| CA Technologies |
3.0 eTrust SSO Server
3.1 Defects Fixed in CR08
3.2 Defects Fixed in CR07
3.3 Defects Fixed in CR05
3.4 Defects Fixed in CR04
3.5 Defects Fixed in CR01
3.6 Enhancements
3.6.1 CR07
3.6.2 CR06
3.6.3 CR05
3.6.4 CR04
3.6.5 CR03
4.0 eTrust SSO Client
4.1 Defects Fixed in CR08
4.2 Defects Fixed in CR07
4.3 Defects Fixed in CR04
4.4 Defects Fixed in CR03
4.5 Defects Fixed in CR02
4.6 Defects Fixed in CR01
4.7 Enhancements
4.7.1 CR06
4.7.2 CR05
4.7.3 CR04
4.7.4 CR03
4.7.5 CR02
4.7.6 CR01
4.8 Known Issues
4.8.1 CR05
4.8.1.1 Cannot Connect to IE7 without specifying an URL with the html_browse extension
4.8.1.2 Cannot Connect to a URL using html_connect Extension if the Username is Administrator
4.8.2 Icons for Disabled and Offline Applications Are Not Grayed Out
5.0 Policy Manager
5.1 Defects Fixed in CR04
5.2 Enhancements
5.2.1 CR05
5.3 Known Issues
5.3.1 Policy Manager Registry Keys are Deleted After Upgrading the eTrust SSO Server
6.0 Certificate Authentication
6.1 Defects Fixed in CR03
6.2 Defects Fixed in CR02
6.3 Enhancements (Certificate Authentication)
6.3.1 CR05
7.0 LDAP Authentication
7.1 Enhancements
7.1.1 CR05
8.0 RSA Authentication
8.1 Enhancements
8.1.1 CR05
9.0 Windows Authentication
9.1 Defects Fixed in CR01
9.2 Enhancements
9.2.1 CR05
10.0 Active Directory Listener
10.1 SSO--Defects Fixed in CR06
10.2 Defects Fixed in CR02
10.3 Defects Fixed in CR01
10.4 Enhancements
10.4.1 CR05
11.0 Password Synchronization Agent
11.1 Defects Fixed in CR04
11.2 Defects Fixed in CR01
11.3 Enhancements
11.3.1 CR05
12.0 Application Wizard
12.1 Defects Fixed in CR04
12.2 Defects Fixed in CR01
12.3 Enhancements
12.3.1 CR05
13.0 eTrust SSO Integration Kit
13.1 Defects Fixed in CR04
13.2 Enhancements
13.2.1 CR05
13.2.2 CR03
13.2.3 CR02
13.2.4 CR01
14.0 Session Administrator
14.1 Enhancements
14.1.1 CR05
14.1.2 CR01
15.0 PSLang
15.1 Enhancements
15.1.1 CR05
Welcome to the eTrust SSO r12.0 readme. This readme contains issues and other information discovered after publication. The known issues, enhancements, and list of fixed defects for each CR are arranged component wise. For a complete list of the known issues for this release and details about how the features and enhancements for this release might affect you, see the eTrust SSO r12 Release Notes.
For latest information about platforms, CA products, and third-party software that eTrust SSO components support, see the Compatibility Matrix on the Technical Support site: http://ca.com/support.
