1300960

DE406839

Nested Group scoping does not work for roles and policy sets.

Implementation issue.

HIGH

1315103

DE410555

The "Audit Reset Password" report shows wrong data.

The query used to extract the audit records caused the issue.

HIGH

1342662

DE413829

Post upgrade of Identity Manager, the application server fails to start.

The Audit Database Cleanup schema for Microsoft SQL and Oracle is not updated with the latest schema changes.

HIGH

1300960

DE412655

The Membership tab under the Group screen contains blank entries.

Implementation bug due to which the group information is also displayed in the Membership tab.

HIGH

2001346

DE422300

SOAP queries from Policy Xpress Action elements fail with a NullPointerException after upgrading Identity Manager

SOAP HTTP Header caused the issue.

HIGH

20021961

DE424201

Inbound notification filtering issue.

Missing inbound notification filter caused the issue.

HIGH

1304437

DE415777

Sensitive user data is exposed in the View Submitted Task (VST).

The metadata attribute "vst_hide" which controls the visibility of a property is disabled.

HIGH

20032048

DE426426

Database session is blocked.

The taskNumber sequence is not cached.

HIGH

20022743

DE423881

Linking errors in the custom Java code.

Identity Manager sources too many libraries; now it is limited to specific libraries.

HIGH

1259283

DE430745

Suboptimal query filter caused CPU starvation.

Regression of DE294526.

HIGH

1371067

DE419908

Identity Manager does not function properly as the majority of the tasks are stuck in the In-progress status until the Identity Manager server restarts.

Implementation bug.

HIGH

1192626

DE401856

Create or modify user task failed while evaluating the configured policies.

Issue with the Status attribute setting.

HIGH

1312267

DE411784

Few Policy Xpress policies fail with null pointer exception.

Null pointer exception is triggered as few attribute values are not saved in a task session.

MEDIUM

1294359

DE413038

Actions related to "SynchronizeUserProvisioningRolesAddAccountsEvent" are failing.

Regression issue due to the removal of "SynchronizeUserProvisioningRolesAddAccountsEvent" event.

MEDIUM

1309929

DE408149

On submission of the Modify User task, the Policy Xpress Policy of Type=UI does not perform Outbound Sync to the Provisioning Server.

When the password attribute is changed, the "Modify User" task sends Account Sync twice and behaves inappropriately.

MEDIUM

1372243

DE422629

Getting the following error while viewing the Logical Attribute Handler definitions in the Management Console:

Exception occurred as few classes are not defined for Resource Bundles.

MEDIUM

1371557

DE421561

Policy Xpress Soap Query results in an error:

DE400864 caused regression issue.

MEDIUM

1336542

DE417024

Search for SAP Accounts in the Provisioning Manager retrieves all the SAP roles (including Compound roles) but the search fails from the Identity Manager User Console interface.

Implementation bug.

MEDIUM

20034492

DE427034

Identity Manager Management Console is vulnerable to user enumeration.

-

MEDIUM

1317563

DE409290

Identity Manager performance degrades with group management.

Group evaluation for administrative groups (groups administering other groups) is not optimally returning Boolean evaluation (true or false), and is not leveraging GROUP_ADMIN_GROUP property.

MEDIUM

20041089

DE427444

The LDAP error 53 sent as a response in the TEWS call made to Identity Manager, contains an invalid character that invalidates the xml and blocks the service that made the SOAP call.

The TEWS response XML is unable to parse as it contains {nul} character.

MEDIUM

20052127

DE429142

Policy Xpress Policy SOAP Query failed with the following error: "Failed running web service" which was caused by "Could not send Message.;HTTP response '403: Forbidden' when communicating with http://hostname/iam/im/TEWS6/env?wsdl".

Basic authentication included extra checks which resulted in the error.

MEDIUM

20019079

DE423354

Cross Site Scripting (XSS) attack on the bulk load tasks in Identity Manager.

Missing of input validation and data encoding before displaying the data on the screen caused the XSS attack.

MEDIUM

1318280

DE409313

Identity Manager does not render HTML tags properly.

An XSS issue caused the problem. Unescaping the HTML encoding solves the issue.

MEDIUM

20066284

DE432004

On navigating directly to some of the JSP files, the detailed technical information is exposed to the end user.

Exception is not handled properly.

MEDIUM

20024621

DE424535

Accept-Language value is ignored when using xx-XX syntax (For example: fr-FR for French). In the Identity Manager User Console login page, French is not shown in the language drop-down.

Regression of DE349415.

MEDIUM

20071627

DE434550

Table Fragmentation in Oracle Database.

Error while processing an update event with BLOB data type.

MEDIUM

1322762

DE409655

In the Role Definitions xml file, few well-known strings are misspelled.

Misspelled well-known strings need to be corrected.

LOW

1207758

DE400864

TEWS requests submitted via Policy Xpress policy actions are failing when Identity Manager is integrated with Single Sign-On.

Identity Manager is unable to parse Set-Cookie value from the response header.

LOW

1332650

DE411802

Provisioning Server / Connector Server hangs and slows down the application server resulting in continuous server restart.

Enhancement to allow Runtime Status Detail Service to skip JMS and talk to database directly.

LOW

1296416

DE415976

Long response time when searching for an Account Template.

Enhancement to speed up the search time for the account templates.

LOW

1278810

DE408197

A user who is disabled after the configured number of failed login attempts, is able to access Identity Manager after providing correct login credentials in the next attempt.

GET request is not handled properly in frameworkloginfilter.

LOW

1296852

DE420500

Few system tasks caused Identity Manager performance degradation.

Enhancement to improve the performance of Identity Manager.

LOW

20045033

DE428239

REST services called via a policy do not accept the Date Time Stamp in the header.

