1 Basic Exercises

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Avatier Identity Management Suite

Internet Information Services Integration Kit. Version 2.4. User Guide

FileMaker Server 14. FileMaker Server Help

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

CA Technologies SiteMinder

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

RSA SecurID Ready Implementation Guide

RoomWizard Synchronization Software Manual Installation Instructions

Configuring Microsoft Internet Information Service (IIS6 & IIS7)

Hosted Microsoft Exchange Client Setup & Guide Book

LepideAuditor Suite for File Server. Installation and Configuration Guide

Table of Contents. Welcome Login Password Assistance Self Registration Secure Mail Compose Drafts...

Administering Jive for Outlook

Single Sign-on Configuration for SharePoint Integration

Zimbra Connector for Microsoft Outlook

TECHNICAL CONDITIONS REGARDING ACCESS TO VP.ONLINE. User guide. vp.online

EventTracker: Support to Non English Systems

CA SiteMinder. Agent for IIS Installation Guide. r12.0 SP3

How-to: Single Sign-On

User Management Tool 1.5

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

EMC Documentum Repository Services for Microsoft SharePoint

BusinessObjects Enterprise XI Release 2

LAB: Enterprise Single Sign-On Services. Last Saved: 7/17/ :48:00 PM

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Security Guidelines for MapInfo Discovery 1.1

Apache Server Implementation Guide

WhatsUp Gold v16.2 Installation and Configuration Guide

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

NetWrix Password Manager. Quick Start Guide

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

WhatsUp Gold v16.1 Installation and Configuration Guide


Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

RSA Security Analytics

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Using ProjectWise Explorer for File Transfer

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

NETWRIX USER ACTIVITY VIDEO REPORTER

How to install and use the File Sharing Outlook Plugin

Colligo Engage Windows App 7.0. Administrator s Guide

NETWRIX WINDOWS SERVER CHANGE REPORTER

Exchange Integration DME 4.4 Microsoft Exchange 2007, 2010, 2013

MailEnable Connector for Microsoft Outlook

Cloud Portal for imagerunner ADVANCE

Office 365 deployment checklists

NovaBACKUP xsp Version 15.0 Upgrade Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

Symantec Managed PKI. Integration Guide for ActiveSync

NTP Software File Auditor for NAS, EMC Edition

Contents Release Notes System Requirements Administering Jive for Office

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Kaseya 2. User Guide. Version 6.1

Accessing the Media General SSL VPN

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Mod 2: User Management

Installation Guide for Microsoft SQL Server 2008 R2 Express. October 2011 (GUIDE 1)

PaperPort PSP Server 3 SERVER ADMINISTRATOR S GUIDE

Wise Package Studio 8.0 MR1 Release Notes

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

SmartSync Monitor Help

Aradial Installation Guide

Active Directory Requirements and Setup

uh6 efolder BDR Guide for Veeam Page 1 of 36

Configuring EPM System for SAML2-based Federation Services SSO

FileMaker Server 13. FileMaker Server Help

SAS Agent for Outlook Web App

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

Windows XP Exchange Client Installation Instructions

Microsoft Office 365 Using SAML Integration Guide

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

How To - Implement Single Sign On Authentication with Active Directory

WhatsUp Gold v16.3 Installation and Configuration Guide

EMC SourceOne SEARCH USER GUIDE. Version 6.8 P/N A01. EMC Corporation Corporate Headquarters: Hopkinton, MA

Front-Office Server 2.7

Active Directory Management. Agent Deployment Guide

EMC Data Protection Search

Cloud Services ADM. Agent Deployment Guide

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

Transcription:

