Embed Size (px)
Citation preview
Tivoli® Access Manager for Enterprise Single Sign-On
Provisioning Adapter Release Notes
Version 6.0
SC32-2006-00
���
Tivoli® Access Manager for Enterprise Single Sign-On
Provisioning Adapter Release Notes
Version 6.0
SC32-2006-00
���
Note:
Before using this information and the product it supports, read the information in “Notices,” on page 9.
First Edition (September 2006)
This edition applies to version 6, release 0, modification 0 of IBM Tivoli Access Manager for Enterprise Single
Sign-On (product number 5724-N70) and to all subsequent releases and modifications until otherwise indicated in
new editions.
© Copyright International Business Machines Corporation 2006. All rights reserved.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Release Notes
IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter Version 6.00 September, 2006
IBM is releasing version 6.00 of IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter (TAM E-SSO: Provisioning Adapter). These release notes provide important information about this release. The information in this document supplements and supersedes information in the TAM E-SSO: Provisioning Adapter product documents. The following topics are discussed:
What’s New................................................................................................................................2 Technical Notes .........................................................................................................................3 Resolved Issues.........................................................................................................................4 Open Issues ...............................................................................................................................5 Product Documentation .............................................................................................................6 Contacting Customer Support....................................................................................................7
What’s New
What’s New
TAM E-SSO: Provisioning Adapter delivers a secure, easy to use and easy to administer solution to provision user credentials to TAM E-SSO. It enables administrators to directly distribute, modify and delete credentials to TAM E-SSO without end-user involvement. TAM E-SSO: Provisioning Adapter is an extension to TAM E-SSO. These topics describe the major new features of this product.
What’s New in 6.00
New Java CLI
A new Java CLI expands support of scripting and applications to non-Windows platforms.
Expanded CLI functionality
Full support for all TAM E-SSO: Provisioning Adapter Server operations are implemented in the .NET CLI and Java CLI.
Provisioning Adapter API Support
The Java and .Net API libraries provide third parties the ability to build their own solutions using the TAM E-SSO: Provisioning Adapter provisioning system.
Built on .NET 2.0
TAM E-SSO: Provisioning Adapter now leverages the power of .NET 2.0 and Web Service Enhancements (WSE) 3.0 to improve the performance and management of Web services.
Support for Oracle Internet Directory
TAM E-SSO: Provisioning Adapter now provides full support for Oracle Internet Directory as an SSO repository.
Support for Oracle Database Management System
TAM E-SSO: Provisioning Adapter now provides full support for Oracle Database Management System as a target for Event Logging. Please refer to the configuration instructions on in the TAM E-SSO: Provisioning Adapter Administrator’s Guide.
2 Release Notes
Technical Notes
Technical Notes
TAM E-SSO: Provisioning Adapter does not support File Sync or DB Sync.
Multiple Locators require a matching application configuration list (entlist) at each locator site. If two users are located under different containers (CN) or organizational units (OU), an entlist must exist at each locator site in order for provisioning to work down to the client. The matching entlists must exist under both CNs/OUs that store the user credentials.
In a case where Active Directory and ADAM are used, it is recommended that the TAM E-SSO: Provisioning Adapter Server is joined to the same domain as the SSO users it will be managing.
For provisioning to take place, the system time of the TAM E-SSO: Provisioning Adapter server and the SSO clients should be synchronized. If joined to the same domain this will be handled automatically by the Domain Controller.
When using Java 1.4 for CLI provisioning, the Java path must be added to the Windows “Environment” path.
The IIS Default Web Site “Connection Timeout” value must be increased if more than 5000 users are going to be populated in the TAM E-SSO: Provisioning Adapter Console. The recommended starting value 300 (5 minutes). This value may need to be increased based on number the number of users.
3 Release Notes
Resolved Issues
Resolved Issues
This section describes issues that were reported in earlier releases of TAM E-SSO: Provisioning Adapter and have been resolved in this release:
Issue Description TAM E-SSO: Provisioning Adapter Console not displaying all user logons
TAM E-SSO: Provisioning Adapter Console did not display all Logons for a user; it only displayed logons where a matching application configuration template existed, therefore logons could only be deleted if they were in this template.
TAM E-SSO: Provisioning Adapter not properly restricting access to the Console
TAM E-SSO: Provisioning Adapter failed to restrict access to the Console using a web.config file when the backend was accessed through LDAP.
