CA ControlMinder 12.7 - CumulativeFix-2 (CF2) FIXLIST
3922
24 May 2019
24 May 2019
| No. | Severity | Module | Problem summary | Package | OS | Cause of the problem | Conditions | Solution or workaround | Reproduction steps |
| 1 | 2 | ENTM | Fixes a Report Agent issue where messages that exceeded 30MG caused the Enterprise Management Server to stop responding and generate an Out Of Memory error message | AC1270924 | All | 1. Messages consumed from the queue(qu not as single thread in case of a large messages consumed a lot of memory. 2. Repairing and the validation process of message are consumed a lot of memory 3. Message are saved to local temp file 4 times if failure occur consumed a lot of disk space. 4. Message are send to DLQ(dead latter queue) after 4 attempts in case of a large messages consumed a lot of memory. 5. Hibernate batch size was configure to 25 this normal but in case of large file we want release the session. | |||
| 2 | 3 | ENTM | Fixes an issue with the Enterprise Administration Server where an endpoint in another domain failed to register with the server | AC1270966 | All | ||||
| 3 | 3 | ENTM | Fixes an Enterprise Management Server related where filtering the World View for hosts with "Hostname = * " and "Endpoint Type = All " or "Hostname = * " and "Endpoint Type = AC Endpoint " generates an error message. The behavior was observed on large scale environment only. | AC1270971 | All | 1. Log in to ENTM 2. Go to World View -=^ Hosts -=^ Search with "Hostname = * " and "Endpoint Type = All" or "Hostname = *" and "Endpoint Type = AC Endpoint" 3. Hit "Go". | |||
| 4 | 3 | ENTM | Fixes a SAM related issue where executing pwextractor without providing the FIPS key , results in a Null pointer exception and a message indicating "Successfully completed password extraction" instead of prompting for FIPS key | AC1270974 | All | there is no check made for FIPS key availability when -cleartext is provided. | Making check of FIPS key file when passwords are required as clear text (i.e. using -cleartext). | 1. Stop Jboss 2. Go to password extractor directory - /opt/CA/AccessControlServer/IAM_Suite/Access 3.Run the following command (I have not provided FIPS key) root@<machine name> pwextractor]# ./pwextractor.sh -backup -h <machine name> -account_pwd -cleartext -d oracle -t oracle -l entm_127cf1 -p N0tall0wed -f /opt/pwd CA PUPM Password extractor. | |
| 5 | 3 | ENTM | Fixes an issue with View Submitted Task where records are not retrieved if filtered with 'Initiated By: Superadmin" and unchecking the "Submitted between" filter | AC1270976 | All | 1. Goto VST Audit 2. Add the filter 'Initiated By: Superadmin" Click Validate 3. Now uncheck the "Submitted between" filter 4.Click on Search 5.Getting the attached Error Message On Oracle Machine: Error: [Submitted Tasks] Error loading persistence service: ORA-01008: not all variables bound . On SQL Machine: Error: [Submitted Tasks] Error loading persistence service: Incorrect syntax near '?'.. | |||
| 6 | 3 | ENTM | Fixes an Enterprise Management Server issue with View Submitted Task where in case 'approved by' filter includes Japanese user name, the VST does not retrieve results | AC1270977 | All | ||||
| 7 | 2 | ENTM | Fixes an Enterprise Management Server issue where the approval event is missing in SAM audit log "Event History" when a user approves a privileged account request by group member. | AC1270856 | All | The Event to store details in runtimestatusdetail12 table is not getting fired | Code Changes to include the event which will store the details to runtimestatusdetail12 table | ||
| 8 | 3 | ENTM | Fixes an Enterprise Management Server related issue where creating SSH endpoint through feeder creates the root account with container "Accounts" where root account in the container should be in "SSH Accounts" | AC1270865 | All | ||||
| 9 | 3 | ENTM | Fixes a ControlMinder issue where a user attempts to approve or reject multiple work items (approve a workflow event), which results in a NullPointerException message that forces the user reopen the UI. | AC1270867 | All | The issue occurred because of the hardcoded value of the environment alias name as "ac" in code | Code Changes: Alias name of the environment must be populated dynamically in the request object | 1. Install ENTM with an environment other than the default environment and provide the alias name of the environment other than "ac" 2. Login as sam requestor and request for a privileged account 3. Login as approver and select the requested account from the woklist by selecting the checkbox on the home screen 4. Approve/Reject the requested account Actual Result: NULL Pointer exception was thrown Expected Result: Account must be approved or rejected and should be removed from the worklist of the Approver | |
