Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 Release Notes
Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 Release Notes
Note: Before using this information and the product it supports, read the information in Notices, on page 1. First Edition (March 2006) Copyright International Business Machines Corporation 1996, 2006. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Release Notes IBM Tivoli Access Manager for Enterprise Single Sign-On Version 5.0 March, 2006 IBM is releasing version 5.0 of IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM E-SSO). This is the latest edition of the TAM E-SSO Agent and the TAM E-SSO Administrative Console. These release notes provide information about the enhancements and open issues in this release. The information in this document supplements and supersedes information in the TAM E-SSO product documents. The following topics are discussed: What s New...2 Open Issues...4 Technical Notes...5 Product Documentation...5 Contacting Customer Support...6
What s New What s New These topics describe the new features in this version. 16-bit Legacy Emulator Support TAM E-SSO provides Legacy Emulator Support for 16-bit legacy HLLAPI-based emulators. To install support for 16-bit emulators, when installing the TAM E-SSO Agent, select a Custom install, and select Extensions > Logon Manager > Mainframe Emulator Helper > Legacy Emulator Support. RSA SecurID Application Support for Mainframe, Web & Java RSA SecurID application support has been added for Mainframe, Web, and Java applications. This is for use with TAM E-SSO: Authentication Adapter. Java Support Enhancements TAM E-SSO provides support for Oracle JInitiator version 1.3.x. A new JHO is provided which adds support for SUN's Java 1.1.8 JRE, when combined with Swing-1.1. This includes SUN's Java Plug-In 1.X and Oracle JInitiator 1.1.8.X (which is based on SUN's Java Plug-IN). Customizable Window Titles for Primary Logon Methods New settings are available in the Administrative Console to customize the Window titles and subtitles for authentication dialogs. The settings are optional and can be set on the Advanced settings page for each primary logon method. Password Sharing Group Application Credentials Pre-Populated When adding a new logon for an application, if the application is part of a password sharing group, the credentials are pre-populated in the following fashion: When adding the application logon, TAM E-SSO determines if the application is part of a password sharing group. If an application has already been configured within this group, the credential fields are pre-populated with the data found in the first configured application from the same sharing group. The password field is grayed out and cannot be changed. For example, a user launches the first application in a password sharing group and is prompted to enter the user id, password, and any additional credential fields. These credentials are then stored and provided to the application. When the user launches the second application in the group, all fields from the first application are pre-populated. The user can retype or supplement the credentials, with the exception of the password field, which is populated and grayed out. If the first application has fewer fields than the application currently being configured, the additional fields are left blank. Initial Credential Storage Prompt Auto-populates Drop-down Boxes The TAM E-SSO initial credential storage prompt auto-populates drop-down boxes with data from Windows or Web applications. If an application provides a drop-down list, TAM 2 Release Notes
What s New E-SSO duplicates this list when requesting application credentials from users. For example, when adding an application logon through the Add New Logon Wizard (for either a Web or Windows application), if the application contains a drop-down list, TAM E-SSO copies the data from the application's list into the TAM E-SSO Add New Logon Wizard s fields. Note: This is supported for the Third and Fourth fields. It is not supported for the User ID or Password field. Configuration Objects Merged in Multi-Sync Environment The synchronization manager merges Configuration Objects in environments with multiple syncs. For example, if there are two ADAM instances with a CO on each, TAM E- SSO merges the CO's in the sync manager. New Deployment Options Available Two new deployment options have been added to the TAM E-SSO installer which will install TAM E-SSO without MDAC version 2.8 or JET version 4.03. The options are: MDAC - Whether to install MDAC version 2.8: YES or NO JET - Whether to install JET version 4.03: YES or NO For example: setup.exe /s /v"/qn MDAC="NO" setup.exe /s /v"/qn JET="YES" New Windows v2 Customizable Passphrase Dialog A new customizable pop-up dialog that precedes the passphrase initialization dialog for Windows v2 has been added. New settings are available in the Administrative Console (Global Agent Settings > Primary Logon Methods > Windows v2 > Advanced) that allow the text to be defined for the dialog. The dialog appears immediately before asking for a user's passphrase for the first time and asks if the user understands the importance of the passphrase question. The user must check a box agreeing to the terms in order to continue the process of creating a passphrase. New SSOLauncher Command A new command-line, /SSOCOMMAND LOGON, has been added to the SSOLauncher. This is used to initiate a command to the TAM E-SSO "Logon Using TAM E-SSO" trigger, located in the TAM E-SSO system tray icon. 3 Release Notes
