MSI | MS-9856 | Technical data | MSI MS-9856 Technical data

Oracle® Enterprise Single Sign-on
Logon Manager
Release Notes
November 2007
Oracle Enterprise Single Sign-on Logon Manager Release Notes, Release
Copyright © 2006-2007, Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information; they
are provided under a license agreement containing restrictions on use and disclosure and are also protected
by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly,
or decompilation of the Programs, except to the extent required to obtain interoperability with other
independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems in
the documentation, please report them to us in writing. This document is not warranted to be error-free.
Except as may be expressly permitted in your license agreement for these Programs, no part of these
Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
If the Programs are delivered to the United States Government or anyone licensing or using the Programs on
behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data
delivered to U.S. Government customers are "commercial computer software" or "commercial technical data"
pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As
such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation
and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license
agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently
dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup,
redundancy and other measures to ensure the safe use of such applications if the Programs are used for such
purposes, and we disclaim liability for any damages caused by such use of the Programs.
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third
parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites.
You bear all risks associated with the use of such content. If you choose to purchase any products or services
from a third party, the relationship is directly between you and the third party. Oracle is not responsible for:
(a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the
third party, including delivery of products or services and warranty obligations related to purchased
products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from
dealing with any third party.
Release Notes
Oracle Enterprise Single Sign-on Logon Manager
November, 2007
Oracle is releasing version of Enterprise Single Sign-on Logon Manager (ESSO-LM). ESSOLM version is the latest edition of the ESSO-LM Agent and Administrative Console. These
release notes provide important information about this release. The information in this document
supplements and supersedes information in the ESSO-LM product documents.
The following topics are discussed:
What’s New in .................................................................................................... 4
What’s Changed in 6
Resolved Issues.................................................................................................................. 7
Open Issues ........................................................................................................................ 9
Hardware and Software Requirements............................................................................. 10
Technical Notes ................................................................................................................ 17
Product Documentation..................................................................................................... 19
ESSO-LM Release Notes
What’s New in
The major new features of this product include:
Enhanced Passphrase Support
The new Passphrase Questions menu in the ESSO-LM Administrative Console provides
convenient, comprehensive control over passphrase creation, policy distribution, and
enforcement. You can locate this new functionality in the Administrative Console under
Passphrase Questions in the tree menu. For more information, navigate to this feature and see
the ESSO-LM Administrative Console online help.
Enhanced Trace Logging
To facilitate support and troubleshooting procedures, ESSO-LM now includes a utility for
enhanced trace logging. For more information, refer to the How to use Trace Logging document
included in the ESSO-LM online document center.
GINA Replacement for VISTA Added
Network Provider replaces GINA for use with Windows Vista.
Enabled Regular Expression and Wildcard Matching for Web URLs
When creating a web template the user now has the additional options to use regular expressions
or wildcard matching for the URL. For more information, refer to the Administrative Console
online Help.
Console Version Reference Added to the XML File
In order to facilitate troubleshooting, a reference to the version of the Administrative Console has
been added to the XML file.
Support for Database Event Logging
ESSO-LM now provides support for event logging to SQL and Oracle databases. You can locate
the settings for this new functionality in the Administrative Console under Global Agent Settings
> Event Logging > Database. For more information, refer to the Administrative Console online
Support for Dynamic Control IDs
ESSO-LM now provides support for applications that have Control IDs which change each time
the application runs. For more information, refer to the Administrative Console online Help.
Support for OpenLDAP 2.2
ESSO-LM now provides support for OpenLDAP 2.2. The latest version of OpenLDAP requires the
CN attribute to exist in order to store credentials.
Support for JRE 1.6.0_01
ESSO-LM now provides support for JRE 1.6.0_01.
What’s New in
Support for IBM Java
ESSO-LM now provides support for enabling automatic installation of JHO files. For more
information, refer to Optional Software Support.