| 10 | 3 | ENTM | Fixes an Enterprise Management Server UI issue where the current password appears in the [Password Service] panel after user logs into the UI although the [Password Must Change] options was selected when the user account was created. | AC1270868 | All | Populating the password | 1.Login in into ENTM UI with superadmin 2.Create User by selecting “Password Must Change” check box 3.Logout and login with newly user 4.will observe password field with asterisk | ||
| 11 | 2 | ENTM | Fixes a ControlMinder Privileged Account request issue where an error is displayed when a user switches from the Approvers tab to the Privileged Account tab within the request page. | AC1270869 | All | The issue occurred because we are trying to refer an object in a “approve_privileged_account_request_profile.jsp” from session object which is not available in session. We are setting the value in session if and only if we are login to ENTM using our login page which is not the case for customer. | Instead of picking the value from session, we are picking it from a method available in one Java Class | CA SITEMINDER must be integrated into the environment to test this issue 1. Request for a privileged account 2. Login as approver and select the request 3. Switch from the Approvers tab to the Privileged Account tab Expected Result: It should show the details provided while requesting for the account Actual Result: Null Pointer Exception | |
| 12 | 3 | ENTM | Fixes a UI related issue where "Deploy Script" and "UnDeploy Script" do not contain the scroll bar to view the content when viewed through "Version History" Tab of View Policy Task when using Internet Explorer. | AC1270969 | All | input text box field is disabled | changed input text box field from disabled to readOnly | ||
| 13 | 3 | ENTM | Shared accounts details missing fields. No visible display of true/false in the Exclusive account field in the my privileged accounts section. | AC1270965 | All | 1. Login to ENTM via a SAM user, request for few accounts. 2. once the accounts are approved, check for the my privileged accounts 3.Click on Show details dropdown arrow button next to account name. Actual Result: Exclusive Checkout is showing no results as shown in the screenshot. | |||
| 14 | 3 | ENTM | Fixes a SAM issue where user cannot open "Modify Privileged Account" screen from the "Modify Privileged Account" screen, "Select Privileged Account" | AC1270950 | All | ||||
| 15 | 2 | ENTM | Fixes an issue where data is missing in endpoints exported CSV file using "Shared Accounts" wizard | AC1270951 | All | If the endpoint/account has Japanese characters in any of the field not setting content length correctly. Now setting the content length correctly. | 1.Create Some endpoints on Japanese ENTM (example: Japanese characters in description) 2.Go to WorldView-=^View-=^Shared Accounts 3.Uncheck "Show Only Failure" check box 4.export endpoints 5.Observe last rows data missing in csv file. | ||
| 16 | 2 | ENTM | Fixes a report agent related issue where errors were recorded in the server log when UNAB attempted to capture snapshot. | AC1270953 | All | ||||
| 17 | 2 | ENTM | Fixes an issue with the Enterprise Administration Server where in a highly available environment, where the primary Active Directory controller fails, CA ControlMinder does not switch to the secondary Active Directory controller. | AC1270954 | All | Client cannot log in to ENTM when main DC is down even though failover is defined in ac-dir.xml. 1.Export Ac-Dir.xml 2.Edit: ^=Connection host="infra00B.forwardinc.ca" port="389" failover="infra00.forwardinc.ca:389" /=^ 3.Update ac-dir.xml 4.Shut down infra00B 5.Open ENTM login page 6. Try login, get error | |||
| 18 | 3 | ENTM | Fixes an issue with Policy Management -> Policy -> View Policy where user is unable to review a full policy in View Policy. The user only sees a portion of the policy. To view the complete policy you must edit the policy | AC1270938 | All | ||||
