지금 지원 담당자와 채팅
지원 담당자와 채팅

Password Manager 5.9.7 - Release Notes

Resolved issues

The following is a list of issues addressed in One Identity Password Manager 5.9.7.

Table 2:  Resolved issues – General Password Manager Issues

Resolved issue

Issue ID

Fixed various security issues.

291704

Previously, when using phone authentication with Starling 2FA, authentication did not work with phone numbers longer than 12 digits.

This issue is now fixed, and phone authentication now accepts phone numbers longer than 12.

286773

Previously, when configuring a custom management account under General Settings > Domain connections for a domain, and the custom management account was not a user of that domain, then having another user with the same name (but a different password) on that domain resulted in the authentication of that user failing every time when a scheduled task tried binding onto the configured domain. Following these failed authentication attempts, the user could be locked out.

This issue is now fixed so that the authentication process now uses the correct domain information, provided in the Add New Domain Connection > User name field.

 285036

Previously, toast notifications for the Secure Password Extension (SPE) component did not work properly if the management policy only had the Organizational Units (OUs) of the users configured, but not their groups. This issue is now fixed.

NOTE: The previous behavior still persists when using distribution groups instead of security groups.

277902

Previously, creating a custom password policy, and specifying a custom rule for it in Password Policies > <domain-password-policy> > Edit > Policy Rules > Custom Rule resulted in the following issues if the custom rule have contained any line breaks:

  • In the Password Manager User Site, the specified text was converted to a single line.

  • In the Password Manager Self-Service Site, only the contents of the first line appeared.

Both of these issues are now fixed, and line breaks are handled properly on both sites.

265033

Previously, attempting to uninstall Password Manager with the One Identity rSMS Service installed and running resulted in a Files in Use Windows pop-up window appearing during the uninstallation process, forcing users to close the application manually.

This issue is now fixed, so the uninstallation process automatically stops the rSMS Service.

 116469
Table 3:  Resolved issues – Password Manager Service

Resolved issue

Issue ID

Improved communication security between the Password Manager Service and the Password Manager Sites.

298108

Table 4:  Resolved issues – Password Manager Administration Site

Resolved issue

Issue ID

Previously, deleting a custom workflow resulted in the Password Manager Administration Site being stuck in a loading state, forcing users to reload the page.

This issue is now fixed.

291364, 169056

Previously, when creating a new workflow with the workflow designer, drag-and-dropping activities into it or moving activities within it could result in the workflow designer showing incorrect configuration dialogs, or showing drag-and-dropped items in an incorrect order.

This issue is now fixed, so drag-and-dropping and reordering activities in custom workflows work properly.

291362

Fixed a login issue affecting the Password Manager Administration Site.

 291165

Previously, when configuring a password reset workflow based on embedded connectors, the workflow did not work for LDAP target systems, even if the rSMS LDAP Connector has been configured in the Reset password in connected systems through embedded connectors activity, as described in Knowledge Base Article 332671.

This issue is now fixed, and users can reset the password of their account in the remote LDAP database if the embedded rSMS LDAP Connector is configured in the workflow.

289366

Previously, the redirection behavior of the Save and Cancel buttons in the available General Settings options was inconsistent, with some of them redirecting users to the home page of the Password Manager Administration Site, while others keeping users at the currently opened setting page when clicking them.

This issue has been fixed with the following changes:

  • Clicking Save buttons no longer redirects users to the home page.

  • All Cancel buttons have been removed from every General Settings option page.

261519

Previously, when configuring a new SMTP server via General Settings > SMTP Servers, clicking Test settings in the Add SMTP Server window resulted in an extra footer appearing at the bottom of the page. Because of this, the disabled elements of the page were shown incorrectly.

This issue is now fixed.

