Release Notes. Identikey Server Release Notes 3.1



Similar documents
Identikey Server Windows Installation Guide 3.1

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Identikey Server Getting Started Guide 3.1

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

IDENTIKEY Server Windows Installation Guide 3.2

IDENTIKEY Server Windows Installation Guide 3.1

I n s t a lla t io n G u id e

Identikey Server Administrator Reference 3.1

DIGIPASS Authentication for Windows Logon Product Guide 1.1

IDENTIKEY Server Administrator Reference 3.1

Identikey Server Performance and Deployment Guide 3.1

Identikey Server Product Guide

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

IDENTIKEY Server Product Guide

2007 Digipass Pack for OWA 2007 Basic Authentication IIS IIS 6 Module Authentication Server web site Digipass Pack for OWA 2007 Basic Authentication

DIGIPASS CertiID. Getting Started 3.1.0

DIGIPASS Authentication for GajShield GS Series

Digipass Authentication For IIS Basic 3.2

Dell Statistica Statistica Enterprise Installation Instructions

A dm inistrator Reference

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Witango Application Server 6. Installation Guide for Windows

Rev 7 06-OCT Site Manager Installation Guide

Installation Instruction STATISTICA Enterprise Server

Vodafone PC SMS (Software version 4.7.1) User Manual

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Active Directory Change Notifier Quick Start Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Microsoft Dynamics GP. Engineering Data Management Integration Administrator s Guide

Dell Statistica Document Management System (SDMS) Installation Instructions

Microsoft Dynamics GP. Business Analyzer

IGEL Universal Management. Installation Guide

Installation Instruction STATISTICA Enterprise Small Business

IceWarp Unified Communications. Installation Guide. Version 10.4

User Guide. DocAve Lotus Notes Migrator for Microsoft Exchange 1.1. Using the DocAve Notes Migrator for Exchange to Perform a Basic Migration

WhatsUp Gold v16.2 Installation and Configuration Guide

Symantec Backup Exec 2010 R2. Quick Installation Guide

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

DIGIPASS Authentication for Juniper ScreenOS

DIGIPASS Authentication for SonicWALL SSL-VPN

Jet Data Manager 2012 User Guide

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Database Administration Guide

DIGIPASS as a Service. Google Apps Integration

About Recovery Manager for Active

Administration and Business Collaboration. User Manual

NetBak Replicator 4.0 User Manual Version 1.0

IDENTIKEY Appliance Administrator Guide

Database Administration Guide

Sharpdesk V3.5. Push Installation Guide for system administrator Version

Sage 300 ERP Installation and Administration Guide

Diamond II v2.3 Service Pack 4 Installation Manual

ibolt V3.2 Release Notes

Setting Up ALERE with Client/Server Data

SolarWinds Migrating SolarWinds NPM Technical Reference

FUSION Installation Guide

WhatsUp Gold v16.1 Installation and Configuration Guide

Reconfiguring VMware vsphere Update Manager

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Server Installation Guide ZENworks Patch Management 6.4 SP2

Sage ERP Accpac 6.0A. Installation and System Administrator's Guide

ORACLE USER PRODUCTIVITY KIT USAGE TRACKING ADMINISTRATION & REPORTING RELEASE 3.6 PART NO. E

QUANTIFY INSTALLATION GUIDE

Intelli-M Access Quick Start Guide

COM Port Stress Test

LANDESK Service Desk. Desktop Manager

Netwrix Auditor for Exchange

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Preparing Your Server for an MDsuite Installation

Avalanche Site Edition

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

MiSync Personal for Beams

Imaging License Server User Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

How To Set Up Total Recall Web On A Microsoft Memorybook (For A Microtron)

Netwrix Auditor for SQL Server

Backup Exec 15. Quick Installation Guide

Sage 300 ERP Installation and Administration Guide

XenClient Enterprise Synchronizer Installation Guide

formerly Help Desk Authority Upgrade Guide

IceWarp Server Windows Installation Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Setting up and Automating a MS Dynamics AX Job in JAMS