Release Notes RSA Authentication Agent 7.1.2 for Web for IIS 7.0, 7.5, and 8.0 Web Server October, 2013 Introduction This document lists what is new and what has changed in RSA Authentication Agent 7.1.2 for Web for IIS 7.0, 7.5 and 8.0 Web Server. It includes descriptions of fixed issues, as well as workarounds for known issues. RSA recommends that you read this document before installing RSA Authentication Agent 7.1.2 for Web for IIS 7.0, 7.5 and 8.0 Web Server. This document contains the following sections: What's New in This Release Prerequisites for Installing RSA Web Agent 7.1.2 on Windows Server 2012 Product Documentation Fixed Issues Known Issues Documentation Addendum Support and Service These Release Notes may be updated. The most current version can be found on RSA SecurCare Online at https://knowledge.rsasecurity.com. What's New in This Release This section describes the changes introduced in this release. To install this release, follow the instructions for a full product installation as described in the RSA Authentication Agent for Web for IIS Installation and Configuration Guide. Support for Additional Platforms. This release adds support for: Microsoft Internet Information Services (IIS) 8 Server on Windows Server 2012 [x64] Microsoft Exchange Server 2013 for Outlook Web Access (OWA) on Windows Server 2008 R2 Microsoft Exchange Server 2013 for Outlook Web Access (OWA) on Windows Server 2012[x64] Microsoft Active Directory Federation Services for Office 365 on Windows Server 2008 Microsoft Active Directory Federation Services for Office 365 on Windows Server 2008 R2 Microsoft Active Directory Federation Services for Office 365 on Windows Server 2012 Single Sign-On with Microsoft OWA on Exchange Server 2013 Silent Installation. As of the 7.1.2 release, RSA Authentication Agent for Web for IIS no longer supports silent installation. Update to Address a Security Issue. This release fixes a security issue that under some circumstances left protected websites unprotected after a crash by RSA Authentication Agent for Web for IIS. Additional Bug Fixes. This release includes bug fixes that increase application stability and code quality. Prerequisites for Installing RSA Web Agent 7.1.2 on Windows Server 2012 To install RSA Web Agent 7.1.2 for Windows Server 2012, you must have.net framework 3.5 pre-installed on the Windows Server 2012 machine. Note that Windows Server 2012 come prepackaged with.net 4.5. However,.NET 3.5 is required. October 2013

Product Documentation The following documentation for RSA Authentication Agent 7.1.2 for Web for IIS 7.0, 7.5 and 8.0 Web Server is in the \doc directory. Title RSA Authentication Agent for Web for IIS Installation and Configuration Guide RSA Authentication Agent for Web for IIS Developer s Guide Integrating RSA Authentication Agent for Web with RSA Authentication Manager Express Risk-Based Authentication Filename WebAgent_IIS.pdf WebAgentDev_Win.pdf RSAWebAgent_AMX.pdf Fixed Issues This section describes the issues fixed in this release. The RSA Authentication Agent Applet is not working properly for an admin user other than the built-in administrator. Tracking Number: AAIIS-477 For the RSA Authentication Agent applet to work properly, the administrator permissions from the following directories must be inherited by their child directories/keys: HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\ACECLIENT HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\RSAWebAgent HKEY_LOCAL_MACHINE\SOFTWARE\RSAACEAgents Unable to protect a single page when the folder is defined as an application. Tracking Number: AAIIS-774 On Windows 2012 with Exchange Server 2013, this issue no longer exists. Protected websites may be left unprotected after agent crash. Tracking Number: AAIIS-1038 In some cases, when the RSA Authentication Agent for Web for IIS crashes, websites protected by this agent could be left unprotected. This is due to the fail open flaw in the agent code. RSA ACE Agent for Web IIS 7.1 - Web application pool should run as a non-system account. Tracking Number: AAIIS-1048 See Running the Web Application Pool as a Non-System User. Known Issues This section describes issues that remain unresolved in this release. Wherever a workaround or fix is available, it has been noted or referenced in detail. Many of the workarounds in this section require administrative privileges. If you do not have the required privileges, contact your administrator. RSA Authentication Agent 7.1.2 does not support 32 -bit applications on 64-bit operating systems. Tracking Number: AAIIS-572 Problem: RSA Authentication Agent 7.1.2 does not support 32-bit applications on 64-bit operating systems. 2 October 2013