 85595
Table 5:  Resolved issues – Password Manager Helpdesk Site

Resolved issue

Issue ID

Previously, when using two Management Policies with the same user groups included in their User Scopes, and having a Helpdesk group assigned to the Helpdesk Scope of the second Management Policy, attempting to select a found user on the Helpdesk Site could result in a system error.

This issue is now fixed, and Helpdesk users now can select found users without getting any errors.

290525

Previously, setting the General Settings > Search and Logon Options > Do not allow users to search for their accounts > Users must enter the following user account attribute for identification (this may slow down the performance) attribute to sAMAccountName resulted in a Value cannot be null critical error when attempting to search and select users that belong to a different management policy.

This issue is now fixed, and the Password Manager Helpdesk Site returns a No accounts matching your search criteria have been found message in such cases.

 283937

Previously, changing the language with the Select language option did not change the language in the Display user agreement action.

This issue is now fixed.

217068

Table 6:  Resolved issues – Password Manager Self-Service Site

Resolved issue

Issue ID

Previously, attempting to log in to the Password Manager Self-Service Site with an expired password resulted in an Incorrect password error message, even if the password policies of the organization allowed users to authenticate with expired passwords.

After their second attempt, users could log in to the Self-Service Site with their expired password: however, any workflow that used the Authenticate with password activity still failed on the first try when the users used their correct but expired password.

This issue is now fixed, and the Self-Service Site accepts the expired user password on the first attempt.

299270

Previously, routing to the Password Manager Self-Service Site did not work properly if the site URL have contained query parameters (for example, when routing to the site via the Offline Password Reset component).

This issue was caused by the routing not being case insensitive in such cases, and has been fixed in Password Manager 5.9.7.

294640

Previously, when configuring a custom color scheme via the General Settings > Web Interface Customization setting of the Password Manager Administration Site, the configured color scheme was applied only to the heading of the Password Manager Self-Service Site, but not to the rest of the Self-Service Site UI elements (such as buttons).

This issue is now fixed, and the configured color scheme is properly applied to every UI element of the Self-Service Site.

 288291

Known issues

The following is a list of issues, including those attributed to third-party products, that are known to exist at the time of the One Identity Password Manager 5.9.7 release.

Table 7:  Known issues

Known issue

Issue ID

Currently, the Password Policy Manager (PPM) component does not support Local Security Authority (LSA) protection.

295089

When User Principal Name (UPN) is used as service account, installing a Password Manager hotfix can lock the service account.

Workaround

To solve the problem:

  1. Change the service account to the domainname\username format.

  2. Provide a password for the same service account user.

  3. Install the Password Manager hotfix.

255614

Following a Password Manager upgrade, the General > Settings > Scheduled Tasks > Active Directory Sites task is disabled.

Workaround

After upgrading Password Manager to a newer version, enable the Active Directory Sites task manually.

246147

When scheduled from the secondary instance of the Password Manager server, the General Settings > Unregister Users task does not run.

Workaround

Schedule the Unregister Users task on the primary instance of Password Manager.

233679

If the application pool identity is a domain user with minimal permissions, then Web interface customization changes are not applied to the Self-Service and Helpdesk Sites.

233658

In the General Settings > Instance Reinitalization page, the Corporate phone attribute is not imported from the primary instance to the secondary instance.

Workaround

Update the Corporate phone attribute manually on the secondary instance to have the same value as on the primary Password Manager instance.

229200

If the Password Manager Self-Service Site contains an IPv6 address, the location-sensitive authentication (LSA) feature does not work.

Workaround

LSA currently supports IPv4 addresses only. Therefore, do not access the Password Manager Self-Service Site from an external network where the request contains an IPV6 address.

221571

When configuring a dictionary rule in the Password Manager Administration Site, the Policy Rules > Dictionary Rule > Enable dictionary lookup to reject passwords that contain > Beginning characters of a dictionary word setting does not work correctly if you specify only 2 beginning characters.

Workaround

One Identity recommends using the A complete word from the dictionary (QPMDictionary.txt) setting when configuring a dictionary rule.

