These are the updates made to the software and documentation for release 9.1.0.6.0 of the Oracle Identity Manager Advanced Connector for CA Top Secret.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
These include major changes made to the connector documentation. These changes are not related to software updates.
These are the updates made to the connector software.
Software Updates in Release 9.1.0.9.0
The following are software updates in release 9.1.0.9.0:
Resolved Issues in Release 9.1.0.9.0
The following table lists the issues resolved in release 9.1.0.9.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
32498921 |
CVE-2021-26117: APACHE ACTIVEMQ UPDATE TO AT LEAST 5.16.1 OR 5.15.14. |
This issue has been resolved. |
|
32054805 |
CVE-2019-10086: APACHE COMMONS BEANUTILS UPDATE TO AT LEAST 1.9.4. |
This issue has been resolved. |
|
31974483 |
CVE-2020-5421: SPRING FRAMEWORK UPDATE TO AT LEAST 5.2.9, 5.1.18, 5.0.19, OR 4.3.29. |
This issue has been resolved. |
Software Updates in Release 9.1.0.8.1
The following are software updates in release 9.1.0.8.1:
Resolved Issues in Release 9.1.0.8.1
The following table lists the issues resolved in release 9.1.0.8.1:
| Bug Number | Issue | Resolution |
|---|---|---|
|
32663510 |
TSS 9108 w/IPV6 - UnSuccessful Connection to LDAP Using IPV6 hostname. |
This issue has been resolved. |
Software Updates in Release 9.1.0.8.0
The following are software updates in release 9.1.0.8.0:
Resolved Issues in Release 9.1.0.8.0
The following table lists the issues resolved in release 9.1.0.8.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
31778959 |
Support PhraseOnly for TSS. |
This issue has been resolved. |
|
31046304 |
IPV6 support for TSS. |
This issue has been resolved. |
|
32408771 |
Wrong command is being used for remove INSTDATA operation from OIM to Top Secret |
This issue has been resolved. |
|
31935863 |
TSS 9.1.0.4 - Recon Timezone Issue |
This issue has been resolved. |
Software Updates in Release 9.1.0.7.0
The following are software updates in release 9.1.0.7.0:
Resolved Issues in Release 9.1.0.7.0
The following table lists the issues resolved in release 9.1.0.7.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
31935863 |
Timestamp attribute in logs were shown in GMT timezone, and not in Oracle Identity Manager timezone. |
This issue has been resolved. |
|
31748336 |
EOF Exception encountered while constructing entryDN ( |
This issue has been resolved. |
Software Updates in Release 9.1.0.6.0
The following are software updates in release 9.1.0.6.0:
Resolved Issues in Release 9.1.0.6.0
The following table lists the issues resolved in release 9.1.0.6.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
31538898 |
When the |
This issue has been resolved. When the |
|
31569978 |
While reconciling data via batch / CFILE, inconsistency in treatment of the |
This issue has been resolved. If there is an However, if there is no |
|
31647086 |
When an LDAP client, such as Oracle Identity Manager disconnects from the IDF Gateway unexpectedly, an error is logged by the IDF Gateway. |
This issue has been resolved. While the log level and content is technically accurate, in all observed cases, the signal-to-noise ratio of this message causes an undue burden on our support staff When logging an instance of ClosedChannelException, use the DEBUG log level rather than the ERROR log level. |
Software Updates in Release 9.1.0.5.0
The following are software updates in release 9.1.0.5.0:
Support for New Oracle Identity Governance Release
From this release onward, you can install and use the connector with Oracle IdentityGovernance 12c PS4 (12.2.1.4.0).
See Table 1-1 for the full list of certified Oracle Identity Governance releases.
Logging Mechanism Enhanced
From this release onward, depending on the log level you set, the connector provides detailed information for any event, including reasons for an event failure.