WebAgent does not protect individual files having non-english characters. Tracking Number: AAIIS-701 Problem: WebAgent does not protect individual files that have local language characters in the file name. Disable IIS Server if agent fails to load checkbox cannot be unchecked. Tracking Number: AAIIS-786 Problem: The Disable IIS Server if agent fails to load checkbox cannot be unchecked. In Outlook Web Access2010, refreshing the modal popup page does not redirect to the RSA SecurID logon page. Tracking Number: AAIIS-808 Problem: In OWA 2010 after the idle cookie time expires, a modal popup is displayed. Refreshing this directs the user to the OWA page instead of to the RSA SecurID logon page, useridandpasscode.htm. The Use JavaScript pop-up window to authenticate in frames features does not work properly. Tracking Number: AAIIS-839 Problem: When the Javascript popup option is disabled, authentication with separate frames is successful but the authentication page is thrown again. Workaround: To use the 'JavaScript popup' feature you must disable cross frame busting by setting the environment variable RSA_NO_FRAME_BUSTING=1 in the WebAgent machine. In general, it is recommended to protect the main page, instead of protecting individual frames in the page. On cookie expiry, all unsaved data in Active sync is lost. Tracking Number: AAIIS-982 Problem: In Active sync, if the cookie expires while composing an e-mail message, the message is not saved in the Drafts folder. For an agent configured with AMX, all unsaved data in OWA 2010 will be lost on cookie expiry. Tracking Number: AAIIS-984 Problem: If the agent is configured with AMX, all unsaved data in OWA 2010 will be lost after cookie expiry. Workaround: Refresh the page. Single sign-on does not work during an upgrade. Tracking Number: AAIIS-1004 Problem: During an upgrade, if single sign-on (SSO) is enabled, the configuration UI settings are carried forward but a module required for SSO is not added in the modules section.as a result, SSO does not work. Workaround: To enable SSO for Exchange, disable the Target this resource for Single Sign-On checkbox and enable it again in the IIS Manager Configuration UI. To enable SSO for Sharepoint, follow the steps in the section Prepare WebAgent for Single Sign-On to the Microsoft Office SharePoint Server in the IIS Installation and Configuration Guide and remove the RSAsinglesignonExtension in the handler mapping section. October 2013 3

After a successful (multiple domain) authentication, SharePoint 2007 site does not redirect to requested site. Tracking Number: AAIIS-1006 Problem: SharePoint 2007 site with multiple domain authentication is not redirecting to the requested page after a successful authentication. After configuring SharePoint 2007 32-bit for SSO, all users get an Access Denied message. Tracking Number: AAIIS-1009 Problem: After configuring SSO for SharePoint 2007 32-bit, all users trying to sign in get an Access Denied, Sign in as a different user message. If a user tries to access multi-domain SSO with the password only feature enabled, access is denied to the user. Tracking Number: AAIIS-1014 Problem: If a user tries to access multi-domain SSO with password only feature enabled, an Access Denied message is displayed. Workaround: After generating or importing the domain Secret, restart the RSA Pipe Service. Windows Mobile 6.5 ActiveSync is not able to Sync with Exchange 2013 on Windows 2012 Server. Tracking Number: AAIIS-1092 Problem: Windows Mobile 6.5 ActiveSync is not able to Sync with Exchange 2013 on Windows 2012 Server. Logging out of Exchange produces an error when used with single sign-on. Tracking Number: AAIIS-1094 Problem: When a user clicks Sign Out, Microsoft Exchange returns a 404 File Note Found error. Workaround: Close the browser window to log out. Help not working in the RSA Authentication Agent Control Panel applet. Tracking Number: AAIIS-1101 Problem: Help does not work in the RSA Authentication Agent Control Panel applet.. Microsoft has deprecated this feature. See http://technet.microsoft.com/en-us/library/hh831568.aspx. Redirect HTTP connection to Secure Server option is not working in Windows Server 2012. Tracking Number: AAIIS-1103 Problem: If you access a protected resource with HTTP when the Require Secure Connection to Access Protected Page and Redirect HTTP Connections to Secure Server options are enabled in RSA SecurID Features in IIS Manager, you are not automatically redirected to HTTPS. Authentication Successful pop-up window appears when authenticating with Use Java Script Pop-Up Window to Authenticate enabled. Tracking Number: AAIIS-1108 Problem: After successful authentication when Use Java Script Pop-Up Window to Authenticate in Frames is enabled, an Authentication Successful window is displayed instead of displaying the protected resource. Workaround: Click OK to display the protected resource. 4 October 2013