The support for the following operating systems are provided for all the components in the build release number 12.0.0.8:
The following issues are fixed in this release:
| Problem ID | Description | Resolution |
|---|---|---|
| 1103 | The Watchdog service becomes unresponsive randomly. When the service is manually restarted, the problem does not reoccur. | This issue is fixed. The default value of WDOnlineChecksMode has been changed to zero (0). |
| 1105 | When upgrading to 12.0 CR7, "EnforcePasswordPoliciesInLearnMode" option is not available in Policy Manager. | This issue is fixed. The required entries are added in the AccessControl database. Now, the “EnforcePasswordPoliciesInLearnMode” option is available in Policy Manager. |
| 1107 | When SSO 8.0 Clients connect to SSO Server 12.0, CPU utilization of 12.0 Server is High, when compared to SSO 8.1 Server. | This issue is fixed. |
| 1108 | SSO installation fails due to the presence of same version of CA Directory, which is bundled with SSO Server installer. | This issue is fixed. A check is provided in the SSO Server installer to confirm whether CA Directory of the same version is already installed. |
The following eTrust SSO Server defect is fixed in the build release number 12.0.0.5070:
| Problem ID | Description | Resolution |
|---|---|---|
| 1037 | In the learn mode, the eTrust SSO Server does not enforce password policies. | This issue is fixed. You can now configure the eTrust SSO Server to enforce password policies in the learn mode. Note: For more information about how to configure the eTrust SSO Server to enforce password policies in the learn mode, see the Enhancements to the eTrust SSO Server topic in this guide. |
| 1049 | During the eTrust SSO Server installation on Windows 2008, the DSAs fail to start with the following message: "DSA has multiple interfaces that resolve to the same address". |
If the Windows 2008 Server is configured to use IPv4 and IPv6 interfaces, the DSAs fail to start as the hostname in the DSA configuration resolves to the IPv4 and IPv6 interfaces. This issue is fixed now. The DSA now resolves to only one interface. |
| 1068 | During user logout, the session tokens are not deleted from the memory. So, memory leaks in the eTrust SSO Server | This issue is fixed. During user logout, the session tokens are deleted from the eTrust SSO Server memory. |
The following eTrust SSO Server defect is fixed in the build release number 12.0.0.5064:
| Problem ID | Description | Resolution |
|---|---|---|
| 963 | If you upgrade the eTrust SSO Server it breaks the unique IDs of the Watchdog service. | Watchdog Service now installed with a unique account ID in server farm setup. |
The following eTrust SSO Server defect is fixed in the build release number 12.0.0.5059:
| Problem ID | Description | Resolution |
|---|---|---|
| 963 | If you upgrade the eTrust SSO Server it breaks the unique IDs of the Watchdog service. | Watchdog Service now installed with a unique account ID in server farm setup. |
The following eTrust SSO Server defects are fixed in the build release number 12.0.5038:
| Problem ID | Description | Resolution |
|---|---|---|
| 865 | Unable to add the eTrust SSO Server performance counters to Windows Performance Monitoring service PerfMon.msc. | This issue is fixed. You can now add the eTrust SSO Server performance counters to PerfMon.msc. |
| 872 | When eTrust SSO Server is installed on a server with a locale that is not certified, login to the Policy Manager fails with the following error: Failed to unpack data |
This issue is fixed. If you install the eTrust SSO Server with a locale that is not certified, the locale is set to the default locale, ENU. |
A new property EnforcePasswordPoliciesInLearnMode is added to the Policy Manager properties to let you enforce password policies in the learn mode.
To configure the eTrust SSO Server to enforce password policies
The Resources window appears.
The list of Policy Server settings opens in the right pane.
The View or Set GPSCONFIGPROPERTY Properties - Settings dialog opens.
Note: The default value of this property is set to Yes. If you set this property value to No, the eTrust SSO Server does not enforce password policies during the learn mode.
The eTrust SSO Server is configured to enforce password policies.
The CR06 build number 12.0.0.5068 includes the following enhancement:
A new parameter CreateUserAPPLCache is added to the psbgc.ini file.
Specifies that the psbgc utility requests the SSO Server to cache authorization rules to build the application lists.
Value: [Yes|No]
Specifies that the psbgc utility retrieves and caches the user-application list.
Specifies that the psbgc utility does not cache the user-application list.
Default: No
Note: We recommend that you set the CreateUserAPPLCache to Yes for increased performance under heavy loads on the eTrust SSO Server.
The CA SSO Server CR05 build embeds the following components in build release number 12.0.0.5064:
The CR04 build includes the following enhancements:
Note: To display a user attribute on the eTrust SSO GINA dialog, you must identify the attribute using the DisplayName_USER@<datastore> property and you must also set the DisplayCustomName attribute in the Client.ini file. For more information about the DisplayCustomName attribute, see the enchancements section of SSO Client CR04.
The Resources window appears.