Oracle Enterprise Manager

TIBCO Spotfire Automation Services Installation and Configuration

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

3 Setting up Databases on a Microsoft SQL 7.0 Server

Sage 300 ERP Sage CRM 7.1 Integration Guide

Enterprise Manager. Version 6.2. Installation Guide

Universal Management Service 2015

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Dell NetVault Backup Plug-in for SQL Server

Symantec AntiVirus Corporate Edition Patch Update

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Transcription:

Release Notes Identikey Server Release Notes 3.1

Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express or implied, including but not limited to warranties of merchantable quality, merchantability of fitness for a particular purpose, or those arising by law, statute, usage of trade or course of dealing. The entire risk as to the results and performance of the product is assumed by you. Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect, incidental, special or consequential damages whatsoever, including but not limited to loss of revenue or profit, lost or damaged data of other commercial or economic loss, even if we have been advised of the possibility of such damages or they are foreseeable; or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers and suppliers shall not exceed the amount paid by you for the Product. The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term, or a fundamental breach. Some states/countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you. RADIUS Documentation Disclaimer The RADIUS documentation featured in this manual is focused on supplying required information pertaining to the RADIUS server and its operation in the VACMAN Middleware environment. It is recommended that further information be gathered from your NAS/RAS vendor for information on the use of RADIUS. Copyright 2009 VASCO Data Security Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security Inc. Trademarks Identikey and Digipass are registered trademarks of VASCO Data Security International Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective holders. Identikey Server 3.1 Release Notes 2

Table of Contents Table of Contents 1 Introduction... 4 1.1 Available Guides... 4 2 Known Issues... 6 2.1 New Issues in Identikey Server 3.1... 6 2.2 Issues Carried Forward from Identikey Server 3.0... 9 2.3 Issues Carried Forward from VACMAN Middleware 3.0...12 Identikey Server 3.1 Release Notes 3

Introduction 1 Introduction Welcome to the Release Notes for Identikey Server 3.1. This document covers the following topics: Reference Guides Known Issues 1.1 Available Guides The following Identikey Server guides are available: Product Guide The Product Guide will introduce you to the features and concepts of Identikey Server and the various options you have for using it. Getting Started Guide The Getting Started Guide will lead you through a standard setup and testing of key Identikey Server features. Windows Installation Guide Use this guide when planning and working through an installation of Identikey Server in a Windows environment. Linux Installation Guide Use this guide when planning and working through an installation of Identikey Server in a Linux environment. Administrator Reference In-depth information required for administration of Identikey Server. This includes references such as data attribute lists, backup and recovery and utility commands. Performance and Deployment Guide Contains information on common deployment models and performance statistics. Help Files Context-sensitive help accompanies the Administration Web Interface and Digipass Extension for Active Directory Users and Computers. Identikey Server 3.1 Release Notes 4

Introduction Identikey Server SDK Programmers Guide In-depth information required to develop using the SDK. Identikey Server 3.1 Release Notes 5

2 Known Issues 2.1 New Issues in Identikey Server 3.1 4404: Installing the Digipass Self Management or OTP Request web site on Windows 2008 does not seem to work properly. Platforms: Windows 2008 Where the Self Management web site or OTP Request web site has been installed on a machine running Internet Information Services 7.0, security warnings are displayed and the new web site cannot be accessed. Solution: 1. Enable CGI in Role Settings. For information on completing this task in Windows Server 2008, Windows Vista or Windows Server 2008 Core, see http://technet.microsoft.com/en-us/library/cc753077.aspx. 2. Open the IIS Manager and locate the directory for the relevant web site. 3. Right-click on the directory and click on Convert to Application. Use the default settings and click on OK. 4. In Features view: a. Select the new application and double-click on the Handler Mappings icon to the right of the window. b. Enter the following information: i ii iii iv Request path: *.cgi Module: CgiModule Executable: (leave blank) Name: CGI c. Click on OK. d. Double-click on the ISAPI and CGI Restrictions icon. e. Click on Add. f. Enter the following information: i ii iii g. Click on OK. ISAPI or CGI Path: Navigate to www\root\dpselfservice\cgi\usercgi.exe (Self-Management web site) or www\root\requestotp\cgi\vdpcgi.exe (OTP Request web site) Description: (brief description, if desired) Tick the Allow extension path to execute checkbox. Identikey Server 3.1 Release Notes 6