Header value is not retrieved in a proper order.

LOW

1304437

DE408963

When updating an Active Directory Account template for Logical attributes, passwords are recorded in plain text in View Submitted Task (VST).

Additional Instructions: Perform the following steps after applying Identity Manager 14.3 CP1 patch:

In the Identity Manager Management Console, navigate to
Environments
,
<YourEnvironment>
,
Advanced Settings
.
Click
Import
and select the
EnvironmentSettings.xml
file.
Click
Finish
. Ignore warnings, if any.
Click
Continue
and then click
Restart Environment
.
To confirm that the fix is applied successfully, check if the new handler with name HideScreenLogicalAttributes is present at
Home
,
Environments
,
<YourEnvironment>
›
Advanced Settings
,
Logical Attribute Handlers
.

LOW

20020798

DE428104

Post upgrade of Identity Manager, the Explore and Correlate functionality does not work.

Account container is not defined for the Explore and Correlate definition.

LOW

20063058

DE434635

When searched for <Attribute Field>= *, the fields with empty values are part of the search results.

Implementation issue.

LOW

1291433

DE404940

Unable to trigger workflow on the Modify Active Directory Group task events.

Implementation bug.

LOW

1317569

DE409365

In a Bulk Task operation, the "Dates Filter" field does not function correctly.

The Date attribute value comparison is done as a string.

LOW

1291085

DE404413

The Active Directory connector logs messages without adhering to the endpoint logging configuration.

Improper implementation of Endpoint logging configuration.

HIGH

1351534

DE419346

Enable support for ACF2 Passphrase.

The Attribute

eTACFPasswordPhrase

is marked with

isHidden

true. Hence the attribute is hidden in the Account Attribute field of the Attribute Mapping tab.

HIGH

1362475

DE417705

Provisioning Server ran out of available threads.

Insufficient memory for the Provisioning Server (IMPS) service to run smoothly.

HIGH

1327076

DE410537

Suppression hotfix is not available in the Identity Manager patch.

-

HIGH

1347296

DE415665

The im_ps service on the Provisioning Server crashed unexpectedly.

An attempt to access invalid memory caused the issue.

MEDIUM

716430

DE286441

Active Directory connector performance is degrading.

The fix provided for DE224320 has degraded the performance of an Active Directory connector. As a fix to DE224320, timeouts between Lync Operations at Connector were introduced.

MEDIUM

20009154

DE421424

Provisioning Server crashes.

Provisioning Server tries to use an invalid connection and crashes.

MEDIUM

1347256

DE415589

CA TopSecret V2 connector is unable to update account profiles.

Incorrect account profiles synchronization logic.

MEDIUM

1363897

DE418312

Oracle Application responsibilities are not end dated.

Additional Instructions: To end date all existing Oracle responsibilities on account deletion, set the environment variable ENDDATE_RESP_ON_DELETEACCOUNT to 1 in the C++ Connector Server. Next, start the server.

LOW

1214849

DE402848

Connection error while creating a Home Drive on a File/Print server for a new user.

Retrial of API "WNetAddConnection2"fixed the customer issue.

LOW

1342920

DE421604

When an endpoint is explored and the Provisioning Server cannot access the endpoint, it generate a Child Delete action.

Since C++ Connector Server is crashing more often, it confuses Provisioning Server to believe that an endpoint does not exist.

LOW

20024234

DE424462

Account creation fails when unicode characters are present in the custom attributes.

Incorrect handling of unicode characters in the codebase.

LOW

20050348

DE428962

Unable to delete Inclusion (relationship) between User and Account by using etautil.

etautil ran into a deadlock state on deleting an inclusion(relationship).

LOW

1302374

DE406342

Exception is thrown when a parameter is declared as "IN OUT" in a stored procedure for any JDBC dynamic connector.

JDBC connector does not support "IN OUT" for a parameter.

HIGH

1279957

DE404268

Identity Manager does not honour Unix v2 connector password algorithms.

Unix v2 connector code uses fixed algorithm to encrypt account passwords.

HIGH

20016139

DE422987

AIX account password appears as plain text in the Korn Shell history.

Regression of DE404268.

HIGH

20063307

DE432748

OS400 connector ignores password policy rules defined on the endpoint.

Regression of CQ (133504).

HIGH

1321843

DE409536

Connector Server does not update Oracle account password even though it says success.

The correct authentication type is not passed in the method argument.

MEDIUM

1230790

DE396742

LDAP DYN connector fails to delete endpoint accounts with the following error: "javax.naming.NamingException DELETE operation skipped java.lang.ArrayIndexOutOfBoundsException: 1"

LDAP DYN connector fails to synchronize accounts with ArrayIndexOutOfBounds exception.

MEDIUM

1299628

DE407210

An account is created on the UNIX v2 endpoint with no password but shows account creation as failed in Identity Manager.

Account creation on UNIX V2 endpoint fails if the parent directory of the specified home directory does not exist.

MEDIUM

1351913

DE416392

When HP-UX account is locked due to many failed login attempts, the account status still remains 'Active'.

The account status is not shown correctly after maximum tries.

LOW

1340417

DE413353

The fix provided as part of DE404442, did not completely fix the issue.

As part of DE404442, enhanced the limit of eTDYN-str-multi-xx from 500 to 800. The same limit has to be applied for Connector Xpress.

HIGH

20073615

DE434302

Test connection between Connector Xpress and SCIM 1.1 endpoint fails with a null pointer exception.

Connector Xpress accepts canonicalValues ONLY in the format "canonicalValues": [{"value":"mr"},{"value":"ms"}] but not "canonicalValues": [ "mr","ms"]

MEDIUM