IBM Security Verify Governance Adapter 10.0.3 for SharePoint Server is available. Compatibility, installation, and other getting-started issues are addressed.
Welcome to the IBM Security Verify Governance Adapter for SharePoint.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Governance manuals were printed:
The SharePoint Adapter is designed to create and manage User Accounts on the SharePoint platform. The adapter runs in "agentless" mode and communicates using HTTP/S and LDAP protocol. The SharePoint adapter supports stand-alone and Active Directory backed user registries. Other user registries supported by SharePoint have not been tested.
The IBM Security Verify Governance Adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from the IBM Security Verify Governance and IBM Security Verify Governance Identity Manager will fail if the Adapter is not given sufficient authority to perform the requested task.
Review and agree to the terms of the IBM Security Verify Governance License prior to using this product.
The license can be viewed from the "license" folder included in the product package.
Adapter Version
Component |
Version |
Build Date |
2023 December 11 09.03.47 |
Adapter Version |
10.0.3 |
Component Versions |
Adapter build: 10.0.3.8 Profile: 10.0.3.8 Connector: 10.0.3.8 Dispatcher 7.1.39 or higher (packaged separately) |
Documentation |
The following guides are available in the IBM Security Verify Governance Adapters Knowledge Center: > Microsoft SharePoint Adapter Installation and Configuration Guide |
New Features
Internal # |
Enhancement # (RFE / Idea) |
Description |
|
|
Items included in current release (10.0.3) |
SVGAD-757 |
SharePoint Server 2019 Support |
|
|
|
Items included in current release (10.0.2) |
None |
||
|
|
Items included in release (10.0.1) |
RTC 187957 |
RFE 139882 (60930)
RFE 131322 (58088) |
SharePoint Online Adapter
SharePoint for O365 |
|
|
Items included in release (7.1.9) |
Bug 2963 TS002370664 |
RFE 134608 (59299) |
SharePoint Integration with IGI and ISAM' [s] Note: For configuration details check SharePoint Site Configuration |
|
|
Items included in release (7.1.8) |
|
|
None |
|
|
Items included in release (7.1.7) |
|
|
None |
|
|
Release v7.1.6 |
RTC 154248 |
SharePoint Server 2016 Support |
|
Bug 2848 |
|
NTLM Authentication Support Note: For NTLM Authentication support needs > 7.1.1 LAIF 41 http://www.ibm.com/support/docview.wss?uid=ibm10878657 > 7.2.0 LAIF 20 http://www.ibm.com/support/docview.wss?uid=ibm10878456 > Direct Fix central links > 7.11. Limited Availability Interim Fix 41: https://ibm.biz/Bd2NeZ > 7.2.0 Limited Availability Interim Fix 20 : https://ibm.biz/Bd2Ne2 |
|
|
Release v7.1.5 |
|
|
Add support for IGI 5.2.2
This adapter is now designed for use with IBM Security Identity Manager, IBM Security Privileged Identity Manager, IBM Security Identity Governance and Intelligence, IBM Security Verify Identity and IBM Security Verify Governance. |
Closed Issues
Internal # |
KnownIssue |
Description |
|
|
Items closed in current release (10.0.3) |
SVGAD-812 |
|
Check account does not create from ISIM when we do not assign group to the user but gives success massage on ISIM |
SVGAD-935 |
|
Sharepoint server 2019 does not support create, delete, modify operation on IGI |
SVGAD-59 |
|
Providing one proper message for suspend user operation |
SVGAD-1188 / Bug 4197 |
DT243339/TS014086004 |
SharePoint Create account failing when email address is empty |
|
|
Items closed in current release (10.0.2) |
RTC 191058 / Bug 3975 |
TS010849873 |
ISVG Sharepoint Adapter to communicate with Sharepoint Online. (Refer "Configuring SharePoint Online for Adapter" section of SharePoint Adapter installation and configuration guide) |
RTC 191022 / Bug 3953 |
TS010506380 |
Recon failing for Sharepoint Host named site collection (Refer "Configuring Adapter with Host Named Site Collection" section of SharePoint Adapter installation and configuration guide) |
RTC 190897 / Bug 3853 |
TS009402430 |
Integrate with SharePoint Host-named Site collections (Refer "Configuring Adapter with Host Named Site Collection" section of SharePoint Adapter installation and configuration guide) |
|
|
Items closed in release (10.0.1) |
Bug 3346 |
|
IGI does not add user to the SharePoint group |
|
|
Items closed in 7.1.9 release |
|
|
None |
|
|
Items closed in 7.1.8 release |
Bug 3015 TS002574599 |
|
SharePoint server error |
Bug 3072 TS002851426 |
|
Filtering does not work on Sharepoint adapter 6.0.7 |
|
|
Items closed in 7.1.7 release |
Bug 2892 |
IJ16315 |
TS002574599 / SharePoint recon failed with "'decoded' is
null" |
Release v7.1.6 |
||
RTC 155612 |
|
Added TDI 7.1.1 FP5 and SDI 7.2 support |
Bugz 2272 |
|
SharePoint Adapter recon user and add user problem |
Known Limitations
Internal # |
APAR # |
Case # / Description |
Internal |
NA |
The information about SharePoint authentication modes/providers are stored in a configuration file. The adapter reads this file and reconciles the list of authentication providers as supporting data. For details of this file check the topic Configuring authentication providers in SharePoint adapters Installation and Configuration guide. With version 7.1.9 release of adapter, the adapter profile has been updated to expose these SharePoint Authentication modes as Support data list on IGI. The Authentication mode value can be selected from the list.