The Create New USER_ATTR Resource - General dialog appears.
Name
Specify DisplayName_USER as the name of the attribute.
Data Store
Specify a user directory where the user attributes are stored. Click Browse to select the user directory.
DBField
Specify the user attribute that you want to display on the eTrust SSO GINA dialog.
The user attribute is created.
The CR03 build includes the following enhancements:
PSMaint.cmd -start WD PSMaint.cmd -stop WD
The following issues are fixed in this release:
| Problem ID | Description | Resolution |
|---|---|---|
| 1093 | When ssoLaunchbar.exe is launched, the system crashes with a blue screen | This issue is fixed. SSOEvents is modified to make it thread-safe. |
| 1094 | Cert Authentication hangs during UPN name-mapping. | This issue is fixed. The local allocated memory is freed with corresponding free API. |
| 1096 | When the SSO Client service is started, it hangs. | This issue is fixed. |
| 1098 | When SSO launches the browser-based application and if you close the browser before the application is completely loaded, the script interpreter crashes. | This issue is fixed. All calls to Release() function on pointers to COM objects are now guarded. |
| 1099 | After the SSO Client r12.0 is installed, a significant delay is noticed in the startup of the Windows OS. | This issue is fixed. Now, winlogon.exe uses the SSO events asynchronously. |
| 1104 | The system crashes while taking control of the "password change" screen from your Oracle web form application. | This issue is fixed. NULL check has been applied while taking control of the "password change" screen. |
| 1106 | A delay is observed when a fast user switching on Windows 7. | This issue is fixed. Code is modified to send a logoff notification to the LogonUI.exe. |
The following eTrust SSO client defects are fixed in the build release number 12.0.0.5070:
| Problem ID | Description | Resolution |
|---|---|---|
| 1045 | The eTrust SSO tcl extensions getscrape and waittext do not support IE8. | This issue is fixed. The getscrape and waittext extensions now support IE8. |
| 1048 | The html_connect extension uses only the document title of a window to identify it. So, if you are using Window title as an input to the html_connect extension, you cannot connect to that window. | This issue is fixed. The html_connect extension is modified to connect to a window using both the window title and document title of a web page. By default, the html_connect extension uses the window title to identify a window. If you want to identify a window using the document title, use the newly added key, -doctitle, with the html_connect extension. Note: For more information about the newly added option, see the html_connect extension description in the tcl Scripting Reference Guide. |
| 1050 | The eTrust SSO interpreter and the Application Wizard are unable to identify the controls from a web page. | This issue is fixed. If the web page does not have a window title, the eTrust SSO interpreter fails to connect to the web page. So, the Application Wizard cannot identify the controls on that web page. This issue is fixed. If the web page does not have a window title, the eTrust SSO interpreter uses the URL of the web page to connect to it. |
| 1051 | If you enter a noncompliant password in the learn mode, a progress window "Setting application password" appears in the background. | This issue is fixed. |
| 1066 | The eTrust SSO interpreter extension type does not support Unicode characters when you are using a remote desktop connection in a full screen mode. | This issue is fixed. You can now use the eTrust SSO interpreter to type Unicode characters. |
| 1075 | eTrust SSO credentila provider does not automatically login users even if DefaultPassword value is specified in clear text in the following registry key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
This issue is fixed. |
| 1076 | The value for the Token code field in the RSA Authentication dialog is not masked. | This issue is fixed. To mask the Token code field value, set the value of the HidePinInputField in the Auth.ini file to Yes. |
| 1077 | If the [PasswordDialogLabels] section in the Client.ini file does not contain any parameters, the eTrust SSO interfaces such as the Launchbar, Tools, and GINA crash. | This issue is fixed. |
The following eTrust SSO client defects are fixed in the build release number 12.0.0.5058:
| Problem ID | Description | Resolution |
|---|---|---|
| 954 | eTrust SSO must not prompt users to reauthenticate when Windows authentication method is configured with AutoNetworkAuth=yes. | A new configuration parameter "SuppressExpirationNotification" is added to the Client.ini. SuppressExpirationNotification Controls the display of the dialog that states "Please re-authenticate to continue this SSO operation" to users.