A remote IIS Manager closes when you open the RSA SecurID feature. Tracking Number: AAIIS-1118 Problem: After connecting to a remote IIS Manager, opening RSA SecurId Feature closes the IIS Manager. RSA SecurID is not populating in Features View of Virtual site when only Site is opened on remote IIS Manager. Tracking Number: AAIIS-1119 Problem: After adding a virtual site through the IIS Manager, connect to the site by right clicking on IIS and connecting to another web server machine, The Features view of the newly added virtual site will not display RSA Securid Feature. Upgrading from RSA Authentication Agent for Web 7.1.1 to 7.1.2 on Microsoft Windows 2008 SP2 64-bit Enterprise is not supported. Tracking Number: AAIIS-1122 Problem: Upgrading from RSA Authentication for Web 7.1.1 to 7.1.2 on 64-bit versions of Microsoftt Windows 2008 SP2 Enterprise produces the following error: Error 2324: Could not open file. \Windows\System32\SdRepository\SDCONTRL.hlp GetLastError: 3. Workaround: Perform the following procedure: 1. Back up the following files and delete the original version: \Windows\System32\SdRepository\SDCONTRL.hlp \Windows\System32\SdRepository\sdcontrl.cnt \Windows\System32\inetsrv\config\schema\securidsection_schema 2. Start the upgrade process. Web Agent timeout pop-up is not working correctly in OWA. Tracking Number: AAIIS-1132 Problem: When using Outlook Web Access, the idle timeout popup appears after 15 minutes, even if there is ongoing activity. Documentation Addendum Enabling Single Sign-On in Microsoft Exchange Server 2013 Perform the following steps to enable single sign-on in Microsoft Exchange 2013. To enable single sign-on on Exchange Server 2013: 1. Open the Microsoft Exchange Administration Center (EAC). 2. On the left pane, click Servers. 3. Click Virtual Directories. 4. Click OWA and edit server properties. 5. Click Authentication. October 2013 5

6. Select Use one or more standard authentication methods. 7. Select Integrated Windows authentication. To enable integrated Windows authentication for SSO on IIS8 in Microsoft Exchange 2013, go to: http://blogs.msdn.com/b/mvpawardprogram/archive/2013/03/18/virtual-directories -exchange-2013.aspx 8. Click Save. Using the Web Agent with Active Directory Federation Services Use the following resources to help you integrate the Web Agent 7.1.2 with ADFS. Review the following topic from Microsoft: http://technet.microsoft.com/en-us/library/hh344805%28ws.10%29.aspx Review the RSA SecurID Implementation Guide for AD FS. 1. Click https://gallery.emc.com/community/marketplace/rsa?view=overview. 2. Search for ADFS. 3. From the search results, click Microsoft Active Directory Federation Service. 4. Click Collateral to access the RSA SecurID Implementation Guide. Running the Web Application Pool as a Non-System User To run the web application pool as a non-system user: 1. Grant permission to the following registry entries for the user: HKLM\System\CurrentControlSet\Services\WinSock2\Parameters HKLM\SOFTWARE\SDTI\RSAWebAgent 2. Grant the permissions Read and Execute, Execute, List folder contents, and Read to the directory \Program Files\RSA Security\RSAWebAgent 3. Grant the permissions Read and Execute, and Read to the file \Program Files\RSA Security\RSAWebAgent\securid 4. Grant the permissions Read and Execute, and Read to the file \Program Files\RSA Security\RSAWebAgent\sdstatus.12 Clearing the Node Secret To clear the node secret: 1. Clear the node secret from RSA Authentication Manager. To do this, Open the Authentication Manager Security Console and click Access > Authentication Agents > Manage Existing. 2. Locate the affected agent host and click on the drop down menu. 3. Select Manage Node Secret. 4. Check Clear the node secret, and click Save. 5. Log on to the Agent Host machine and clear the node secret from the RSA Authentication Agent. To do this, rename or delete the node secret file. The file is located in \Program Files\RSA Security\RSAWebAgent" 6. Test authentication from RSA Web Agent 7.1.2. 7. Check your authentication logs and ensure a new node secret has been sent. 8. Restart your IIS server. 6 October 2013

Support and Service RSA SecurCare Online Customer Support Information RSA Solution Directory https://knowledge.rsasecurity.com www.emc.com/support/rsa/index.htm https://gallery.emc.com/community/marketplace/rsa?view=overview Copyright 2013 EMC Corporation. All Rights Reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa. October 2013 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information