Prepopulate Option Added to Session Manager Settings
In the Administrative Console, the Global Agent Settings > Kiosk Manager settings now
include an option to prepopulate fields at startup. This setting enhances session functionality
when ESSO-AM is not present. For more information, refer to the Administrative Console online
ESSO-LM Release Notes
What’s Changed in
The major changes in this product include:
Support for Hummingbird HostExplorer 9.0 Has Been Removed
ESSO-LM no longer supports Hummingbird HostExplorer 9.0.
Updated Novel Client Pre-Defined Template
The pre-defined template for Novel Client has been updated in the Administrative Console to
support version 4.91 SP3.
Improved Performance With LDAP-Based Repositories
The Administrative Console now has the ability to display many objects in an ADAM repository
with improved performance.
Documentation Available Online
Technical documentation is no longer bundled with the product. It is now available online at:
Resolved Issues
Resolved Issues
Issues that were reported in earlier releases that have been resolved in this release include:
Description of Issue
ESSO-LM deleted a Java applet’s Logon form control information when adding a Change Password
form with SendKeys to the template.
ESSO-LM did not accept credentials when using OpenLDAP 2.2.
ESSO-LM did not differentiate between SAP 6.20 Logon and Password Change screens.
ESSO-LM client did not respond to AppWorx password change screen due to a Java error.
ESSO-LM did not update Java support automatically to accommodate the current version.
Credential Sharing Groups functioned incorrectly for the username field.
ESSO-LM did not accept a URL value longer than 28 characters when creating a new entry through
the Client application.
Web Viewer did not display credentials beyond the first page.
The username text in the Web Viewer logon was difficult to read.
Templates imported into the console prior to password generation policies cleared the template’s
association with the policy.
Some Java applets locked up with ESSO-LM Java support installed.
ESSO-LM responded slowly to an SAP window when there were multiple templates configured with
field matching.
SAP behaved erratically when using SAP scripting and ESSO-LM.
The reference fields did not refresh to reflect current data in a template.
Web Viewer displayed lists incorrectly when switching view options.
Password change did not support combo boxes when configured in the logon template.
SSOBHO.exe caused the Add New Logon dialog prompt to loop infinitely when directed to a URL.
ESSO-LM caused a web browser to hang when directed to a URL.
ESSO-LM did not disable the shared fields when using shared groups. The fields were pre-filled but
still available for changing.
The MHO timer worked inconsistently, displaying the logon prompt at different intervals following a
“Not Now” response.
With the Startup/Shutdown event and CleanupOnShutdown enabled, ESSO-LM logging did not
record a shutdown event.
Launching a Java application from within an Internet Explorer window caused the system to hang
while SSObho.exe was running.
When using COs, host or web applications in a Credential Sharing Group could not be brought back
to the Administrative Console.
ESSO-LM Release Notes
Description of Issue
Some applications responded slowly with ESSO-LM installed.
ESSO-LM switched a tab and brought the logon fields into view even though the Agent was
configured to exclude the website.
Adding a host or web application when using COs disabled the application and displayed an
incorrect Credential Sharing Group in Logon Manager.
ESSO-LM Launcher did not process the “command” switch correctly.
Firefox terminated unexpectedly during shutdown after a period of use.
ESSO-LM slowed the response of an application that used a Java applet.
ESSO-LM slowed addition of application templates when adding them to an ADAM instance after
enabling Provisioning permissions.
Modifying an existing logon from a previous encryption caused the Agent to terminate unexpectedly.
Multiple servers in AD settings did not synchronize the user properly with Trusted Domains.
The V2 authenticators read the user and domain names from an incorrect registry location.
In Add New Logon wizard, the username field remained disabled when selecting “Exclude from
password sharing group.”
When using Credential Sharing Groups and adding the logon for the first time, the username field in
the New Logon wizard was pre-populated and disabled on some applications.
ESSO-LM Client did not respond to some applications on startup.
ESSO-LM does not permit the user to learn and fill a web application through an RDP session on
Terminal services when another RDP session is running.
Using Scrolling Screen Emulator, ESSO-LM displayed the “Logon Error” dialog box instead of autosubmitting.
The title bar icon disappears when navigating to a website with a logon.
Open Issues
Open Issues
Issues that remain open in this release include:
Changing applications from one credential sharing group to another may cause problems.
For correct functionality, create a new group or a new configuration.