For more information on setting ISAPI and CGI Restrictions, see http://technet.microsoft.com/enus/library/cc732851(ws.10).aspx. 4478: Identikey Server daemon restart not correctly displayed in RedHat Services Tool Platforms: RedHat Enterprise Linux 5.0 When the Identikey Server daemon is restarted via the services tool, RHEL may continurally try and fail to start the daemon automatically. Work-around: If this occurs, a force-quit of the service application will start the Identikey Server daemon correctly. 4280: Web Admin - import of 20K users finishes uncleanly with java.lang.outofmemoryerror: Java heap space message An import of 20 000 or more User records from a single file is successful, but may finish uncleanly. The error given is: Error java.lang.outofmemoryerror: Java heap space Work-around: increase the JVM heap size for Tomcat (see Java Memory section in Identikey installation guides for more details) or your specific web server application. 4633: Auditing - On creating another new Live audit method, the Identikey Server cannot be restarted successfully. A Communications error occurs on creating a new Live Audit Method besides the default one via the Web Admin application. The Live Audit Method is successfully added to the list of audit methods, but the Identikey Server can not be restarted while the new audit method is enabled. Work-around: Delete the previous Live Audit Method, so that only one Live Audit connection is active. 4310: Administration Web Interface displays 'Reserved for individual assignment' checkbox The Digipass properties page displays the Reserved for individual assignment checkbox, regardless of assignment status of the Digipass. The checkbox is always unticked. 4024: Not possible to get a license using the configuration wizard GUI Platforms: Linux The configuration wizard GUI returns an error if you start the 'get the License' operation. The configuration GUI tries to open a browser, which is not installed in chroot environment. Workaround: Install a license using the Administration Web Interface. Identikey Server 3.1 Release Notes 7

4680: Auditing Syslog auditing logs only to first enabled log file specified in the configuration file Platforms: Linux Where more than one syslog based audit configuration has been defined, Identikey Server only logs to the first enabled syslog based auditing configuration. 4343: Web Admin Create button does not work as expected in Copy Policy panel on Ms Internet Explorer Administration Web Interface: If you enter a Policy ID and hit ENTER on the Copy Policy screen, the field is blanked out and the policy is not copied, even though the CREATE button is highlighted. 4573: After refining a Digipass search, clicking Cancel causes a 'Webpage has expired' error in MS Internet Explorer Platforms: Windows Administration Web Interface on MS Internet Explorer: If you define a Digipass search, and then go back to refine the search but instead click Cancel, a 'Webpage has expired' message is displayed. 4736: Digipass Extension for AD Users and Computers Snap-In may require restart of Windows Platforms: Windows 2008 When Identikey Server is installed on a Windows 2008 Active Directory Domain Controller, Digipass menu items may not be visible in the Active Directory Users and Computers interface. Where this occurs, requesting a User's property page causes an error to be displayed: Digipass application / unable to connect to directory Solution: Restart Windows. 4628: Auditing If a new text file audit method is created in the configuration GUI, disabling and then cancelling the action gives unexpected results Configuration GUI: If you add a new Text File audit method, but then disable it and click Cancel, an error message is displayed when the Configuration GUI is next loaded. If you repeat this process, and have previously added a Text file audit log to the list, the cancelled audit method replaces the first in the list. Identikey Server 3.1 Release Notes 8

