IBM Security Verify Adapter 10.0.1 for RSA Authentication Manager - Release notes
IBM Security Verify Adapter 10.0.1 for RSA Authentication Manager is available. Compatibility, installation, and other getting-started issues are addressed.
Installation and Configuration Notes
Customizing or Extending Adapter Features
These Release Notes contain information for the following products that was not available when the IBM Security Verify Server manuals were printed:
· Installation and Configuration Guide for IBM Security Verify Adapter for RSA Authentication Manager
The IBM Security Verify Adapter for RSA Authentication Manager is designed to create and manage accounts user accounts in the RSA Authentication Manager server. The adapter runs in "agentless" mode and communicates with the RSA Authentication Manager through Enterprise Java Beans (EJBs).
IBM recommends this adapter (and the prerequisite Security Directory Integrator) be installed on each node of an IBM Security Verify Server WebSphere cluster. A single copy of the adapter can handle multiple IBM Security Verify Server services. The deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Server Provisioning Policies and Approval Workflow process. Please refer to IBM Security Verify Adapters Knowledge Center for a discussion of these topics.
IBM Security Verify Server adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from IBM Security Verify Server will fail if the adapter is not given sufficient authority to perform the requested task. IBM recommends that this adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Adapter License prior to using this product. The license can be viewed from the "license" folder included in the product package.
Component |
Version |
Release Date |
2021 March 10 22.49.45 |
Adapter Version |
10.0.1 |
Component Versions |
Adapter build: 10.0.1.86 Profile: 10.0.1.86 Connector: 10.0.1.86 Dispatcher: 7.1.40 |
Documentation |
The following guides are available in the IBM Security Verify Adapters Knowledge Center: · Installation and Configuration Guide for IBM Security Verify Adapter for RSA Authentication Manager · User Guide for IBM Security Verify Adapter for RSA Authentication Manager |
Internal# |
Enhancement # (RFE) |
Description |
|
|
Items included in the current release (10.0.1) |
|
ADAPT-119 |
RSA SecurID Authentication Manager 8.7 is supported |
RTC 188277 |
|
RSA Authentication Manager 8.5 is supported |
|
|
Items included in the release (7.1.19) |
RTC 184345 |
|
RSA Authentication Manager 8.4 is supported |
|
|
Items included in the release (7.1.18) |
RTC 154247 |
|
RSA Authentication Manager 8.2 is supported. RSA Authentication Manager 8.1.1 is supported.
|
|
|
Items included in the release (7.1.17) |
RTC 152138 |
|
Add Support for Identity Governance and Intelligence (IGI) v5.2.2
This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence.
|
|
|
Items included in the release (7.0.16) |
|
36429 (71209) 40202 (80833) |
ISIM RSA on-demand token support RSA Authentication Manager Adapter v6.0.15 On-Demand provisioning
|
|
|
Items included in the release (7.0.15) |
|
|
Initial release
|
Internal# |
APAR# |
Case# / Description |
|
|
Items closed in the current release (10.0.1) |
|
|
None |
|
|
Items closed in the release (7.1.19) |
|
|
None |
|
|
Items closed in the release (7.1.18) |
|
|
None |
|
|
Items closed in the release (7.1.17) |
|
|
None |
|
|
Items closed in the 7.0.16 release |
Bugz1815 RTC128412
|
IV75814
|
PMR 25592,200,838
AuthMan adapter throws ArrayIndexOutOfBoundsException when reconciling an identity source with no principals in it.
|
|
|
Items closed in the 7.0.15 release |
|
|
Initial release |
Internal# |
APAR# |
Case# / Description |
|
|
Adapter fails to modify On Demand Authentication Attributes.
If an account is enabled for On Demand Authentication(ODA), and a modify operation is performed, to update other ODA attributes (for e.g. Delivery Method, SMS Destination Address etc.), the adapter fails. Workaround to update ODA attributes: -Perform modify operation to disable the account for ODA. -Modify account again to enable ODA with new values.
The issue will be fixed in future release.
|
|
|
Wrong status returned during filtered recon
When a filtered recon is executed using a filter like (eruid=name) and "name" is not found in the target resource, the adapter returns a FAILURE status. The adapter should return a SUCCESS status so that IBM Security Identity Manager will remove the "name" service account from its datastore.