Japanese agent does not submit double-byte characters to mainframe host applications
ESSO-LM may stop responding to web applications intermittently.
DOS applications incorrectly handle credentials containing the ‘@’ symbol.
A Visual Basic application terminates unexpectedly when sending macros to a PCom 5.8
The authenticator hangs when using /forceverify after a change password.
ESSO-LM is not responding to PCom 5.7.
ESSO-LM freezes after hibernation/standby, when moving from an Ethernet to a wireless
connection or after the LDAP password has changed.
ESSO-LM hangs after the LDAP password has changed.
ESSO-LM does not support templates for Firefox popup windows.
In Microsoft Vista the “Use GINA” feature in ESSO-LM does not lock the workstation.
ESSO-LM Release Notes
Hardware and Software Requirements
The ESSO-LM hardware and software requirements are listed under the following sections:
• Supported Operating Systems
• System Requirements
o Disk Space Requirements
o Memory Requirements
o Processor Requirements
• Software Prerequisites
o Microsoft .NET Framework
o Windows Installer
o Repositories
o Browsers
• Optional Software Support
o Java
o Host Emulators
o Windows Event Logging
o Citrix MetaFrame
o Presentation Server
Supported Operating Systems
The ESSO-LM components are supported on the following Operating Systems:
Operating System
Versions Supported
Microsoft® Windows® 2000
Microsoft Windows XP Professional
Microsoft Windows Server 2003
Microsoft Vista
Business Edition, v2
Hardware and Software Requirements
System Requirements
The ESSO-LM components system requirements are as follows:
Disk Space Requirements
Disk space requirements for the Agent
Minimum, excluding
temporary space and
runtime expansion
Temporary disk space (/tmp)
needed during installation
For runtime expansion
(configuration data and logs)
30 MB
30 MB
2 MB / user
30 MB
45 MB
2 MB / user
Disk space requirements for the Console
Minimum, excluding
temporary space and
runtime expansion
Temporary disk space (/tmp)
needed during installation
For runtime expansion
(configuration data and logs)
20 MB
15 MB
2 MB / user
20 MB
65 MB
2 MB / user
Other disk space requirements
The following components require additional disk space requirements:
• Microsoft Windows Installer: 20 MB hard drive space (if not present and if used)
• Microsoft .NET Framework 2.0: 20 MB hard drive space (if not present)
A note about MSI installer vs. EXE installer
The disk space requirements are different for the MSI and EXE installers as there are differences in the
capabilities of these installers:
• The EXE installer file includes Microsoft .NET Framework version 2.0, which is a requirement
for the SSO Administrative Console.
• The EXE installer file can be run in multiple languages. The MSI file is English-only.
• The MSI installer package is a database file, used by Windows Installer. This is a standard
format used by installers from Microsoft and other vendors, and many other installers can read
MSI files. The Microsoft Windows Installer exists as a service (Windows Installer) on all
Microsoft Windows 2000/XP computers (refer to Microsoft Knowledgebase article #q255905).
You can customize the MSI package to meet special requirements, such as:
o Providing custom applications and SSO agent configurations.
o Deactivating some options or components (i.e., different authenticators) before the end
users install the Agent themselves.
o Adding options or components to accommodate a complex environment, for example,
one using biometric security devices or having an unusual network topology.
ESSO-LM Release Notes
Memory Requirements (ESSO-LM Application + Operating System)
Memory requirements for the Agent
• Minimum: 256 MB RAM
• Recommended: 512 MB RAM
Memory requirements for the Console
• Minimum: 256 MB RAM
• Recommended: 512 MB RAM
Memory requirements for Microsoft Vista
• Minimum: 512 MB RAM
• Recommended: 1 GB RAM
Note: Although this application can run in an environment with the minimum amount of memory installed,
the computer’s memory usage should be monitored and additional memory added as needed. A low
memory condition can cause this application to fail.
Processor Requirements
Processor requirements for the Agent and Console
• Minimum: 1 GHz processor
• Recommended: 1.6 GHz processor
Software Prerequisites
The ESSO-LM components software prerequisites are as follows:
Microsoft .NET Framework
• Microsoft .NET Framework 2.0 is required for Administrative Console.