Resolved Issues in Release 9.1.0.5.0
The following table lists the issues resolved in release 9.1.0.5.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
31113886 |
The Rename event is the target system was executed correctly. Rename event failed whenever you tried to rename the 8th character in a string. For example, renaming user ID |
This issue has been resolved. |
|
30910256 |
When you delete accounts from the target system, information about these deleted accounts were fetched into the LDAP Gateway. Subsequently, when you ran the Top Secret Reconcile Users to Internal LDAP scheduled job (CFILE job), information about the deleted accounts were not reconciled into Oracle Identity Manager. |
This issue has been resolved. The deleted records are now fetched into Oracle Identity Manager and are displayed as either Revoked or Deleted, depending on the operation performed on the target system. |
Software Updates in Release 9.1.0.4.0
The following are software updates in release 9.1.0.4.0:
Resolved Issues in Release 9.1.0.4.0
The following table lists the issues resolved in release 9.1.0.4.0:
| Bug Number | Issue | Resolution |
|---|---|---|
|
30860763 |
The Attributes field in the LDAP gateway is a multivalued field. When you run the Top Secret Reconcile Users to Internal LDAP scheduled job (CFILE job), the Attributes field containing multiple values showed only a single value. |
This issue has been resolved. |
|
30897544 |
When using the EXPORT_MON parameter of the Pioneer control file, the progress message displayed on the number of records processed was incorrect. For example, suppose there are 750 records and you set EXPORT_MON=YES, REC=200. Then, Pioneer displayed a progress message for every 200 records in 3 iterations. And in the fourth iteration, Pioneer display that it processed 200 records, instead of 150. |
This issue has been resolved. The number of records retrieved in the final iteration is now displayed correctly. |
|
30910322 |
When you ran the Top Secret Reconcile User to LDAP to Internal LDAP, the Netview attribute for some user accounts were not reconciled. |
To ensure the Netview attributes for all users are reconciled, in the LDAP_INSTALL_DIR/conf/parser-grammars/tops/tops_recon_FetchAllUserData.xml file, search for and replace the <Line id="netviewControl" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVCTL\s+CONTROL\s+(?<netviewControl>[\s\S\-]{0,249})" />
<Line id="netviewConsname" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVCONSCONSNAME(?<netviewConsname>[\s\S\-]{0,249})" />
<Line id="netviewInitCmd" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVIC\s+INIT CMD\s+(?<netviewInitCmd>[\s\S\-]{0,249})" />
<Line id="netviewMsgrecvr" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVMSGRMSGRECVR\s+(?<netviewMsgrecvr>[\s\S\-]{0,249})" />
<Line id="netviewOpclass" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVOPCLOPCLASS\s+(?<netviewOpclass>[\s\S\-]{0,249})" />
<Line id="netviewDomains" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVDMNSDOMAINS\s+(?<netviewDomains>[\s\S\-]{0,249})" />
<Line id="netviewNgmfadmn" required="true" enabled="yes" sig="^4011([A-Za-z0-9]{0,3})(\S)?\s+([\s\S\-]{18})NETVNGMFNGMFADMN\s+(?<netviewNgmfadmn>[\s\S\-]{0,249})" />
|
Software Updates in Release 9.1.0.3.0
The following are software updates in release 9.1.0.3.0:
Custom Reconciliation Exit
You can customize the default reconciliation exit (TSSINSTX) to meet any special requirements in your environment. The connector installation package includes several sample files that enable you to write and call your own logic for the reconciliation exit.
See Customizing the Reconciliation Exit (TSSINSTX) for more information about working with custom reconciliation exit routines.
Software Updates in Release 9.1.0.2.0
The following are software updates in release 9.1.0.2.0:
Transformation of LDAP Gateway Attributes
By including transformation rules within the LDAP_INSTALL_DIR/conf/customer-configuration.properties file, you can configure the LDAP gateway to transform the gateway attributes in search results.
See Configuring Transformation of the LDAP Gateway Attributes for more information on the transformation rules to include and its format.
Running Multiple Instances of the LDAP Gateway on the Same Host
From this release onward, you can run multiple instances of the LDAP Gateway on the same host.
See Configuring Multiple Instances of the LDAP Gateway for more information on configuring and running multiple gateway instances in your environment.
Support for Filtering
The "Top Secret Reconcile All Users" and "Top Secret Reconcile LDAP Users to OIM" scheduled tasks have been updated to include a filter attribute. You can use this attribute to retrieve user records that match a given filter criteria. See Top Secret Reconcile All Users and Top Secret Reconcile LDAP Users to OIM for more information about the filter attribute.
Software Updates in Release 9.1.0.1.0
The following are software updates in release 9.1.0.1.0:
Addition of a New Parameter in the Voyager Control File
The FAST_SHUTDOWN_NUM parameter has been introduced in the Voyager control file.
During peak loads there can be thousands of events written to sub pool and Voyager processes those events sequentially. You can use the FAST_SHUTDOWN_NUM parameter to implement the batching feature, which processes the events in batches. You specify the number of events in a 'batch' in the FAST_SHUTDOWN_NUM parameter. Voyager checks for any operator command after processing each batch instead of checking it after processing all events at once. This helps in fast shutdown capability for Voyager during maintenance cycles.
See Configuring the Reconciliation Agent for more information about the FAST_SHUTDOWN_NUM parameter.
Software Updates in Release 9.1.0.0.0
Support for New Oracle Identity Governance Release
From this release onward, the connector can be installed and used on Oracle Identity Governance release12.2.1.3.0. Be sure to download and apply the 28682376 and 29133050 mandatory patches from My Oracle Support.
