IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006

Similar documents
Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Tivoli Access Manager for Enterprise Single Sign-On

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

iscsi Configuration Manager Version 2.0

IBM Tivoli OMEGAMON DE for Distributed Systems

IBM Tivoli OMEGAMON XE for R/3

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

Release Notes. IBM Tivoli Identity Manager Oracle PeopleTools Adapter. Version First Edition (May 29, 2009)

IBM Tivoli Directory Server Version 5.2 Client Readme

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Limitations and Workarounds Supplement

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Migrating Classifications with Migration Manager

Netcool/Impact Version Release Notes GI

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

IBM Tivoli AF/Remote

IBM Tivoli Identity Manager Authentication Manager (ACE) Adapter for Solaris

Chapter 1. Fix Pack 0001 overview

IBM Tivoli OMEGAMON XE for Databases

Workplace Designer. Installation and Upgrade Guide. Version 2.6 G

IBM BladeCenter Chassis Management Pack for Microsoft System Center Operations Manager 2007 Release Notes

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Release Notes. IBM Tivoli Identity Manager I5/OS Adapter. Version First Edition (January 9, 2012)

Limitations and Workarounds Supplement

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

IBM Directory Server 4.1 Release Notes

Tivoli Access Manager for Enterprise Single Sign-On

Limitations and Workarounds Supplement

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

IBM Rational Synergy DCM-GUI

IBM Directory Integrator 5.1.2: Readme Addendum

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM. Tivoli Usage and Accounting Manager (ITUAM) Release Notes. Version GI

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

Networking Bootstrap Protocol

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

Configuring IBM Rational Synergy to use HTTPS Protocol

Tivoli Access Manager for Enterprise Single Sign-On

SMASH Proxy Version 1.0

Tivoli Switch Analyzer

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

IBM License Metric Tool Version Readme File for: IBM License Metric Tool, Fix Pack TIV-LMT-FP0001

Patch Management for Solaris

IBM Integration Designer Version 8 Release 5. Hello World for WebSphere DataPower Appliance IBM

Installation and User s Guide

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

Development tools System i5 Debugger

Release 6.2 Installation Guide

Application and Database Protection in a VMware vsphere Environment

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

IBM Directory Server Version 5.1: Web Administration Tool README

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

Using application properties in IBM Cúram Social Program Management JUnit tests

IBM License Metric Tool Enablement Guide

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

Tivoli Access Manager for Enterprise Single Sign-On

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Printing Systems Division. Infoprint Manager for AIX NLV Release Notes

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Version Release Notes GI

Installing and Configuring Tivoli Monitoring for Maximo

IBM Storage Driver for OpenStack Version Release Notes

IBM VisualAge for Java,Version3.5. External Version Control

Lotus Forms Designer 3. What s New

Version 1.2 Tivoli Integrated Portal 2.2. Tivoli Integrated Portal Customization guide

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

Performance Toolbox for AIX Version 3.1

Best practices. Reducing concurrent SIM connection requests to SSM for Windows IBM Platform Symphony

IBM Spectrum LSF Version 10 Release 1. Readme IBM

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

IBM Maximo Spatial Asset Management Version 7 Release 6. Installation Guide IBM

Express Edition for IBM x86 Getting Started

IBM Extended Command-Line Interface (XCLI) Utility Version 5.2. Release Notes IBM

IBM Tivoli Identity Manager IBM Security Access Manager for Enterprise Single Sign-On Adapter for Tivoli Directory Integrator

IBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security

IBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

IBM Maximo Calibration Version 7 Release 5. Installation Guide

RSE Server Installation Guide: AIX and Linux on IBM Power Systems

Contents. Configuring AD SSO for Platform Symphony API Page 2 of 8

Readme File for Fix Pack 1

IBM Storage Driver for OpenStack Version Installation Guide SC

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

COBOL for AIX. Source conversion utility (scu)

IBM. Release Notes November IBM Copy Services Manager. Version 6 Release 1

IBM emessage Version 8.x and higher. Account Startup Overview

Transcription:

Release Notes IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006 IBM is releasing version 6.00 of IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter (TAM E-SSO: Authentication Adapter). These release notes provide important information about this release. The information in this document supplements and supersedes information in the TAM E-SSO: Authentication Adapter product documents. The following topics are discussed: What s New...2 Technical Notes...4 Open Issues...5 Product Documentation...6 Contacting Customer Support...6