Windows Installer
• Windows Installer 2.0 is required for the MSI installer file.
Hardware and Software Requirements
The ESSO-LM components require one of the following repositories to be installed:
Versions Supported
Microsoft Active Directory
2000, 2003
Microsoft Active Directory Application Mode
2003 SP1
IBM Tivoli Directory Server
Sun Java System Directory Server
5.1, 5.2
Oracle Internet Directory
Novell eDirectory
8.8 SP1
Open LDAP Directory Server
2.0.27, 2.2
Critical Path Directory Server
IBM DB2 Database
Oracle Database Management System
Microsoft SQL Server
The ESSO-LM components require one of the following browsers to be installed:
Versions Supported
Internet Explorer
6.0 SP1, 7.0
Mozilla Firefox
1.0, 2.0
ESSO-LM Release Notes
Optional Software Support
• Java support: Java Runtime Environment (JRE), version 1.3, 1.4, 1.5, 1.6
o The JRE must be installed on the workstation prior to installing the ESSO-LM Agent.
Host Emulators
• Support for virtually any HLLAPI, EHLLAPI or WinHLLAPI-based emulator.
o Please contact Oracle Support for specific emulator versions supported.
Windows Event Logging
• Windows event logging requires Microsoft Windows Server configured for Event Logging when
being redirected to a central server.
Citrix MetaFrame/Presentation Server
• Citrix Metaframe support requires Metaframe XP Feature Release 3.
• Citrix Presentation Server support requires Presentation Server version 4.5.
• SAP support requires version 7.0, 6.40, and 6.20 patch level 23.
Hardware and Software Requirements
Supported Emulators and Applications
Host Emulators
ESSO-LM supports the following host emulators out-of-the-box:
Versions Supported
Attachmate Extra!
X-treme, 2000, 6.5, 6.4, 6.3
Attachmate myExtra! Presentation Services
7.1, 7.0
6.0, 5.0
Ericom PowerTerm Interconnect
8.2.0, 6.6.2
Hummingbird Exceed
11.0, 10.0, 9.0
Hummingbird HostExplorer
11.0, 10.0, 9.0
IBM HostOnDemand
9.0, 8.0, 4.0
5.8, 5.6, 5.5, 4.3
Irma for the Mainframe
NetManage NS/ElitePlus for Mainframe
NetManage Rumba
7.5, 7.1, 6.0
NetManage ViewNow
ScanPak (Eicon) Aviva
9.1, 9.0, 8.1
SDI Limited TN3270 Plus
Seagull BlueZone
4.0, 3.4
WRQ Reflection
10.0, 9.0, 8.0, 7.0
Zephyr Passport PC to Host
Zephyr Passport Web to Host
ESSO-LM Release Notes
Pre-configured Applications and Templates
ESSO-LM supports the following applications out-of-the-box:
Versions Supported
6.0, 5.0, 4.0, 3.0
Adobe Reader
6.0, 5.1, 5.05, 4.05
AIM (AOL instant Messenger)
5.5, 5.2
Citrix ICA Client / Program Neighborhood
9.15, 9.0
7.0, 6.1, 6.0, 5.5, 5.0, 4.0
Ericom PowerTerm Interconnect
8.2.0, 6.6.2
6.1, 5.2, 5.1.1, 5.0.2, 4.2
6.5, 6.2, 5.7, 5.0, 4.0
2002a, 4.0
Lotus Notes
6.5, 6.0, 5.0
Lotus Organizer
6.1, 6.0, 5.0, 4.1
Meeting Maker
8.0, 7.3, 7.2, 7.1, 7.0, 6.0, 5.5.2
Microsoft FrontPage
2003, XP, 2000
Microsoft Outlook
2003, XP, 2000
Microsoft Word
2003, XP, 2000
MSN Messenger
7.5, 6.2, 5.0
Netscape Mail
7.1, 7.0
Novell GroupWise
6.5, 6.0, 5.5
Novell LAN Workplace Pro
6.2, 5.2, 5.1
8.0, 5.0
QuickBooks Pro (Password-Only)
2004, 2003, 2002, 2001, 2000
6.40 (trial version), 6.20
Visual SourceSafe
2005, 6.0
Windows Live Messenger
9.0, 8.1, 8.0, 7.0
Yahoo! Messenger
5.6, 5.5
Technical Notes
Technical Notes
This section describes important technical information about this release.