| 19 | 2 | ENTM | Fixes a SAM issue where a user attempts to create a ControlMinder endpoint using the host IP address as hostname fails. | AC1270941 | All | Host domain is taken as IP address when Host field is IP address. In case if Host field is IP address, host domain value is required to create AC for PUPM endpoint successfully. | Host domain is taken as IP address when Host field is IP address. In case if Host field is IP address, host domain value is required to create AC for PUPM endpoint successfully. When host field is entered and host domain is empty, value entered in host field is taken as host domain. User needs to make sure that he has given appropriate value in host domain | Give IP address as input in hostname field while creating AC for PUPM endpoint. Fails to create endpoint sometimes. | |
| 20 | 3 | ENTM | Fixes a ControlMinder related issue where the Information Details are not populated from endpoint details when you manually create a shared account | AC1270943 | All | The implementation to populate the details is not available | Code Changes are required to populate the default value | Install ENTM. Create an endpoint of type Windows Agentless and fill the Information tab with Owner, Department, custom1 and custom 2 View endpoint - details are all shown. Discover an account for the above created endpoint, view the account, all the details including Owner, Department, custom1 and custom 2 are there. Create an account manually for the above created endpoint, view the account. Expected results: All the details including Owner, Department, custom1 and custom 2 are there. Actual result: Owner details are there but Department and custom field values are missing. | |
| 21 | 3 | ENTM | Fixes an Enterprise Management Server issue where exporting endpoints or accounts data results in missing details in the CSV file. | AC1270923 | All | If the endpoint/account has Japanese characters in any of the field not setting content length correctly. Now setting the content length correctly. | 1.Create Some endpoint/accounts on Japanese ENTM (example: Japanese characters in description) 2.Go to WorldView-=^View-=^Shared Accounts 3.Uncheck "Show Only Failure" check box 4.export endpoint/accounts 5.Observe last rows data missing in csv file. | ||
| 22 | 3 | Unix endpoint user mode | Fixes a ControlMinder issue with the host group policyassign value to support single quotes. This is a Linux fix for dbmgr (dbmgr -e) | AC1270927 | Linux | Two single quotes were added to the host group policyassign value. | On Linux server installation. | Fix host group policyassign value to have a single quotes. | On The DMS database: 1.create a host group 2. Add 2 hosts members to the host group 3. Assign 2 policies to the host group. 4. Assign 2 different policies to the host group members. 5. cd to the DMS folder 6. stop AC 7. Run "dbmgr -e -l =^ dms_export.txt 8. Run "selang -p DMS__ -f dms_export.txt =^ dms_import.txt 9. Check that there are no errors in the dms_import.txt file previous to this fix there was error on the ghnode policyassign command: chres GHNODE ('h1') owner('ac_entm_pers') policyassign+(‘’PCI DSS 10.1’’) noexit gen_prop(ON_BEHALF_OF) gen_val('superadmin') |
| 23 | 2 | ENTM | Fixes an Enterprise Management Server Installation issue where the installation done through DXlink and adding a user to a GroupMember results in an exception. | AC1270928 | All | If we use DXlink then ldapVendorType is "Generic LDAP". which is not handled in the code. it. | 1.Create a provisioning server with DXlink(attaching doc) 2.Install the EntM through DXlink(attaching doc) 3.login in into EntM UI 4.Go to Users and Groups 5.Click on Modify Group 6.Add a User to GroupMember the will observe "Failed to execute AddToGroupEvent. ERROR MESSAGE: SmApiWrappedException:- LDAP: error code 53 - 0000209A: SvcErr: DSID-031A10B0, problem 5003 (WILL_NOT_P ERFORM), data 0 " | ||
| 24 | 3 | ENTM | Fixes an issue where AccountManager crashes in case root password contains (") | AC1270929 | All | ||||
| 25 | 3 | Unix endpoint kernel mode | Fixes an issue with creapmd and dmsmgr utilities to correct wrong PMD directory search when creating DMS | AC1270909 | All | Wrong PMD directory search when creating DMS | This fix contain changes in creapmd and dmsmgr utilities. | If the client want to change the DMS folder, he should not remove the DMS and then create it again (this way he will lost all the DMS data, also the ENTM connection data, etc ..). I think that the right way if to follow up the high availability process (for the DMS part) and do the same. (it explain how to change the DMS folder) http://lod1218.ca.com/AC/CA-Access-Control-AC-12.6SP1-Bookshelf/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?1431509.html?zoom_highlight=DMS+cluster | 1. Server installation on Linux 2. Remove the DMS (dmsmgr –remove –auto) 3. Shutdown AC 4. Edit seos.ini, change the default PMD folder to another (existing) folder (_pmd_directory_ token) 5. Create the DMS (dmsmgr –create –auto) - should issue an error - Failed to update DMS/DH/DH_WRITER token. 6. Start AC 7. Create the DMS (dmsmgr –create –auto) - should issue an error - Failed to update DMS/DH/DH_WRITER token. |