|
| 955 | Error invoking legacy 16-bit application from launchbar | This issue is fixed. The error in invoking legacy 16-bit application from launchbar is corrected. |
| 956 | The html_selectitem extension does not simulate mouse clicks. | This is issue is fixed. Added support to fire Onchange event for html_SelectItem. |
| 958 | In eTrust SSO-Citrix integration or in a remote session, eTrust SSO does not generate SSO TK cookies upon successful login. So, the eTrust SSO-SiteMinder integration fails. | This issue is fixed. eTrust SSO generates cookies for remote sessions for all agents except when the authentication method is set to Citrix. |
| 959 | PwdEncUtil.exe encrypts user information available in the default user directory only. | PwdEncUtil.exe encrypts user information available in all the user data stores. |
| 960 | If the smartcard used for authentication is removed during a login through GINA, the user is authenticated even if the option scremove is set to 1. | This issue is fixed. If you remove the smartcard during the Windows login process, the workstation is locked or logged off according to the settings of scremove option.
|
| 962 | Increase in engsvc.exe memory usage. | Handle leak in engine service is corrected. |
| 965 | HTML_BROWSE -grab extenstion | Added a new option "grab" to html_browse command to specify whether to grab the html page. The default value is TRUE i.e the page will be scraped by default if -grab is not specified. Following values can be used: Value: [y|n] Default: y |
| 966 | HTML_BROWSE -size extenstion | A new extension "size" is added to html_browse command to specify how IE should be displayed when launched. Following values can be used |
| 967 | Pop-up disabled during offline
|
Added a new entry "DisplayOfflineModeConfirmation" in OfflineOperation section in the client ini file. If it is set to yes, user is prompted that server is offline and waits for user input to continue or abort the login process. If it is set to no, there will not be any prompt and user will work offline.
|
| 985 | When you upgrade from eTrust SSO Client from r8.1 to r12, the installer prompts users to change the install folder. The installer does not upgrade the eTrust SSO Client to the same location. | This issue is fixed. The installer upgrade the eTrust SSO Client using the same folder structure as in earlier releases. |
| 987 | The file C:\Program Files\CA\Single Sign-On\Client\cfg\Configuring the SSO Client.html contains information related to SSO r8.1. | This issue is fixed. The file is updated to reflect SSO r12 information. |
The following eTrust SSO client defects are fixed in the build release number 12.0.0.5056:
| Problem ID | Description | Resolution |
|---|---|---|
| 942 | When users start a computer and insert their smart cards for authentication, the Authentication ‑ Certificate dialog opens, but the cursor focus is not set to the password field. | This issue is fixed. When users insert a smart card, the Authentication - Certificate dialog opens and the cursor focus is set to the Password field. |
| 936 | Winlogon.exe crashes when you install eTrust SSO Client on computers where SafeBoot is also installed. | This issue is fixed. winlogon.exe no longer crashes. |
| 928 | eTrust SSO applications configured to launch on Windows startup fail to launch with the following error: cannot retrieve variables |
This issue is fixed. eTrust SSO applications no longer fail to launch on Windows startup. |
| 926 | When using certificate authentication, if you logoff Windows and insert smart card for reauthentication, eTrust SSO Client does not recognize the smart card. | This issue is fixed. eTrust SSO Client recognizes smart cards if you logoff Windows and re-insert the smart card. |
The following CA SSO client defects are fixed in the build release number 12.0.0.5048:
| Problem ID | Description | Resolution |
|---|---|---|
| 893 | When users launch applications through a Citrix Metaframe Server, the memory usage of engsvc.exe increases incrementally. | This issue is fixed. engsvc.exe does not increase its memory usage when users launch applications through Metaframe server. The following new configuration section [SessionCleanup] is added to Client.ini to enable orphan token cleanup process in engine service:
|
| 912 | Users can use their smart cards with only one smart card reader to authenticate with CA SSO Client. Users cannot use a smart card with more than one smart card reader to authenticate with CA SSO | This issue is fixed. Users can use their smart cards with any Smart Card Reader to authenticate with CA SSO Client. |
