Release Notes › Policy Server Release Notes › New Features in 12.52

New Features in 12.52

This section contains the following topics:

Administrative UI New Look and Feel

Enhanced Session Assurance with DeviceDNA™

Enhanced User Disambiguation Using Windows and Kerberos Authentication

CA Directory Password Policy Control

Administrative UI New Look and Feel

The CA SiteMinder® Administrative UI is now refreshed to meet the CA standard for controls, fonts, colors, icons, and images. Frames now use the accordion-style navigation for simpler menu selections. The steps in the configuration wizards have a new, more colorful look. Both changes improve the navigation and ease of configuration.

Enhanced Session Assurance with DeviceDNA™

This release introduces Enhanced Session Assurance with DeviceDNA™

Enhanced Session Assurance with DeviceDNA™ helps prevent unauthorized users from hijacking legitimate sessions with stolen cookies. The session clients are validated using the unique DeviceDNA™ that the product collects from the system of the user. This validation assures that the client who initiated the session is the same client that is requesting access. Users lacking valid DeviceDNA™ are denied access to protected resources.

For more information, see the Policy Server Configuration Guide.

Enhanced User Disambiguation Using Windows and Kerberos Authentication

This release includes the following enhancements to support user disambiguation for Windows and Kerberos authentication:

• A Kerberos authentication scheme template is available from the Policy Server. You can select this scheme in the Administrative UI for resources that CA SiteMinder® protects. The addition of this scheme allows the user to configure Kerberos Authentication from the Administrative UI. See the updated chapter on Kerberos authentication in the Policy Server Configuration Guide.
• The User DN Lookup field has been modified in the Windows Authentication template, and also included in the new Kerberos Authentication template. This addition is so that these configuration schemes can honor the lookup start and end attributes in a search filter. Previously, the two input formats were:

  AD/LDAP Lookup Format:

  CN=%{UID},CN=Users,DC=%{DOMAIN},DC=com

  AD/LDAP Search Format:

  (sAMAccountName=%{UID})

  The new format is any combination of variables UID and DOMAIN without any supporting attribute names:

   %{UID}

  %{UID}@{DOMAIN}

• The User Directory object has been enhanced to include the User Object and User Class fields for the LDAP search. This addition is to support cross-repository identity mapping.

CA Directory Password Policy Control

You can configure the Policy Server to honor the CA Directory password policies. The Policy Server, together with a properly configured Web Agent, can send configured warnings and notifications that are based on the directory password policies to end-users.