CP-IMV-140100-0007 Release Notes

The following defects have been fixed in this Cumulative Patch:
cis141
The following defects have been fixed in this Cumulative Patch:
CA Identity Manager Server
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risk
1090391
DE366188
Attribute encryption fails to revert.
The "PreviouslyEncrypted" data classification that is used to decrypt an attribute value fails to consider modified values.
HIGH
1101486
DE367360
CA Identity Manager performance degrades on server start.
Data type conversion takes more time.
HIGH
1169153
DE385517
When Policy Xpress triggers REST call, a null pointer exception is thrown.
Policy Xpress engine unable to retrieve environment details.
HIGH
Internal
DE384133
While creating a user using Bulk Loader, unable to assign Provisioning Role to a user on the Active Directory endpoint.
A temporary password which is created by CA Identity Manager does not match with the Active Directory password policy.
HIGH
1138740
DE376778
Unable to request a report from CA Identity Manager User Console.
Each time a user requests a report, the existing datasource details on CA Business Intelligence Jaspersoft reports server are overwritten with the Snapshot database details.
MEDIUM
Internal
DE368951
When two user roles are associated with endpoints that are offline using Policy Xpress, only one role is getting assigned to the user.
The "NotCompleted" and "PartiallyCompleted" states are not added to the Policy Xpress. When one of the events goes to "NotCompleted" or "PartiallyCompleted" state, Policy Xpress assumes as the final state and does not proceed to the other event.
MEDIUM
1159111
DE379110
Policy Xpress SOAP query to external applications fails with error "Envelope does not exist".
The default "Service_Method" setting is set to Payload instead of Message.
MEDIUM
1078645
Entitlement changes (Account to Groups) are not reaching CA Identity Governance for custom connectors.
Live notification changes are not getting generated because the AnalyticsEvent implementation is not proper for few relationship events.
MEDIUM
1177373
DE383267
When Offline Endpoint feature is disabled, erroneous password propagation is observed.
Password propagates to an account even when "isPwdPropDisabled "is selected on the endpoint that is marked offline.
MEDIUM
1095616
DE366541
Unable to assign groups membership to users if that group is outside of the first 10,000 search results.
This is an enhancement to secondary group searches.
MEDIUM
1142424
DE375743
When "Endpoint Request Retry" is enabled, CA Identity Manager sends modify account operations.
When the "Endpoint Request Retry" operation is enabled, the provisioning operation is split into individual operations so the sync command is not required. But after a task completes, CA Identity Manager sends an extra eTSyncAccounts=1 to Provisioning Server, which results in sending password update twice to the endpoint.
MEDIUM
1153590 
1146705 
DE379982 
In CA Identity Manager User Console -> Modify Users Endpoint screen, cross domain manager is not visible.
No support for cross domain managers, hence you cannot view cross domain managers in CA Identity Manager User Console -> Modify Users Endpoint screen.
MEDIUM
1070615
DE372343
In CA Identity Manager, notification events are not managed correctly.
* BLS configuration is not replicated in all URLs.
* CA Identity Manager Provisioning Server always reads the settings from the first URL in the list.
MEDIUM
1125855
DE374674
While modifying a scheduled cron job, the Advanced Schedule field does not display the configured value thus resulting in an error.
The system failed to interpret hours and minutes parameters from the advanced cron job value.
MEDIUM
1132148
DE375817
On disabling CA Identity Manager Management Console, an exception is thrown.
On disabling "AccessFilter", a null check is missing for "ManagementConsoleAuthFilter". 
MEDIUM
990365
DE360167
Export of Role Definitions takes too long in an environment with numerous provisioning roles configured.
Search operation was not optimized.
MEDIUM
1114635
DE376132
DE371108
The time that is taken by the "Modify Endpoint Group" task to search user account and group was too high.
Search operation was not properly optimized.
MEDIUM
1125056
DE375710
Querying for a single user account in Active Directory degrades performance.
This is an enhancement to improve performance of Active Directory search operation.
MEDIUM
1091805
DE368018
The Policy Xpress event "AddToGroupEvent" fails to add a user account to a group.
Global user is unable to locate its account in the endpoint.
MEDIUM
1143283
DE375741
CA Identity Manager sends eTSyncAccounts=1 by itself if unmapped attribute changes.
Committed attributes are kept in user instance that are passed to "ModifyUserEvent". This causes "ModifyUserEvent" to send SyncAccounts=1 to the Provisioning Server.
MEDIUM
1143240
DE376030
In CA Identity Manager User Console, cross domain users are not available in the Member tab of Active Directory Group.
The cached items are not managed properly. The used iterator class has a different behavior unlike Java iterator.
MEDIUM
1062202
DE361440
On making a SOAP/REST call using Policy Xpress, the tasks gets infinitely stuck in-progress state when the web service from the third party does not respond.
The Web Service time-out scenario was not implemented.
LOW
1130210
DE374969
In TEWS, when Bulk Loader task is configured with Custom Attribute Name for Object's Unique identifier, the user modification and deletion tasks are failing.
The Custom Attribute (Unique Identifier) of the Bulk loader task does not work for the searchable attribute.
LOW
1143662
DE375935
When a user other than initiator resubmits a task, it fails.
This is an enhancement to resubmission task TEWS API.
LOW
1116937
DE370156
The live notification process fails with 403 Authorization error when CA Identity Governance integrates with CA Identity Manager.
API call fails with 403 error because CA Identity Governance roles are missing from the administrators' authorized list of roles. 
LOW
1130650
DE373708
The status of the RACF endpoint is shown as UNAVAILABLE.
Ambiguity in reading the status value of the RACF endpoint.
LOW
1156461
DE379350
An error is thrown while trying to change user password using Change Password Task in CA Identity Manager.
This is an enhancement to Active Directory Authentication configuration where the password change will not propagate (optionally) to Active Directory.
LOW
1116937
DE370156
Unable to synchronize CA Identity Governance with CA Identity Manager using full continuous export feature.
Every time CA Identity Governance requires configuration secret key from CA Identity Manager, it makes REST call which modifies configuration object resulting in a 403 error in CA Identity Manager.
LOW
CA Identity Manager Provisioning Server
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risk
1150133
DE377509
On performing synchronization operation, "msExchPoliciesExcluded" value is not populated in the Active Directory account.
This works as expected; weak synchronization does not consider new payload values if it is already set in an account.
HIGH
1084916
DE365495
CA Identity Manager Provisioning Server crashes without throwing any error in the log file.
The im_ps service exceeds maximum memory usage limit (~3GB) due to memory leaks.
HIGH
1142220
DE375541
In LDAP Dynamic connector, user synchronization with account templates was throwing an exception.
The ForceModifiedMode flag for compound attributes was not considered during "User Sync with Account Templates" operation. 
MEDIUM
1104521
DE378137
On configuring Skype for Business, the following exception is thrown:
"Revoke of the skype role->skype template does not revoke the skype access."
Regress of DE371409 fix.
MEDIUM
1070615
DE372343
In CA Identity Manager, notification events are not managed correctly.
* BLS configuration is not replicated in all URLs.
* CA Identity Manager Provisioning Server always reads the settings from the first URL in the list.
MEDIUM
1008210
DE361643
ADS Account custom attribute (eTADSpayload) is not getting updated properly via Secure Cloud and CA Identity Manager User Console.
ADS connector does not handle eTADSpayload attribute properly.
LOW
97610
DE369553
Maximum open cursors in an Oracle Applications' endpoint exceed the set limit.
The problem occurred due to a memory leak.
LOW
1084054
DE364482
Provisioning server crashes intermittently on Linux.  
The Provisioning Server crashes when the simultaneous connections exceed 1024 limit.
LOW
CA Identity Manager Connector Server (JCS)
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risk
1124478
DE376246
UNIX v2 Connector is unable to pull user accounts from an endpoint.
A search operation on user groups returns multiple groups resulting in an error.
HIGH
1151331
DE380001
CA Identity Suite behavior is different for OVA and AMI.
PAM connector version which is higher than 2.5 expects a new attribute flag 'resetPasswordFlag' for password changes to suppress or unsuppress "Password Must Change on Login" in PAM login User Interface. If this flag is not set in the PAM request and password is updated, then PAM treats this flag value as set to true and forces the user to change the password on first login after password change from CA Identity Manager.
HIGH
1172578
DE381821
JCS startup takes too long.
JCS configuration has references to the old Google Apps connector.
HIGH
1144156
DE381138
Performance issue while creating a user account in CA Top Secret (TSS) endpoint.
Since customer data for profile has huge number of associated data, pulling data from an LDAP call from CA Top Secret (TSS) endpoint causes performance issue.
MEDIUM