The following CA SSO client defects are fixed in the build release number 12.0.5041:
| Problem ID | Description | Resolution |
|---|---|---|
| 836 | If the certificate store path is invalid, the CA SSO Client displays inaccurate error messages during certificate authentication. | A new error message is included to reflect the validity of certificate path entries in the Auth.ini file. |
| 842 | The SSO PWDBOX extension displays an inaccurate and confusing error message when users change passwords and the new password and confirm password fields do not match. | This issue is fixed. The error message format is changed to the same format used in CA SSO r8.0. |
| 850 | Launchbar crashes when retrieving container applications that have only one application. | This issue is fixed. Upgrade your CA SSO client installation to CA SSO r12.0 CR01. |
| 868 | CA SSO Client installation fails when you try to install the CA SSO client on a server with unsupported versions of Citrix MetaFrame Servers. The installation must not fail but must let you to continue the installation even with unsupported versions of the Citrix MetaFrame Server. | This issue is fixed. The CA SSO Client installation proceeds even with unsupported versions of Citrix MetaFrame Server. |
| 870 | In a Citrix environment, the CA SSO interpreter crashes with exceptions when users try to log in. | This issue is fixed. The CA SSO interpreter no longer crashes with exceptions when users try to log in. |
| 871 | CA SSO GINA is not displayed during a remote desktop session and the login fails with the following error: Workstation Login Failed Windows could not log you on (reported error 0x57) Win32 Error: The parameter is incorrect. |
This issue is fixed. CA SSO GINA is available during a remote desktop session. |
| 876 | Roaming user profiles are not deleted. | This issue is fixed. The roaming profiles are now deleted |
| 882 | CA SSO Smartcard authentication does not support NetID software. | CA SSO Smartcard authentication now supports NetID software Two entries are added to [auth.CERT] section in auth.ini to address this issue.
|
| 888 | CA SSO GINA crashes when users try to unlock workstations that are not connected to a network domain. | This issue is fixed. The CA SSO GINA no longer crashes when users try to unlock workstations that are not connected to a network domain. |
| 889 | The following error is recorded in the CA SSO Interpreter logs when you use the Exit command in a login script: ERROR - error evaluating script |
This issue is fixed. The CA SSO Interpreter no longer returns an error merely because you use an Exit command in a login script. |
The following enhancements are made in the build number 12.0.0.5067:
Specifies if the eTrust SSO Client displays the PIN field in the RSA authentication dialog. Set the value to Yes to hide the PIN field. Set the value to No to display the PIN field.
Value: [Yes|No]
Default: No
PasswordFieldLabel
Specifies the label for the Password field.
Default: Password
VerifyPasswordFieldLabel
Specifies the label for the Verify Password Field.
Default: Verify Password
Specifies the password label.
Specifies the verify password field label.
The following enhancements are made to eTrust SSO Client in the build release number 12.0.0.5063:
In the Set Login Information dialog, the New Password field is renamed to Password.
Note: The following enhancement is valid on Windows Vista and Windows 7 in workstation modes 4 and 5 only.
You can now configure the eTrust SSO Client to limit the number of concurrent sessions on a workstation. To create a new session, the eTrust SSO Client does the following:
This eTrust SSO Client behavior is controlled by the following entries in the [CredentialProvider] section of the Client.ini file:
Specifies the maximum number of concurrent sessions allowed on a workstation. To enable this setting, enter a positive value. The positive value enables this setting and also indicates the limit on the number of concurrent sessions allowed on a workstation. This setting is disabled by default.
Default:0
Specifies the behavior of the eTrust SSO Client when the concurrent session limit is reached and user requests a new session.
Note: This setting is enabled only if the
MaxConcurentSessions setting is enabled.
Values: [0-1]
0 - Close Oldest Session
1 – Reject Logon
Default: 0
Specifies the applications that must not be logged off when
the maximum concurrent sessions limit is reached and user
requests a new session. The eTrust SSO Client monitors the
applications mentioned in this entry. If these applications
are running in a session, then that session is not logged
off even if it is the oldest session.