Open Issues Open Issues This section describes issues that remain open in this release. The table lists the issue and a detailed description, if applicable. Issue Description TAM E-SSO Administrative Console Exception Error TAM E-SSO Agent Password Sharing Group Running a Repair Additional Logons Java Applet Logon Chooser Title Bar Icon A program exception error occurs when changing desktop appearance from Windows Classic style to Windows XP style and then back to Windows Classic style. Changing applications from one password sharing group to another may cause problems. The workaround is to create a new group or a new configuration. When running a repair on TAM E-SSO, the size displayed in the Add/Remove Programs dialog shows an increase of 30mb each time the repair is run. After adding additional logons through the "Add Another Logon" checkbox, the Logon Chooser only shows the first logon created with the correct application name (for Web applications only). For example, the first entry is Sign In - Yahoo! and the second entry appears as 'yahoo.com'. Incorrect functionality of Logon Using in the Java Applet. This occurs if auto-recognize is turned off and the title bar icon is turned on. In this scenario, the Agent does not provide credentials if you click Logon using TAM E-SSO. Logon Chooser may briefly flicker when an error loop is working. On the Title Bar Button drop-down menu, the "Add Logon" option does not respond if a Host emulator is being used. 4 Release Notes
Technical Notes Technical Notes Synchronization Database support requires that client connectivity support be installed for the specific database(s). Event Manager The XML log file plug-in continually expands/appends file; log file should be cleaned up periodically (from the user s AppData\Passlogix folder) if it is used as part of a solution. Logon Support Embedded browser support, such as from within Lotus Notes, requires that IE 6.0 be installed. It is not consistent with previous versions of the browser. Under Windows Server 2003 (as well as Windows XP SP2), browser helper object support is (or can be) turned off; this security setting is no longer required to be on for TAM E-SSO to function properly and can be turned off if it is no longer needed. Backup/Restore Conflicts may occur when using Backup/Restore functionality in conjunction with synchronizer usage; it is not suggested that a deployed solution utilize both mechanisms and that Backup/Restore only be used in Stand-alone installations. Java Sun Plug-in Applets The Java Applet using Java Sun Plug-in 1.1.3 must be clicked on before the TAM E-SSO Agent responds to it. The plug-in loads the JHO only after the user clicks into the applet UI. Oracle JInitiator 1.1.8.X functions without this problem. Product Documentation The following documents support this product: SSOAdmin Guide TAM E-SSO User Guide 5 Release Notes
Contacting Customer Support Contacting Customer Support Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web address: http://www.ibm.com/software/support If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web address: http://techsupport.services.ibm.com/guides/handbook.html The guide provides the following information: Registration and eligibility requirements for receiving support Telephone numbers, depending on the country in which you are located A list of information you should gather before contacting customer support 6 Release Notes
Appendix. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user s responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Copyright IBM Corp. 2006 1
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM s application programming interfaces. 2 IBM Tivoli Access Manager for Enterprise SingleSign-On: Release Notes
If you are viewing this information softcopy, the photographs and color illustrations may not appear. Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 IBM IBM logo Tivoli Tivoli logo Universal Database WebSphere z/os zseries Lotus is a registered trademark of Lotus Development Corporation and/or IBM Corporation. Domino is a trademark of International Business Machines Corporation and Lotus Development Corporation in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others. Appendix. Notices 3
4 IBM Tivoli Access Manager for Enterprise SingleSign-On: Release Notes
Printed in USA SC32-2296-00