Work-around: Delete the audit method manually before exiting the Configuration GUI. 4636: Auditing If a new ODBC audit method is created with invalid database details, the Identikey Server cannot be restarted successfully Platforms: Windows Web Administration Interface: If an ODBC audit method is created with incorrect details (eg. invalid password or invalid DSN), the configuration is saved successfully. On manual restart of the Identikey Server, an error message is displayed. Work-around: Open the Configuration GUI and correct the audit configuration before restarting the Identikey Server. 4675: Auditing the option 'Record audit message if not other method has recorded it' does not work for the Live Audit Viewer If a Live Audit Viewer method is enabled in the Web Admin application, with the option 'Record audit message if no other method has recorded it' set to TRUE, the Identikey Server still logs messages to this method if another audit method is logging the messages. 4726: Cancelling from the installation wizard causes errors Platforms: Windows Windows basic installation only. If you complete the installation wizard, click Cancel in the Summary screen at the end of the wizard, a number of error messages are displayed and the manual deployment window opens with no values pre-populated. 2.2 Issues Carried Forward from Identikey Server 3.0 992: RADIUS Accounting fail-back delayed for one request This situation may occur where: RADIUS Back-End Authentication is in use; and More than one RADIUS Back-End server is in use, to allow redundancy When fail-over to the secondary RADIUS server has occurred, and Identikey Server has discovered that the primary RADIUS server is again available, the current accounting 'start' request will be incorrectly sent to the secondary server. Subsequent accounting requests will be correctly switched back to the primary RADIUS Server. Identikey Server 3.1 Release Notes 9

2334: Reports grouped by Client miss 'default' RADIUS Client Reports on audit data grouped by Client will not display audit messages related to authentication that were carried out using the 'default' RADIUS Client. Work-around: If you require this kind of reporting, create specific Client records for each RADIUS Client. 2740: Double quotes in Organizational Unit names are not allowed If you create an Organizational Unit with double quotes in the name, choice lists of Organizational Units may be empty. Avoid double quotes in these names. 2749: Missing pre-check in Configuration Wizard for User with too few privileges Platforms: Linux The Identikey Server Configuration Wizard and Utility programs in /usr/sbin may be executable by users who do not have the necessary permissions to modify the Identikey Server configuration file. In this case, they can execute the programs but they will fail when the program tries to write to the configuration file. While it may appear that they are able to modify the configuration file, this is not the case. 2891: Organizational Unit administrator can edit/delete outside their scope If an Organizational Unit-level administrator has access to the SOAP SDK administration interface or to DPADMINCMD, and they know the key fields of a record outside their own scope, they are able to edit or delete that record (provided that they have Update User and/or Delete User privilege). However, this is not possible through the Administration Web Interface. 2900: Editing a Report Query with non-english characters fails It is possible to create Report Queries with non-english characters in the Query names, but editing these Queries will fail. However, Report names will accept all characters. Work-around: Avoid non-english characters in Query names. 2903: Converting UserID/Domain to upper case, the 'MASTER' domain is not created The Identikey Server Configuration Wizard creates the Master Domain. If the name of the Master Domain is left as the default master but the Convert UserIDs and Domains to upper case option is selected, the wizard does not create the Master Domain MASTER as would be expected. Identikey Server 3.1 Release Notes 10