Example:
MonitorAppExes=C:\windows\system32\calc.exe,D:\Program
Files\Apps\def.exe
A new argument -newtab is added to the html_browse TCL extension to support tabs in IE7 and above.
Specifies if the URL is opened in a new tab of the existing IE instance. For IE 7 or IE 8, if the value is set to Y (Yes), the specified URL is opened in a new tab. If the value is set to N (No), the specified URL is opened in a new IE instance. For IE 6 and earlier versions of IE, the specified URL is always opened in a new IE instance irrespective of the value for this key.
Note: Tabs are not supported for admin users on Windows Vista if UAC is ON.
The following enhancements are made to eTrust SSO Client:
Specifies if the user attribute must be displayed on the eTrust SSO GINA dialog when the workstation is locked.
Value: [Yes|No]
Note: To display a user attribute on the eTrust SSO GINA dialog, you must identify the attribute using the DisplayName_USER@<datastore> property on the eTrust SSO Server and you must also set the DisplayCustomName attribute in the Client.ini file. For more information about the DisplayName_USER@<datastore>, see the enchancements section of SSO Server CR04.
eTrust SSO Client is enhanced to include certificate filtering. Certificate filtering helps you to filter user certificates based on certain certificate parameters and display only the filtered certificates to the users. This certificate filtering is useful when users have more than one certificate to authenticate using smart cards and users do not know which certificate to use. The following entries are added to the Auth.Cert section of the Auth.ini file to configure certificate filtering:
Specifies if eTrust SSO must filter certificates and display only the filtered certificates to the users.
Value: Yes|No.
Specifies that eTrust SSO filters and displays only the filtered certificates to the users. The other filtering related parameters are activated only if this option is set to Yes.
Specifies that eTrust SSO does not filter the certificates, but displays all the certificates to the users.
Default: No
Specifies the path to the namemapping DLL that implements the filter.
Value: path
Specifies the certificate parameter that the eTrust SSO Client uses for certificate filtering.
Value: [C|CN|DN|DNS|EMAIL|IP|L|O|OU|URI|UPN]
Default: CN
Specifies the value that is matched with the value of the parameter in MappingMethod. If this parameter matches the value for MappingMethod parameter, eTrust SSO Client displays only those certificates to the users.
Example: SHA1 value of thumb print
Specifies if eTrust SSO Client displays the list of filtered certificates to the users.
Value: Yes|No.
Specifies that eTrust SSO Client displays the list of filtered certificates to the users.
Specifies that eTrust SSO Client does not display the list of filtered certificates to the users. If you select this option, eTrust SSO Client uses the first certificate that matches the filter criteria to authenticate users.
Default: No
Specifies the filtering pattern that eTrust SSO Client uses to match the ExpectedValue parameter with the MappingMethod parameter.
Value: 0|1|2
Specifies that the entire string from the ExpectedValue is matched with the value of the certificate parameter specified in MappingMethod.
Specifies that the start of the string from the ExpectedValue is matched with the value of the certificate parameter specified in MappingMethod.
Specifies that ExpectedValue is treated as a substring and is matched with substrings of value of the certificate parameter specified in MappingMethod.
Default: 0
In CR02, the following enhancements are made to eTrust SSO Client:
The following enhancements are made to Credential Provider:
The following are the known issues in this release:
Valid on IE7 in protected mode on Windows Vista with UAC enabled
Symptom:
I cannot connect to IE7 without specifying an URL with the html_browse extension when IE7 is in a protected mode on a Windows Vista machine with UAC enabled.
Solution:
When you do not specify a URL with html_browse extension, eTrust SSO tries to open IE with the default home page. If the default home page is an unprotected URL and IE is set to work in a protected mode, html_browse cannot launch the URL. To launch the URL, add a protected URL as the default home page.
Valid on IE7 in protected mode on Windows Vista with UAC enabled
You cannot connect to a browser window using the html_connect extension if you are logged in as a user with the username Administrator when UAC and Protected mode are on with IE7 on Windows Vista.
Symptom:
The icons for disabled and offline applications are highlighted and are not grayed out in my application list.