Database support requires that client connectivity support be installed for the specific
Event Manager
The XML log file plug-in continually expands/appends file; log file should be cleaned up
periodically (from the user’s AppData\Passlogix folder) if it is used as part of a solution.
Logon Support
Embedded browser support, such as from within Lotus Notes, requires that IE 6.0 be installed. It
is not consistent with previous versions of the browser.
Under Windows Server 2003 (as well as Windows XP SP2), browser helper object support is (or
can be) turned off; this security setting is no longer required to be on for ESSO-LM to function
properly and can be turned off if it is no longer needed.
Conflicts may occur when using Backup/Restore functionality in conjunction with synchronizer
usage; it is not suggested that a deployed solution utilize both mechanisms and that
Backup/Restore only be used in Stand-alone installations.
Java Sun Plug-in Applets
The Java Applet using Java Sun Plug-in 1.1.3 must be clicked on before the ESSO-LM Agent
responds to it. The plug-in loads the JHO only after the user clicks into the applet UI.
Oracle JInitiator 1.1.8.X functions without this problem.
BHO May Prevent Explorer Windows Taskbar Button from Functioning Properly
Note: This issue occurs on Windows 2000 only.
BHO may prevent explorer windows taskbar button functionality from working properly. When
right-clicked, none of the options that appear in the taskbar button menu will respond when
clicked. This issue only occurs when the explorer window is open in the foreground. When the
window is minimized, the taskbar button functionality works as expected.
Citrix Published Applications Using SendKeys: Cannot Use ‘Set Focus’ Feature
When using SendKeys with Citrix published applications, the SendKeys ‘Set Focus’
feature cannot be used. The reason this feature cannot be used is because Citrix application
windows are painted, so there are no controls on the window. In order for ‘Set Focus’ to function,
it needs to reference a window's controls.
ESSO-LM Release Notes
Citrix Published Applications: SendKeys Does Not Process ‘Enter’ or ‘Tab’
When setting up a Citrix published applications using regular SendKeys with ‘Enters’ or ‘Tabs’ in
between each field, the ‘Enters’ and ‘Tabs’ are not processed correctly - they are processed in a
random order.
The issue is that the separator characters submitted between fields (typically ‘Enter’ or ‘Tab’
characters) are not processed by the Citrix application in the correct sequence resulting in
inconsistent behavior.
The solution is to modify the application template to add a delay between the fields. For example,
if the current application template is configured like this:
Delays should be added in between fields:
[Delay 0.1 sec]
[Delay 0.1 sec]
Net Soft's NS/Elite Emulator Causes ESSO-LM to Intermittently Display ‘End
Program’ Message When Logging Off or Restarting a Machine
Net Soft’s NS/Elite emulator causes ESSO-LM to display an ‘End Program’ message when
logging off or restarting a machine. This behavior is only seen intermittently.
Note: Clicking ‘End program’ may result in credentials not being cleaned up (if ‘Delete Local
Cache’ is turned on in the Administrative Console).
ESSO-LM Is Incompatible with Mozilla Firefox Using Microsoft Vista’s Built-In
Administrator Account
The standard built-in administrator account in Microsoft Vista creates compatibility issues with
ESSO-LM and Mozilla Firefox. All other accounts work properly. To work around this issue,
create a standard user or administrator account to run Firefox when using Vista.
Product Documentation
Product Documentation
The following documents support this product:
• Oracle Enterprise Single Sign-on Logon Manager Installation and Setup Guide
• Oracle Enterprise Single Sign-on Logon Manager User Guide
• Oracle Enterprise Single Sign-on Web Viewer Installation and Setup Guide
• SSOAdmin.chm – Oracle Enterprise Single Sign-on Logon Manager Administrative Console
Download PDF