This issue will be fixed in a future release.
|
|
|
Object Class Violation Error on SendOnly Attributes
If the RSA Authentication Manager adapter fails to set one or more send-only attributes · erRsaAmT1ClearSecurIDPin · erRsaAmT2ClearSecurIDPin · erRsaAmT3ClearSecurIDPin · erServicePwd1 · erServicePwd2 · erServicePwd3 · erRsaAmT1RplNextToken · erRsaAmT2RplNextToken · erRsaAmT3RplNextToken on the RSA Authentication Manager server during an ADD or MODIFY operation, then the adapter will return the attribute in the failed attribute list and some versions of the IBM Security Identity Manager will generate an "Object Class Violation" error. This is an IBM Security Identity Manager server defect and will be addressed in a future server fix pack.
|
Internal# |
APAR# |
Case# / Description |
|
|
RSA Authentication Manager Adapter impacts on TDI and other adapters
For the adapter to run correctly, several specific jar files are needed in the runtime environment. Some of these jars interfere with the operation of other adapters or with certain features of the Tivoli Directory Integrator (TDI). In particular, · The TDI 7.1.1 or SDI 7.2 REST service will not run when the RSA Authentication Manager 8.0 or 8.1 Adapter is installed and configured. · Do not install the RSA Authentication Manager Adapter in the same TDI environment with any of the following adapters: BlackBerry Enterprise Server, Google Apps or Salesforce.
|
|
|
No support for 2-way SSL or SOAP communication The adapter does not support two-way SSL communication with the RSA Authentication Manager server. The adapter also does not support the SOAP protocol when communicating with the RSA Authentication Manager server.
|
Internal# |
APAR# |
Case# / Description |
See the Installation and Configuration guide for IBM Security Verify Adapter for RSA Authentication Manager for detailed instructions.
The following corrections to the Installation Guide apply to this release:
· In Installing -> Installing the adapter binaries or connector section change below line –
Connectors/am82
am82, am84 and am85/RsaAuthMgrConnector.jar , which also works for
8.7
· In Installing -> Copying JAR files from the RSA Authentication Manager server to the Security Directory Integrator environment
section change below line –
RSA
Authentication Manager 8.2 8.2,8.4 and 8.5
Installing ILMT-Tags File
Please
add new section “Installing ILMT-Tags File “under the section
Installing in adapter install guide. Under Installing
ILMT-Tags specify below steps.
Before
you begin:
The
Dispatcher must be installed
Procedure:
Copy the files from ILMT-Tags folder to the specified location:
1. Windows: <SDI-HOME>/swidtag
2. Unix/Linux: <SDI-HOME>/swidtag
The following configuration notes apply to this release:
The IBM Security Verify adapters can be customized and/or extended. The type and method of this customization may vary from adapter to adapter.
Refer to the ‘IBM Security Verify Adapter Development and Customization Guide’
The integration to the IBM Security Verify Server – the adapter framework – is supported. However, IBM does not support the customizations, scripts, or other modifications. If you experience a problem with a customized adapter, IBM Support may require the problem to be demonstrated on the GA version of the adapter before a PMR is opened.
The IBM Security Verify Adapter for RSA Authentication Manager was built and tested on the following product versions.
Adapter Installation Platform:
Due to continuous Java security updates that may be applied to your IBM Security Verify Server, the following SDI releases are the officially supported versions:
· IBM Security Directory Integrator 7.2 + FP6 + 7.2.0-ISS-SDI-LA0019
Note: Earlier versions of SDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases
to the officially supported versions by the adapters.
Managed Resource:
RSA Authentication Manager 8.5 (use connector in am82, am84 and am85 folder
RSA SecurID Authentication Manager 8.7 (use connector in am82, am84 and am85 folder)
IBM Security Identity Manager v6.0.x
IBM Security Identity Manager v7.0.x
IBM
Security Identity Governance and Intelligence v5.2.x
IBM
Security Verify Identity v10.0
IBM Security Verify Governance
v10.0
This information was developed for products and services offered in
the U.S.A. IBM may not offer the products, services, or features
discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual
property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM
product, program, or service.
IBM may have patents or
pending patent applications covering subject matter described in this
document. The furnishing of this document does not give you any
license to these patents. You can send license inquiries, in writing,
to:
IBM
Director of Licensing
IBM Corporation
North Castle
Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual
Property Licensing
Legal and Intellectual Property Law
IBM
Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa
242-8502 Japan
This information
could include technical inaccuracies or typographical errors. Changes
are periodically made to the information herein; these changes will
be incorporated in new editions of the publication. IBM may make
improvements and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.
Any
references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of
those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your
own risk.
IBM may use or distribute any of the information
you supply in any way it believes appropriate without incurring any
obligation to you.
Licensees of this program who wish to
have information about it for the purpose of enabling: (i) the
exchange of information between independently created programs and
other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM
Corporation
2ZA4/101
11400 Burnet Road
Austin, TX
78758 U.S.A.
Such information
may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed
program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer
Agreement, IBM International Program License Agreement, or any
equivalent agreement between us.
Any performance data
contained herein was determined in a controlled environment.
Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on
development-level systems and there is no guarantee that these
measurements will be the same on generally available systems.
Furthermore, some measurements may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific
environment.
Information concerning non-IBM products was
obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested
those products and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed
to the suppliers of those products.
Trademarks
IBM,
the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
Microsoft,
Windows, and the Windows logo are trademarks of Microsoft Corporation
in the United States, other countries, or both.
Java and
all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
End of Release Notes