Solution:
To gray out icons for disabled or offline applications, use the default eTrust SSO application icon. Use the following entry in the Launchbar section of Client.ini to set the eTrust SSO application icon as default for disabled applications:
Specifies that the default icon is displayed for disabled applications.
Value: [yes|no]
Default: no
The following eTrust SSO Policy Manager defects are fixed in the build release number 12.0.0.5058:
| Problem ID | Description | Resolution |
|---|---|---|
| 986 | Policy Manager cannot connect to the eTrust SSO Server over non-default communication ports. | This issue is fixed. The Policy Manager can now connect to eTrust SSO Server over non-default ports. |
| 948 | Silent installation and upgrade of Policy Manager fails on Windows XP | This issue is fixed. Silent installation of Policy Manager no longer fails. |
The Policy Manager CR05 build embeds the following components in build release number 12.0.0.5064:
The following section explaings the known issues with the Policy Manager.
Symptom:
When I upgrade the eTrust SSO Server from an earlier CR build to the current release, the Policy Manager registry key entries in the AccessControl – ClientType node are deleted and the Policy Manager does not work.
Solution:
Reinstall the Policy Manager after upgrading the eTrust SSO Server.
The following authentication agent defect is fixed in the build release number 12.0.0.5055:
| Problem ID | Description | Resolution |
|---|---|---|
| 945 | Sample source code required for customizing namemapping DLL are not packaged. | This issue is fixed. The sample source code for customizing namemapping DLLs are packaged. Instructions for customizing the namemapping DLL are included in the ReadMe.txt at the following folder: SampleNameMapping |
The following authentication agent defect is fixed in the build release number 12.0.0.5046:
| Problem ID | Description | Resolution |
|---|---|---|
| 911 | During certificate authentication, eTrust SSO truncates all characters after the symbol '@' in the User Principal Name from the smart card, and maps this truncated attribute to the userPrincipalName in Active Directory. So, the mappings do not match and authentication fails. | This issue is fixed. eTrust SSO does not truncate the User Principal Name before comparing the attribute with the userPrincipalName in Active Directory.
|
The following enhancements are made to the Certificate Authentication Agents in the build release number 12.0.0.5065 to support the following features:
New values added for the RevocationMeth parameter, in the CA_certtga.ini, to have a fallback mechanism are as follows:
For the above-mentioned methods, the user certificate is initially verified using first method (FIXED_OCSP or AIA_OCSP or CRLDP). In case of non-availability of the OCSP/CRLDP methods, it fall backs to CRL/CRLDP. For example, FIXED_OCSP_FALLBACK_TO_CRL will first check the user certificate using FIXED_OCSP and if OCSP is not available then only it checks with the CRL.
To support multiple values for FIXED_OCSP add different sections for OCSP in the CA_certtga.ini as follows:
OcspSignCert=
OcspSignCertPass=
OcspResponder=
TrustedPath=
TrustedNames=
OcspSignCert=
OcspSignCertPass=
OcspResponder=
TrustedPath=
TrustedNames=
To support multiple CRLs, add different sections for CRL in the CA_certtga.ini as given below:
CrlFileName=
CrlIssuerCert=
CrlFileName=
CrlIssuerCert=
The LDAP Authentication Agent CR05 build embeds the following components in build release number 12.0.0.5063:
The RSA Authentication Agent CR05 build embeds the following components in build release number 12.0.0.5064:
The following authentication agent defect is fixed in the build release number 12.0.5040:
| Problem ID | Description | Resolution |
|---|---|---|
| 877 | Unable to authenticate using Windows Authentication agents due to named pipe timeouts. | This issue is fixed. A new entry, NamedPipeTimeout is added to Connection section of CA_wintga.ini file of the WinAuth Agent.