| 26 | 3 | ENTM | Fixes an Enterprise Management Server issue where queering the database and converting the objects to UI objects take a significant period to complete | AC1270910 | All | Code Change- adding some indexes to some of DB tables, improve the converting method by avoiding of duplicate or more accesses to database by caching the endpoint during the conversion | while Browsing to My privileged accounts page, loading time takes long time make sure to set MyAccountsSearchSizeLimit to be 100 at IdmManage | ||
| 27 | 2 | ENTM | Fixes an Enterprise Management Server issue where the report lastcheckout and lastpassword change time does not sync with the CA Business Intelligence server time. | AC1270911 | All | After checkout and check in privileged accounts, if we run the Capture Snapshot then AccountPasswordCollector getting invoked, then fetching the privileged accounts from ACCOUNT_PASSWORD table and getting inserted them into ppmaccount table, during that ppm_passwordLastModifiedDate and ppm_lastCheckOutDate fields are converted from utc to localservertime. Due to this reports of checkout/checkin privileged accounts lastcheckout and lastpasswordchange time was showing wrong(while generating the reports of checkout/checkin privileged accounts cabin fetch the data from ppmaccount table convert them utc to local time) in reports. | 1.Change the ENTM,BO machine time to GMT+8 2.Checkout and Checkin Privileged account 3.Run the capture snapshot 4.Create a Report(Report-=^English-=^Shared Account Management(SAM) and click and Shared Accounts by Endpoint. 5.Check the report will observe in report lastcheckout and lastpassword change time doesn't sync with cabin machine time. | ||
| 28 | 2 | ENTM | Customer modified the [Privileged Account Request] Privileged Access role Fixes an Enterprise Management Server issue where a user checked an account in the [Requested For:] filed by filtering the user filed. Next, the user filter was cleared and the checked user is not correct. | AC1270912 | All | The selection is working based on the index of the row. | Code Changes to update selected row indexes based on the selected rows | 1. login as superadmin 2. create 3 EntM users; user1, user2, user3. 3. modify [Privileged Account Request] Privileged Access Role. navigate to [Users and Groups] - [Roles] - [Privileged Access Roles] - [Modify Role] and select [Privileged Account Request] - [Members] tab add following new scope rules: The member rule becomes: Member Rule (all) Scope Rules -Privileged Account (all) -Privileged Account Request (all) -Endpoint (all) ^=- add -User (all) ^=- add 4. login as user1 5. navigate to [Home] - [My Accounts] - [Privileged Account Request] and select an account 6. click [...] button besides [Requested For:] Problem A) 7. enter 'User ID = user*' for search criteria on [User Search] and click [Search] -=^ user1, user2 and user3 are listed 8. check user2 and click [OK] -=^ user2 is listed on the 3rd line 9. click [...] button besides [Requested For:] again -=^ user list is displayed with 'User ID = *' search criteria; all users are listed [expected result] user2 is checked though the user list is changed [actual result] the user listed on 3rd line is checked problem B: sorting column makes the user selection cleared 10. click [Search] and select users 11. click a column header (Name, Description or Type) to sort the list [expected result] check for users is still checked after sort [actual result] check for users is cleared after sort | |
| 29 | 2 | ENTM | Fixes an issue with account creation where if the user first enters the Owner and then other account properties, account is | AC1270915 | All | ||||
| 30 | 3 | ENTM | Fixes an issue where user failed to check out the PUPM account for the Endpoint which has been created via feeder | AC1270916 AC1270934 | All | ||||