What s New What s New TAM E-SSO: Authentication Adapter integrates with most authentication methods and provides support for both primary login and re-authentication requests (i.e. forced re-authentication, session time-out or application specific authentication request) for both connected and disconnected use. These topics describe the major new features of this product. What s New in 6.00 Full Support for New Authenticators Full out-of-the-box support is now provided in TAM E-SSO: Authentication Adapter for the following authenticators: Ensure Technologies XyLoc proximity badges DigitalPersona Authenticator SAFLINK SAFAuthenticator for TAM E-SSO The client software for each authenticator must be installed. Authenticator clients likely have their own system requirements, which may differ from TAM E-SSO: Authentication Adapter s requirements. Please refer to the strong authenticator s documentation to review the system requirements. Ensure Technologies Xyloc and TAM E-SSO: Kiosk Adapter Integration Features Support for Xyloc Grace Period TAM E-SSO: Kiosk Adapter detects if a session owner has returned within the Xyloc grace period, and automatically unlocks a locked session without requiring user interaction. Support for Xyloc Auto Logon Capabilities TAM E-SSO: Authentication Adapter supports the use of the Xyloc Client s Auto Logon capabilities. Supporting this capability prevents a double authentication scenario whereby a user authenticates to the Xyloc Client when starting up the kiosk, and then has to immediately authenticate again to TAM E-SSO: Kiosk Adapter through Xyloc to unlock a session. When this feature is enabled, upon startup, the kiosk automatically logs onto the kiosk account. TAM E-SSO: Kiosk Adapter then immediately locks the desktop and detects any badges in range. The user is then required to perform only one authentication through Xyloc to start the machine and unlock a session. To enable this feature, please refer to Microsoft s documentation on how to configure the registry on the kiosk machine to use the Windows Auto Logon capability. Then create the following DWORD value in the Registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UseAutoLogon" = dword:00000001 2 Release Notes

What s New Applications to close on session end will not be closed when Xyloc s grace period expires In the previous release, when using Xyloc s grace period feature with TAM E-SSO: Kiosk Adapter, TAM E-SSO: Kiosk Adapter s configuration option "Close suspended session after how many seconds" and Xyloc s configuration option "Unlock to Key Only for up to" had to be set to the same value. With this configuration, when the grace period expired, the TAM E-SSO: Kiosk Adapter session would end and active applications in the list of applications to be closed by TAM E-SSO: Kiosk Adapter on session end were closed. In this release, the TAM E-SSO: Kiosk Adapter configuration option "Close suspended session after how many seconds" and the Xyloc configuration option "Unlock to Key Only for up to" can be set to different times. This ensures that TAM E-SSO: Kiosk Adapter s list of applications to be closed on session end will not be terminated when the Xyloc grace period expires. For example, say a user reopens a session within the grace period, the user does not have to authenticate and active applications (configured to be closed on session end) are open. If the user reopens a session after the grace period has expired but within the TAM E-SSO: Kiosk Adapter session timeout, they must authenticate, but active applications (configured to be closed on session end) are open. Note: This functionality works in all scenarios except one; the first time a user logs into their existing TAM E-SSO: Kiosk Adapter session outside of the Xyloc Grace Period after completing FTU (TAM E-SSO's First Time User wizard). Instead of the user logging into their existing session, a new session starts, and active applications in the list of applications to be closed by TAM E-SSO: Kiosk Adapter on session end are closed as a result. All subsequent grace period logons are functioning as designed. 3 Release Notes

Technical Notes Technical Notes This section describes important technical information about this release. TAM E-SSO: Authentication Adapter Console The TAM E-SSO: Authentication Adapter Console has been merged with the TAM E-SSO 6.00 Console. This new console must be installed to utilize all of the administrative settings available in TAM E-SSO: Authentication Adapter 6.00. The console can be installed from the TAM E-SSO: Authentication Adapter 6.00 CD; instructions are provided in the TAM E-SSO: Authentication Adapter Installation and Setup Guide. Ensure Technologies Xyloc and TAM E-SSO: Kiosk Adapter Integration Configure the following settings when using Xyloc Proximity Badges and integrating with TAM E- SSO: Kiosk Adapter: When configuring Sync in the TAM E-SSO Administrative Console, the sync order must be set, even if there is only one sync installed. This setting, "Sync Order", can be found under Global Agent Settings > Live > Synchronization. When utilizing the Xyloc Grace Period feature with TAM E-SSO: Kiosk Adapter, the TAM E-SSO: Kiosk Adapter configuration option "Close suspended session after how many seconds" and the Xyloc "Unlock to Key Only for up to" configuration options can now be set to different values, if desired. SAFLINK SAFAuthenticator and TAM E-SSO: Kiosk Adapter Integration The following technical notes apply when using SAFLINK SAFAuthenticator for TAM E-SSO and integrating with TAM E-SSO: Kiosk Adapter: When configuring Sync in the TAM E-SSO Administrative Console, the sync order must be set, even if there is only one sync installed. This setting, "Sync Order", can be found under Global Agent Settings > Live > Synchronization. DigitalPersona The Escape key [Esc] cannot be used to cancel out of the biometric authentication dialog when unlocking TAM E-SSO: Kiosk Adapter with SAFLINK. This happens when a user is starting a new session or logging into the current one. The reason this happens is because TAM E-SSO: Kiosk Adapter disables the escape key for security reasons. This window can be closed by clicking the X button at the top of the dialog. The DigitalPersona service maintains cached credentials for a latent period after an authentication. If a user authenticates through DigitalPersona and then encounters another authentication scenario within 20 seconds, the user is not prompted to supply credentials. The reason is because during the reauthorization scenario, DigitalPersona is still caching credentials. This is a function of DigitalPersona and cannot be changed by IBM. 4 Release Notes