Support for New Target System Version
From this release onward, the you can install and use the connector with CA Top Secret R15 or R16 running on IBM z/OS version 2.2 or 2.3.
Detailed Audit Logs
From this release onward, the connector provides a LOGGERX module that you can configure for detailed debug level log information on the Pioneer and Voyager agents. This detailed logging provides additional auditing and monitoring capabilities for your target system. In addition, you can choose to print or suppress log messages.
See Configuring Logging for more information.
Support for High Availability and Disaster Recovery in the LDAP Gateway
From this release onward, the LDAP gateway supports high availability and disaster recovery when you use OpenDS as the backend.
Support for ADMIN and DEADMIN Keywords
From this release onward, the connector provides support for provisioning and reconciliation of all Admin multivalued attributes.
See Adding Admin Multivalued Attributes for Provisioning and Reconciliation for more information.
Support for New Diagnostic Tool
From this release onward, a new diagnostic tool for TSS Agents, ENVINFO, is available for use as described in Understanding and Using the ENVINFO Diagnostic Tool.
Support for the MOVE Function
The provisioning and reconciliation ability of Oracle Identity Manager has been enhanced to achieve the expected functionality of the MOVE keyword. For example, for provisioning operations:
Enhancement to the Scheduled Tasks for Lookup Field Synchronization
The "Top Secret Find All Groups" and "Top Secret Find All Profiles" scheduled tasks for lookup field synchronization have been enhanced to include the following three new parameters:
See Scheduled Tasks for Lookup Field Synchronization for descriptions of these parameters.
Support for Passphrases
From this release onward, the connector provides support for passphrase security, in addition to password.
A new field for passphrase has been added to the OIM User process form, which lets you provision an account by using passphrases. In addition, you can modify the passphrase of an account along with other fields on the process form.
For reconciliation, the phraseExpire and phraseExpireInterval attributes have been added to the "Top Secret Reconcile All Users" and "Top Secret Reconcile All LDAP Users" scheduled tasks.
Enhancement to the IT Resource Definition
The IT resource definition has been enhanced to include a new parameter named "auditTemplate" for passing audit statements. If you do not specify any value for this parameter, then the connector will not post audit comments for any process task that is initiated from Oracle Identity Manager.
See Configuring the Connector for Audit Comments for information about setting up the connector for displaying audit information.
These are the updates made to the connector documentation.
Documentation-Specific Updates in Release 9.1.0.9.0
There are no documentation-specific updates in this release.
Documentation-Specific Updates in Release 9.1.0.8.0
A new parameter called IP has been added to Table 4-4.
A new parameter called IP has been added to Table 4-5.
The parameter "LDAP Time Zone" in Table 5-6 has been amended to use the Timezone database name value.
The attribute "PHRASEONLY" has been added to Table 1-4
Documentation-Specific Updates in Release 9.1.0.7.0
There are no documentation-specific updates in this release.
Documentation-Specific Updates in Releases 9.1.0.4.0 through 9.1.0.6.0
The following documentation-specific updates have been made in revision "05" of the guide:
The idfConnectTimeoutMS" and "idfReadTimeoutMS" rows of Table 3-1 has been updated.
Troubleshooting Information has been updated.
The "Oracle Identity Governance or Oracle Identity Manager" row of Table 1-1 has been updated to include support for Oracle Identity Governance release 12c PS4 (12.2.1.4.0).
Documentation-Specific Updates in Release 9.1.0.3.0
The following documentation-specific update has been made in revision "04" of the guide:
Activating Reconciliation Exits has been created.
Documentation-Specific Updates in Release 9.1.0.2.0
The following documentation-specific update has been made in revision "03" of the guide:
Configuring Memory Pool Settings has been added.
Table 2-2 has been updated to include the agentMetaRecon and agentCachingRecon properties.
The name of the file and its location for managing LDAP Gateway logging operations has been updated in Enabling Logging for the LDAP Gateway.
The "topsecret-agent-recon.log" row as been removed from Table 3-2 as it is no longer available.
The "Infrastructure requirement for the message transport layer between Oracle Identity Manager and the mainframe environment" row of Table 1-1
Description of the Message Transport Layer component in About the Connector Components
Encrypted Communication Between the Target System and Oracle Identity Manager
The "Message Transport Layer" row of Installation Requirements for Agents
CFILE Reconciliation Process has been updated.
Table 3-1 and Table 5-3 have been updated to include the "Secondary IT resource" attribute.
The "phraseExpire" and "phraseExpireInterval" attributes have been removed Table 5-3 as they are not present in the scheduled task.
Documentation-Specific Updates in Release 9.1.0.1.0
There are no documentation-specific updates in this release.
Documentation-Specific Updates in Release 9.1.0.0.0
This is the first release of the connector in this release track. Therefore, there are no documentation-specific updates in this release.