Note: This issue does not occur on Windows when the embedded database option is used. Work-around: Create the master domain using the Configuration GUI, before User and Digipass records are created or imported. 3041: Windows Authentication - any domain name for local accounts Platforms: Windows If you are using Windows Back-End Authentication in an Identikey Server that is not installed on a Domain Controller, Back-End Authentication can succeed as a local machine account using any domain name as a prefix (DOMAIN\user) or suffix (user@domain). This is due to a bug in the underlying Windows function. A similar problem has been seen when Identikey Server is installed onto a Domain Controller also. 3073: Warning messages no version information available Platforms: Linux When executing some of the Identikey Server binaries, warning messages such as the following may appear in the terminal window: /usr/lib/libcrypto.so.0.9.8: no version information available (required by./ikconfigwizardgui) These messages can be ignored. 3134: Dash and asterisk characters not working in Report names Reports and Report Queries can be created with '-' or '*' in the name, but display and edit of these reports will not function correctly. These characters should be avoided in the names. 3154: Virtual Digipass Request OTP Web Site has no default page set up Platforms: Windows When the Virtual Digipass Request OTP Web Site is deployed automatically as a Virtual Directory into IIS by the Identikey Server installer, no default page is set up for the Virtual Directory. It should be set up as index.html. 3177: Re-validation of Signatures requires the same Policy settings If you want to re-validate a Signature some time after the original validation was performed, it is important to use the same Policy settings. Specifically, the settings on the Digipass and Digipass Control Parameters should be the same. Otherwise, validation may not be consistent with the original validation check. For example, if you re-validate using a different Signature Time Window, the result may be different. Identikey Server 3.1 Release Notes 11

3179: DPADMINCMD cannot read customized encryption settings for DP import When DP are imported using DPADMINCMD instead of the Administration Web Interface, the encryption Storage Key should be used by DPADMINCMD to extract the data from the DPX file. However, it does not read the encryption section from its configuration file, so any DP imported using DPADMINCMD will have the default encryption with no Storage Key specified. The Identikey Server will be unable to use these imported DP. Work-around: If you have a Storage Key specified in your encryption settings, do not import DP using DPADMINCMD. 3524: Identikey Server using Oracle on Linux can hang under extreme load Platforms: Linux Under a very high load of authentication requests for a sustained period of time, the Identikey Server process can stop responding to requests. This can occur when Oracle is used on the Linux platform. 2.3 Issues Carried Forward from VACMAN Middleware 3.0 673: Serial Number Separator Limitation * cannot be used as a Serial Number Separator for Self-Assignment. 1384: Audit Viewer font sizes of 12 or more do not display correctly If you configure the font for audit messages to 12 point or greater, the list rows do not expand in height, so they do not display correctly. 1427: Trace files do not handle all Unicode characters When tracing Unicode data, the data is normally translated to ANSI encoding. If your locale does not include certain characters, they will therefore not be shown in the tracing. For example, on a Western European server, Cyrillic characters will not be displayed. Also, in some cases, a mixture of ANSI and UTF-8 encoding is used. This can confuse text editors, which normally assume that the whole file is one encoding only, so that some of the text is not displayed correctly. 1451: In some ODBC databases, redundant indexes are created Identikey Server 3.1 Release Notes 12

Some ODBC databases automatically create an index on foreign key columns. In that case, duplicate indexes are created by DPDBADMIN.EXE, and warnings may be issued when the schema is extended. The extra indexes can be removed if required after installation using the database's schema tool. 1467: Index size warnings on Microsoft SQL Server Platforms: Windows The potential size of some indexes is greater than the SQL Server maximum. Warnings are shown when extending the schema, such as: Warning! The maximum key length is 900 bytes. The index 'vdsauditmsgfield_0' has maximum length of 1028 bytes. For some combination of large values, the insert/update operation will fail. 2253: Replication queue file size limit is not exact The Replication queue file does not increment in even sized blocks. As it gets larger, larger blocks are added. Therefore, it can jump to a higher size than the limit. With the limit set to 100MB, it was seen in stress testing that it could even jump to around 150MB. 4363: Potential Auto-Assignment of the same Digipass when Replication is down If you have two or more Identikey Servers that are simultaneously auto-assigning Digipass while the communications between them have gone down, the Identikey Servers may Auto-Assign the same Digipass to different users. 7166: Backup Virtual Digipass with time-based Challenge/Response Using time-based challenge/response, the following problem can occur. After generating and verifying a backup One Time Password (OTP), any attempt to verify a new primary (hardware) OTP will fail with code 201 'Code Replay Attempt'. The user will have to wait a few hours to be able to log in again with their hardware Digipass. This does not affect non-time-based Challenge/Response. Identikey Server 3.1 Release Notes 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information