| 31 | 2 | ENTM | account, and then submit "Create" button. | AC1270904 | All | Exception Stack trace is logged in server log | As this code is very sensitive, we are suppressing the exception in the log to a warning message as this is not causing any problem in the ENTM | 1. log into EntM WebUI as superadmin 2. modify Break Glass Privileged Access role member rule where ( Login ID not equal "superadmin" ) 3. navigate to [My Privileged Accounts] Then, following errors will be recorded in server.log: 2013-10-02 17:29:46,819 ERROR [ims.default] Administrator superadmin is not authorized to exercise task imstask.label.task.BreakGlass.name 2013-10-02 17:29:46,819 ERROR [com.ca.ppm.tabhandlers.AccountPasswordsSearchHandler] AccountPasswordsSearchHandler: cannot find admin task by tag:BreakGlassAccounts NotAuthorizedException: Administrator superadmin is not authorized to perform task imstask.label.task.BreakGlass.name. This doesn't happen if the user is member of Break Glass role. | |
| 32 | 2 | ENTM | Fixes a SAM related issue where the date is not formatted based on the locale, if the locale is other than English | AC1270905 | All | Date is not getting formatted based on the locale, if the locale is other than English | Code Changes: Removed the code which is using locale to format date | 1: I had a Windows Agentless endpoint with English name. Then, I tried to show the endpoint. In this case, I couldn't reproduce the same problem. However, 2:I deleted the endpoint and created a Windows Agentless endpoint with Japanese name. Then, I tried to show the endpoint. Then, I saw the same error "Internal error". So, 3:I deleted the endpoint with Japanese name and created a Windows Agentless endpoint with English name. Then, I tried to show the endpoint. Then, I saw the same error "Internal error" yet. So, 4:I stopped Jboss and Connector server services and deleted all files in ^=JBOSS_HOME=^serverdefaulttmp and work folders. 5; I started Jboss and Connector server services. 6: I tried to show the endpoint. Then, I saw the same error "Internal error" yet. Also, even if I rebooted the ENTM box, I saw the same error at any time. So I cannot avoid the error. However, 7:I tried to change Language in Internet Explorer from ja-JP to en-US. open IE-=^tool-=^internal option-=^general tag-=^Language (So, ENTM WebUI is showed as English.) 8:Then, I tried to show the endpoint. Then, I didn't see the same error and the endpoint was showed. So, 9: I tried to change Language in Internet Explorer from en-US to en-US. open IE-=^tool-=^internal option-=^general tag-=^Language (So, ENTM WebUI is showed as Japanese.) 10:Then, I tried to show the endpoint. | |
| 33 | 4 | ENTM | Fixes an Enterprise Management Server issues where if the My Privileged Accounts page is not refreshed while an account is checked out, the action list remains available even though a check-in event occurred | AC1270906 | All | Code Change- add a condition to cover the case when user check-out an account and leave the My Accounts page open. if and when the privileges revoked from the user or if the account was automatically checked-in, user still could perform Show Password/Copy password to Clipboard and see the new generated password | 1. set account filed Check out Expiration to be 5 minutes 2. check-out the account or autologin putty/rdp session and stay at My Privileged Accounts page 3. Wait for 5 minutes until the account is automatically check-in or close autologin putty/rdp session. 4. do not refresh the screen, Choose action Show password the new generated password is shown | ||
| 34 | 2 | ENTM | Fixes an Enterprise Management Server issue where if a user renames a password policy, the program does not delete the existing job from the quartz table. This results in two jobs for the same policy. Once the redundant job is executed, a NullPointerException error is generated, because the password policy does not exist. | AC1270907 | All | code change- f password policy doesn't exist delete the job from quartz tables. added a check for returned accountId's if not equals to null | 1. create password policy 2. rename the password policy the result is that we have two jobs at quartz tables. one with the old password policy name and one with the new password policy name. the expected is to have only one job for this password policy. as a result of it we have a schedule job(by the old policy name)that is being executed and ended with NullPointerException error | ||