Sun Directory Server access rights too restrictive
When using Sun Directory Server, the access rights placed on the TAM E-SSO: Provisioning Adapter Web Service's People folder, and objects underneath that folder, were too restrictive. Users, other than the Directory Manager, experienced difficulty connecting to the directory service because of these restrictive access rights. A new registry setting has been added that alleviates the access rights issue for Sun Directory Server (Admin Group DN).
Active Directory user names containing commas not supported
TAM E-SSO: Provisioning Adapter did not support Active Directory user names that contained commas (i.e. "Smith, John"). If a comma was present, TAM E-SSO: Provisioning Adapter failed to recognize the name.
'first.lastname' format not handled properly
When used with ADAM, the TAM E-SSO: Provisioning Adapter Service did not correctly handle usernames in the 'first.lastname' format.
TAM E-SSO: Provisioning Adapter Server InstallShield cannot redirect installation
When installing the TAM E-SSO: Provisioning Adapter Server, if a location was selected to install the TAM E-SSO: Provisioning Adapter Server files (through a custom installation), the files were still installed in the default location (C:\Program Files\Passlogix\v-GO PM\...).
TAM E-SSO: Provisioning Adapter Server time-out error
A time-out error was thrown when searching for users in an ADAM repository. The timeout value in searches is now infinite.
Delete_credential command not working properly
This issue occurred when using the TAM E-SSO: Provisioning Adapter CLI. The delete_credential command should only require an application and sso_userId; all other parameters should be optional. Users were unable to delete all credentials with a particular application name for a particular user from the CLI.
Only add instructions getting provisioned
This issue occurred when using the TAM E-SSO: Provisioning Adapter CLI. When provisioning "add" and "modify" instructions for the same application, only the "add" instruction gets provisioned.
4 Release Notes
Open Issues
Open Issues
This section describes issues that remain open in this release. The table lists the issue and a detailed description, if applicable.
Issue Description/Workaround Entlist cannot be found Note: This only applies to Active Directory storage.
TAM E-SSO cannot locate the Entlist when any form of the word "People" is used in the "User Path(s)" field and "Locate in User" is enabled.
These settings are configured on the Storage page under the Settings tab in the TAM E-SSO: Provisioning Adapter Management Console.
To workaround this issue:
•
•
Use Configuration Objects instead of Entlists if "Locate in User" is enabled. OR Do not create folders with any form of the word "People" in the name. For example, "mypeople", "yourpeople", "peoplesoft", etc.
5 Release Notes
Product Documentation
Product Documentation
The following documents support this product: TAM E-SSO: Provisioning Adapter Installation and Setup Guide TAM E-SSO: Provisioning Adapter Administrator Guide TAM E-SSO: Provisioning Adapter CLI Guide TAM E-SSO: Provisioning Adapter .Net CLI/SDK Guide TAM E-SSO: Provisioning Adapter Java CLI/SDK Guide TAM E-SSO: Provisioning Adapter Certificate Setup Guide TAM E-SSO: Provisioning Adapter TIM Integration and Installation Guide TAM E-SSO: Provisioning Adapter SIM Integration and Installation Guide TAM E-SSO: Provisioning Adapter SIM Integration and Installation Guide using the Java
CLI Guide
6 Release Notes
Contacting Customer Support
Contacting Customer Support
Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web address:
http://www.ibm.com/software/support
If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web address:
http://techsupport.services.ibm.com/guides/handbook.html
The guide provides the following information:
• Registration and eligibility requirements for receiving support
• Telephone numbers, depending on the country in which you are located
• A list of information you should gather before contacting customer support
7 Release Notes
Appendix. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM® representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2006 9
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
The following terms are trademarks or registered trademarks of International
Business Machines Corporation in the United States, other countries, or both:
AIX
DB2
developerWorks
eServer
IBM
iSeries
Lotus
Passport Advantage
pSeries
RACF
Rational
Redbooks
Tivoli
WebSphere
zSeries
Microsoft®, Windows®, Windows NT®, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.
10 IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter Release Notes
Intel®, Intel Inside® (logos), MMX and Pentium® are trademarks of Intel
Corporation in the United States, other countries, or both.
UNIX® is a registered trademark of The Open Group in the United States and
other countries.
Linux® is a trademark of Linus Torvalds in the U.S., other countries, or both.
Java™ and all Java-based trademarks are trademarks of Sun
Microsystems, Inc. in the United States, other countries, or
both.
Other company, product, and service names may be trademarks or service marks
of others.
Appendix. Notices 11
12 IBM Tivoli Access Manager for Enterprise Single Sign-On: Provisioning Adapter Release Notes
����
Printed in USA
SC32-2006-00