Open Issues Open Issues This section describes issues that remain open in this release. The table lists the issue and a detailed description, if applicable. Issue Description Smart card: The "Store The smart card Store PIN feature should prevent a double PIN" feature does not authentication from occurring once a user logs into a prevent double machine. With this feature enabled and a user has logged authentication on initial into the machine, they are still prompted to re-authenticate logon through TAM E-SSO when launching the first application. There is no workaround for this issue, users will have to reenter their credentials. Smart card: Authenticating to TAM E- SSO fails when the smart card passphrase is disabled Windows Authenticator v1: User is prompted to re-authenticate to Windows Authenticator v1 after completing FTU Entrust Authenticator: Entrust dialog loses focus when logging into applications Integration issues with TAM E-SSO: Kiosk Adapter RSA SoftID Passphrase dialog not displayed When the Passphrase option for smart cards is set to 'Disable' in the TAM E-SSO Administrative Console (Global Agent Settings > Live > Primary Logon Methods > Smart Card > Advanced: "Passphrase" set to "Disable"), authentication during First Time Use (FTU) is successful, but authentications subsequent to FTU will result in the following error, despite entering the correct PIN number: "The logon process was not successful". To work around this issue, the smart card Passphrase option should be enabled, which is the default setting. This issue occurs when the Entrust Authenticator and Authentication Manager are installed. When the user selects Authentication Manager as their primary logon method and authenticates to Entrust, and then subsequently cancels out of the Windows Authenticator v1 dialog, they will be prompted to re-authenticate to Windows Authenticator v1 after finishing FTU. There is no workaround for this issue. Users can cancel the dialog and TAM E-SSO will load as expected. In a re-authentication scenario, the Entrust authenticator dialog appears without input focus when running an application. This issue is seen with all application types. There is no workaround for this issue. Users can click on the Entrust dialog to regain focus, and then type their password. TAM E-SSO: Kiosk Adapter does not respond to smart card events when the smart card is inserted into the reader after a TAM E-SSO: Kiosk Adapter desktop screen is displayed. TAM E-SSO: Kiosk Adapter also does not respond when the smart card is removed from the reader. The workaround to these issues are to manually start and lock a session. When creating a logon for an RSA SoftID application TAM E- SSO prompts the user for a User ID and PIN, but does not prompt the user for a passphrase if the SoftID token is passphrase-protected. This issue only occurs when running TAM E-SSO v6.00. There is no workaround; IBM is currently working on a resolution to this issue. 5 Release Notes

Product Documentation Product Documentation The following documents support this product: TAM E-SSO Authentication Adapter Installation and Setup Guide TAM E-SSO Console Help TAM E-SSO Agent Help Contacting Customer Support Before contacting IBM Tivoli Software Support with a problem, refer to the IBM Tivoli Software Support site by clicking the Tivoli support link at the following Web address: http://www.ibm.com/software/support If you need additional help, contact software support by using the methods described in the IBM Software Support Guide at the following Web address: http://techsupport.services.ibm.com/guides/handbook.html The guide provides the following information: Registration and eligibility requirements for receiving support Telephone numbers, depending on the country in which you are located A list of information you should gather before contacting customer support 6 Release Notes

Appendix. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user s responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Copyright IBM Corp. 2006

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged should contact: IBM Corporation 2ZA4/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: AIX DB2 developerworks eserver IBM iseries Lotus Passport Advantage pseries RACF Rational Redbooks Tivoli WebSphere zseries Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Release Notes

Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the U.S., other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. Appendix. Notices

IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Release Notes

Printed in USA SC32-2000-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback