Virtual Appliance Release Notes - 14.1

This Release Notes contains the following sections:
cis141
This Release Notes contains the following sections:
Product Enhancements
The following behaviors have been changed in this Service Pack:
Support Ticket
Engineering Ticket
Enhancement description
Additional Deployment Instructions
Internal
US348634
Removed default passwords from the product
Internal
F37115
Support for Amazon AWS
Internal
F25797
vApp: demo environments
Introduced 2 demo modes:
  1. Default demo
    :
    1. Deployment Xpress repository from the 14.1 ova packaging date (31.7.2017)
  2. Custom demo
    :
    1. Requires an external "
      Demo archive
      " file which can be created from any 14.1 vApp using the "
      createDemoArchive
      " alias.
      This alias dumps the data of a vApp 14.1 deployed in "Demo" mode (using only a single node, and the embedded database) to an archive.
    2. This archive can later be used to deploy another vApp 14.1 in Demo mode (single mode only) that will contain the data from the Demo archive.
Internal
F40743
Security Hardening
Defects Fixed
The following defects have been fixed in this Service Pack:
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risk
00759206
DE296910
Unable to use password with "$" character for external DB
Added support for complex passwords
Low
00733641
DE290318
ID Suites vApp Vulnerabilities
Disabled weak ciphers in SSL server
Low
00759039
DE296705
vApp not able to re-deploy a machine with the same IP address of an already removed machine.
Added a "remove_failed_node_ssh_fingerprint" alias
Low
00767100
DE299038
Need to increase the SQLQueryLimit into workflow.rar/META-INF/ra.xml
The custom workflow.rar/ra.xml file is at: /opt/CA/IdentityManager/standalone/deployments/iam_im.ear/workflow.rar/META-INF/ra.xml
Low
00768301
DE299434
Unable to Modify session timeout in vApp (/opt/CA/VirtualAppliance/custom/IdentityManager/config/session-timeout)
Session timeout file is at /opt/CA/VirtualAppliance/custom/IdentityManager/config/session-timeout
Low
00766985
DE299492
Allowed modifying the <failover-on-shutdown> value
Edit /opt/CA/VirtualAppliance/custom/IdentityManager/config/failover-on-shutdown and restart IDM to apply the change in standalone.xml
Low
00769924
DE300022
Write access to customize the CA Identity Manager task-related confirmation pages (Release Notes is in: HF-DE300022-20170726-0001)
The fragmentation pages are located on /opt/CA/wildfly-idm/standalone/deployments/iam_im.ear/user_console.war/app:
  • confirmation_fragment
  • confirmation_page
  • error_fragment
  • error_page
Symbolic links to the fragmentation pages are created on the "custom" directory:
/opt/CA/VirtualAppliance/custom/IdentityManager/fragmentation_pages
Low
00776975
DE305119
Allow updating /opt/CA/IdentityManager/ConnectorServer/jcs/conf/override/ora/SAMPLE.connector.xml
Allowed recursive modify permissions for /opt/CA/IdentityManager/ConnectorServer/jcs/conf/override
Low
Internal
DE295572
vApp to allow change to CA Identity Governance maxElementsInMemory
Cache-limits configuration file is at: /opt/CA/VirtualAppliance/custom/IdentityGovernance/cache-limits/ehcache-sageDal.xml
Low
Internal
DE298474
Allow updating CA Identity Manager NIM Credentials
Custom NIM configurations are in /opt/CA/VirtualAppliance/custom/IdentityManager/NIM-SM/
Low
Internal
Internal
Missing modify permissions for the resolv.conf file (for DNS configuration)
Low
Internal
Internal
JCE (Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy) is required for deployment (A BSAFE-BouncyCastle requirement that is introduced in the 14.1 point-products)
Low
Internal
Internal
Support for configuring a default multicast address for WildFly
Multicast configuration file is at: /opt/CA/VirtualAppliance/custom/IdentityManager/config/jboss-default-multicast-address
Low
Internal
Internal
Allow manually performing Java Connector Server endpoint registration
Added alias: registerJavaConnectors
Low
01297486
DE405965
The Post-Events feature did not work on vApp.
The Post-Events feature allows the user to resubmit events that get stuck in-progress. Made chages to allow post even feaute to function properly.
Low