| 35 | 2 | ENTM | Fixes a SAM related issue where a user creates a privileged account request and approves the request but the account is not listed in requestor's My Privileged Accounts | AC1270908 | All | were not handling multibyte characters in Query, Now handling. | 1.Create a endpoint with Japanese characters 2.Discover the Privileged Accounts 3.Login with Requestor and request a Japanese endpoint privileged accounts for approval. 4.Login with Approver and approve the Request. 5.Login with Requestor and will not observe approved privileged account under My Privileged Accounts. | ||
| 36 | 2 | ENTM | Fixes an Enterprise Management Server issue where a capture snapshot operation failed. | AC1270897 | All | When User attribute "User Must Change the password on next logon" is not selected. Then the laspasswordchange value is -1, then the date 1600-12-31 16:00:00.0 not able insert into DB. Now handled correctly if "User Must Change the password on next logon" attribute is selected or not. | If we use user store as AD then create user by disabling "UserMust Change the password on next logon" attribute. run the Capture snapshot will fail. But this was not reproduced on our localenv. | ||
| 37 | 1 | ENTM | Fixes a Cross Site Scripting vulnerability issue for element ScrollPosX, ScrollPosY, facesViewId and application error for element task.tag | AC1270898 | All | request parameters were not encoded prior to sending the request to server | |||
| 38 | 2 | ENTM | Fixes a SAM related issue where the discover shared accounts wizard failed due to incorrect endpoint information parsing in case the root password contains a semicolon | AC1270900 | All | Root password contains semicolon | Create endpoint with root password contain semicolon (;) try to discover accounts | ||
| 39 | 2 | ENTM | Fixes a SAM related issue where a requester cannot view the SAM account requested task in 'View My Submitted Task'. Further, the approver cannot view the same page after checking the "Show approval tasks" option. | AC1270901 | All | ||||
| 40 | 3 | ENTM | Fixes an Enterprise Management Server with Active Directory setup where in Japanese or Korean "Modify User" is enabled however it has to be disabled as with English | AC1270902 | All | The role xml file is having the modify user enabled | Code Changes to update the xml file for AD role definition to remove modify user from the ENTM UI | ENTM with AD setup in Japanese or Korean version is having "Modify User" enabled | |
| 41 | 2 | ENTM | Fixes a SAM related issue where approved accounts are shown in UTC in "Home" , "My Accounts" , "Manage Privileged Account Requests" screens because the received date is in UTC zone is considered as Server Time Zone. | AC1270884 AC1270886 | All | Received date is UTC zone, but considered as Server Time Zone | Converting date time received in UTC zone into client time zone. 1) This is Already approved accounts, currently running 2) Approved future running accounts | 1) Request an account from non-super admin. 2) Login as superadmin or with that permission 3) "Home" -=^ "My Accounts" -=^ "Manage Privileged Account Requests" -=^ Select Request; Displayed start and valid time look are displayed in GMT | |
| 42 | 2 | ENTM | Fixes an issue where errors in the logs are not indicating functional issues and therefore where modified to be shown as warnings | AC1270892 | All | Code change- Changing log report level to warning at addDirectoryAttr method | user store : embedded user store 1. create a user on ENTM WebUI. 2. create a group on ENTM WebUI. 3.add the user which was created by step1 to the group. 4. log-in to the ENTM WebUI as the user. 5. select the following menu. Home-=^Privileged Account Request 6. search endpoint(click search button) getting a list of errors: example: ERROR [ims.llsdk.directory.jdbc.jdbcbase] Table tblUsers does not exist for attribute tblUsers.passworddata. Attribute value will not be saved. | ||
| 43 | 3 | ENTM | Fixes an Enterprise Management Server issue where error messages are recorded in the server log file on user login. | AC1270893 | All | The errors occur when there is a problem finding the users in LDAP/AD. Could be that the DN pointing to the users is pointing to the wrong place or is just incorrect and does not exist or the DN path which points to where the users are located in the directory is invalid. | Need to remove the hardcoded values "cn=Partitions,cn=Configuration," from the search base in case root org contains Organization Unit. | Please make sure root org contains OU along with DC e.g. 'OU=ashisuto,DC=mlitad,DC=local'. You can check the same @ ac-dir in ^=^=ENTM_SERVER=^=^idmmanage 1. Login to ENTM WebUI. check for the error in the server.log javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'OU=ashisuto,DC=mlitad,DC=local' ]; remaining name 'cn=Partitions,cn=Configuration,OU=ashisuto,DC=mlitad,DC=local' | |