This change will work on IGI 5.2.5 and above versions. For IGI 5.2.4 and earlier versions there will be text box for authentication mode attribute (erspdomain). The values will not be listed. To overcome this issue, while assigning value to this attribute, use the Authentication Modes Prefix value from the configuration file.
For e.g.: "i:0#.w|EXAMPLEDOMAIN "i:0#.f|SomeMembershipProvider|"
|
Internal |
NA |
With version 7.1.7 release of the adapter, the adapter profile has
been updated to expose SharePoint Groups as permissions in IGI.
This update exposes a situation in the IGI product when a
user requests a permission and the user does not have an account
on SharePoint. IGI will generate two out events: Create
SharePoint account and Assign the permission to the account.
Since the Group membership is a required attribute on the
account, the account creation will fail. |
Internal |
N/A |
The SharePoint UserGroup webservice does not provide the same function as the SharePoint GUI. As a result some features that are available through the SharePoint GUI are not available through the SharePoint WebService |
Internal |
N/A |
If there are two users with the same user name in different Domains. Then the reconciliation will only return one of the users. For example the Administrator account exists both for the SharePoint Server and the Active Directory domain. Only one of these accounts will be returned to Identity Manager. |
See the Installation Guide for IBM Security Verify Governance SharePoint adapter for detailed instructions.
Corrections to Installation guide:
Chapter 1: Overview
No updates for the current release
Chapter 2: Planning
No updates for the current release
Chapter 3: Installing
Installing in Virtual Appliance (Chapter present under ISVG only)
Add below note to the end of the content of the chapter:
Note: While uploading the Adapter package, you may receive System Error: A file included in the SDI Adapter zip already exists on the system and the Server Message log under Appliance tab of VA will have a reference to error com.ibm.identity.sdi.SDIManagementService E File ibm.com_IBM_Security_Verify_Governance_xxxx.swidtag found in the adapter zip at location ILMT-Tags/ already exists in system. This is because, you can install the same swidtags only once. So, if another adapter of the same type is installed, remove the swidtags.
The ibm.com_IBM_Security_Verify_Governance_Enterprise-xxxx.swidtag file is common to all adapters. In addition to the common swidtag file, an application adapter needs ibm.com_IBM_Security_Verify_Governance_Application_Adapters-xxxx.swidtag file and an infra adapter needs ibm.com_IBM_Security_Verify_Governance_Lifecycle-xxxx.swidtag and ibm.com_IBM_Security_Verify_Governance_Compliance-xxxx.swidtag files. So, if an application adapter is already installed and this is an infra adapter, then only install the infra-specific swidtags and the other way around. Please visit IBM Security Verify Governance Adapters link to identify the adapter type of the installed adapters.
Enabling TLSv1.2 in Security
Directory Integrator
Procedure:
1.
Apply recommended fix packs and limited availability (LA) versions on
the Security Directory Integrator. See Recommended fixes for IBM
Security Directory Integrator (SDI).
2. After applying
the appropriate updates, modify the /solution.properties file by
appending the following text to the bottom of the file:
#####################
# # Protocols to enforce SSL
protocols in a SDI Server
# # Optional values for
com.ibm.di.SSL* property (TLSv1, TLSv1.1, TLSv1.2). # # This can be a
multi-valued comma separated property
# # Optional values for
com.ibm.jsse2.overrideDefaultProtocol property (SSL_TLSv2,
TLSv1,TLSv11,TLSv12).
# # This is a single value property.
#####################
-
com.ibm.di.SSLProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.di.SSLServerProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.jsse2.overrideDefaultProtocol=TLSv1
com.ibm.jsse2.overrideDefaultTLS=true
#####################
Chapter 6: Troubleshooting
Enabling DEBUG Logs on SDI
Server
Procedure:
1. Stop the SDI
Server process
Pre-7.2.0-ISS-SDI-FP0008
2.
Edit the < SDI_Solution_Directory >/etc/log4j.properties
3.
Modify the following line:
log4j.rootCategory=INFO,
Default
to
log4j.rootCategory=DEBUG, Default
Post-7.2.0-ISS-SDI-FP0008
2. Edit the
<SDI_Solution_Directory>/etc/log4j2.xml
3. Modify the
following line:
<Root level="info">
to
<Root level="debug">
4. Start
the SDI Server process
5. Re-create the problem and collect the
/logs/ibmdi.log
Chapter 7: Reference
No updates for the current release
Installation Platform
The IBM Security Verify Governance SharePoint Adapter was built and tested on the following product versions.
Adapter Installation Platform:
Due to continuous Java security updates that may be applied to your ISVG or ISVGIM servers, the following SDI releases are the officially supported versions:
Security Directory Integrator 7.2 + FP11
Note: Earlier SDI supported version may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters
For NTLM authentication use:
> 7.2.0 LAIF 20 http://www.ibm.com/support/docview.wss?uid=ibm10878456
> Direct Fix central links
> 7.2.0 Limited Availability Interim Fix 20 : https://ibm.biz/Bd2Ne2
Managed Resource:
> SharePoint Server 2019
> SharePoint Server 2016
> SharePoint Online
IBM Security Verify Governance Servers:
IBM Security Verify Governance Identity Manager v10.0
IBM Security Verify Governance v10.0
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged should contact:
IBM Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.