|
The Windows Authentication Agent CR05 build embeds the following components in build release number 12.0.0.5063:
The following defect is fixed in the build release number 12.0.0.5067:
| Problem ID | Description | Resolution |
|---|---|---|
| 884 | After upgrading your version of Active Directory Listener to CR05, uninstalling it does not remove the libetpki*.dlls in the bin folder. | This issue is fixed. |
The following active directory listener defect is fixed in the build release number 12.0.0.5046:
| Problem ID | Description | Resolution |
|---|---|---|
| 884 | The maximum length of the Verify Password field for eTrust SSO Server administrator is 14 characters. So, if the eTrust SSO Server administrator password is longer than 14 characters the entries in the Password and Verify Password fields do not match and the installer aborts. | The maximum length for the Verify Password field related to eTrust SSO Server administrator is modified to accept long passwords. |
The following active directory listener defect is fixed in the build release number 12.0.5038:
| Problem ID | Description | Resolution |
|---|---|---|
| 884 | The maximum length of the Verify Administrator Password field in the Active Directory Listener installer is 14 characters. So, if the administrator password is longer than 14 characters the entries in the Password and Verify Password fields do not match and the installer aborts. | The maximum length for the Verify Password field is modified to accept long passwords. |
The Active Directory Listener CR05 build embeds the following components in build release number 12.0.0.5064:
The following password synchronization agent defect is fixed in the build release number 12.0.0.5059:
| Problem ID | Description | Resolution |
|---|---|---|
| 989 | When you uninstall the Password Synchronization Agent, the SingleSignOn key is not removed from the registry. | This issue is fixed. Uninstalling the Password Sychronization Agent removes the SingleSignOn key from the registry. |
The following password synchronization agent defect is fixed in the build release number 12.0.5041:
| Problem ID | Description | Resolution |
|---|---|---|
| 832 | Password filter blocks password changes to the Directory Services Restore Mode (DSRM) administrator account using ntdsutil command. | This issue is fixed. The password filter no longer blocks password changes for the DSRM administrator account. |
The Password Synchronization Agent CR05 build embeds the following components in build release number 12.0.0.5064:
The following application wizard defect is fixed in the build release number 12.0.0.5058:
| Problem ID | Description | Resolution |
|---|---|---|
| 988 | The Application Wizard is unable to interpret controls on the CA Support portal. | This issue is fixed. |
The following application wizard defect is fixed in the build release number 12.0.5039:
| Problem ID | Description | Resolution |
|---|---|---|
| 874 | Application Wizard generates errors when scripts contain a "\" (backslash). | This issue is fixed. Application Wizard now handles scripts containing a "\" (backslash) appropriately and no longer generates errors. |
The Application Wizard CR05 build embeds the following components in build release number 12.0.0.5063:
The following eTrust SSO Integration Kit is fixed in the build release number 12.0.0.5059:
| Problem ID | Description | Resolution |
|---|---|---|
| 984 | Retrieval of user application list using SSO Java SDK fails. | This issue is fixed. Information about JAVA SDK and its usage was provided to the users. |
The eTrust SSO Integration Kit CR05 build embeds the following components in build release number 12.0.0.5065:
The eTrust SSO integration kit build release no. 12.0.0.54 is enhanced to include the following documentation:
Note: For more information about the new API and SSOCLAPI error codes, see the eTrust SSO Integration Kit.
The eTrust SSO Integration Kit is enhanced to include the following:
The eTrust SSO Integration Kit consists of the following components:
The Session Administrator CR05 build embeds the following components in build release number 12.0.0.5064:
The eTrust SSO r12.0 CR01 Session Administrator is FIPS140-2 and IPv6 compliant.
The PSLang CR05 build embeds the following components in build release number 12.0.0.5063:
In CA SSO r12.0 CR03, CA SSO Client (build release number 12.0.0.5055) is localized in the following languages:
Note: If you run the product in a language environment not listed in the preceding list, you may experience problems.
Contact CA Support
For your convenience, CA Technologies provides one site where you can access the information you need for your Home Office, Small Business, and Enterprise CA Technologies products. At http://ca.com/support, you can access the following:
Provide Feedback
If you have comments or questions about CA Technologies product documentation, you can send a message to techpubs@ca.com.
If you would like to provide feedback about CA Technologies product documentation, complete our short customer survey, which is available on the CA Support website at http://ca.com/docs.
Copyright © [set copyright date variable] CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.