| 44 | 2 | ENTM | Fixes an Enterprise Management Server related issue where users could not log in in case the user attempted to log in through CA SiteMinder. | AC1270894 | All | We have a caching mechanism in place, which is not getting cleared when user is logging in through site minder UI but when user is logging in without site minder we are doing it in FrameworkLogin filter after authenticating the user. For Site minder integrated environment this filter will be disabled so it will not go through our authentication process as a result cache will not be cleared. | Clear the cache when the user is login with site minder authentication | Issue#1 1. Create a new admin role with a member rule “who are members of ( group "^=^=GROUP_NAME=^=^" )” 2. Active Directory is having the group defined in above rule with a member in it. 3. Remove the user from the group and login to the ENTM using site minder, user is still able to see the access defined for the user within the group. Issue# 2 1. Login to ENTM using system manager role with site minder authentication. 2. Create the same role with the same member rule as mentioned in last mail. 3. Go to View user and check for the admin role of the user, we will be able to see the admin role created as the user is in the group. 4. Remove the user from the group in AD. 5. Go to View user and check for the admin role of the user, we should not be able to see the admin role created as the user is not in the group now, but customer is seeing the role in the user admin roles section. | |
| 45 | 2 | ENTM | Fixes an issue where email notification is sent when a Privileged Account Request is getting deleted. | AC1270871 | All | The Email Notification functionality is not yet implemented for cancel event | Code Changes to send mail notification and new folder "cancelled" need to be created @ JBOSS server location with the templates ^=^=JBOSS_HOME=^=^serverdefaultdeployIdentityMinder.earcustomemailTemplatesdefaultcancelled | 1. add email event on Management Console On Management Console, navigate to [Environments] - [ac-env] - [Advanced Settings] - [E-mail] and select following events from [event] drop down list and click [Add]. Then, click [Save] and [Restart]. 2. log into EntM WebUI as requester 3. create request Privileged Account Request navigate to [Home] - [My Accounts] - [Privileged Account Request] and create request. -=^ this sends mail notification for CreatePrivilegedAccountExceptionNotStartedEvent using pendingCreatePrivilegedAccountExceptionNotStartedEvent.tmpl 4. cancel the request navigate to [Home] - [Self Manager] - [View My Submitted Tasks] and open detailed log for the Privileged Account Request Task and click [Cancel this Task] button. Expected Result: Expect that mail notification is sent for the event Actual Result: No mail notification was sent to the user | |
| 46 | 2 | ENTM | Fixes a SAM related issue where after modifying the Privileged Account Request role, the user assigned an account, removed it and selected another account and then submitted the request. The results is that the request is sent to both accounts | AC1270872 | All | there is no condition specified to check if user already exist in the list to submit request for approval | Condition added to check if user already exists in this list of request and every time assigning a new userlist to the list of request | ||
| 47 | 2 | ENTM | Fixes a SAM related issue where a user performs an auto login for the already checked out account the status appears as fail in the audit records. | AC1270877 | All | If we try to perform auto login for the already checked out account, we check is account checked out or not, if the account state is checked out, so we can’t checkout the account, takes the previous password with that will logging into putty session then update checked out status as failed in audit as account already checked out. Changed the behavior. | 1.Checkout the Privileged Account 2.Autologin putty session with already checked out account 3.After login into putty session go to Privileged Accounts-=^Audit-=^Audit Submitted task and check the status of this event will observe status as failed. |