221468

If no appropriate authentication methods are configured for it, the Forgot My Password screen may appear blank in the Password Manager Self-Service Site or Helpdesk Site.

Workaround

In the Password Manager Administration Site, One Identity recommends configuring the Register workflow with Security Questions as one of its registration modes.

221389

When a symmetry rule is configured with the Policy Rules > Symmetry Rule setting of the Password Manager Administration Site, it may fail to validate passwords containing non-consecutive characters.

Workaround

Do not use the Policy Rules > Symmetry Rule > Maximum number of consecutive characters within a password, that read the same in both directions (pass4554word) setting.

220177

In a Password Manager for AD LDS environment, if the User Scope is configured with an AD LDS account, the Forgot My Password and Manage My Passwords workflows will fail.

Workaround

When configuring a User Scope, do not use The following AD LDS account setting of the Access account > Edit AD LDS Instance Connection dialog.

220171

When a Questions and Answers Policy is updated with any language other than English, users may receive both the default and the custom email notifications on the Password Manager Self-Service Site.

Workaround

For the Email user if workflow succeeds workflow, change the value of the Select email template to use setting to Customize.

219401

When searching users with reCAPTCHA enabled, not entering reCAPTCHA for the second time results in a non-human readable error message.

Workaround

Always search for users with the correct username and with the reCAPTCHA check completed.

217064

Upgrading Password Manager from version 5.6.3 to 5.9.x keeps the previous My Questions and Answers profile workflow.

Workaround

To solve the problem:

  1. In the Password Manager Administration Site, navigate to the My Questions and Answers profile workflow.

  2. Open Workflow Settings > Availability.

  3. Set Enable the workflow to Never.

  4. Select Show the workflow on the Self-Service site.

  5. To apply your changes, click OK.

215892

The User Status Statistics scheduled task may fail intermittently.

171590

After upgrading to Password Manager 5.9.x, the My Notifications custom workflow cannot be edited in the Password Manager Self-Service Site.

Workaround

One Identity recommends to use the legacy Self-Service Site to edit the My Notifications workflow.

171589

When using Password Manager for AD LDS, the Password Policies page of the Administration Site is not updated when a password policy is created.

Workaround

After a new Password Policy is created, click Save, and immediately cancel the Add New Policy wizard. The page will refresh and list the new policy.

170587

After upgrading to Password Manager for AD LDS 5.9.x, the General Settings > Search and Logon Options menu may display an error when its settings are modified.

Workaround

To solve this problem:

  1. In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.

  2. In the Users must enter the following user account attribute for identification setting, change the value from sAMAccountName to cn.

170560

Domain users may not be able to access the Password Manager Administration Site, even if they are members of the local PMAdmin group.

Workaround

When using Password Manager 5.8.x or newer, domain users can access the Administration Site only if they are members of both the local PMAdmin group, and either the IIS_IUSRS group or the Administrators group.

170441

In Password Manager for AD LDS, certain column data required for custom activities are not available in generated reports.

170355

After upgrading Password Manager from an earlier version to 5.9.x, the upgrade process may create duplicate URL references for the Password Manager User Site.

Workaround

Manually delete URL shortcuts that are not required.

169921

When a Password Manager for AD LDS instance and the Password Manager for AD LDS server instance are not configured on the same machine, Password Policy Rules are not displayed in the new and legacy Password Manager for AD LDS Self-Service Sites.

Workaround

Configure the Password Manager for AD LDS instance and the Password Manager for AD LDS server instance on the same machine.

169763

The user search settings of the Password Manager for AD LDS Helpdesk Site may work incorrectly.

Workaround

To solve the problem:

  1. In the Password Manager for AD LDS Helpdesk Site, navigate to General Settings > Search and Logon Options.

  2. Use the cn attribute instead of mail to search for users.

169384

When editing a Questions and Answers Policy, you may be unable to edit or delete translated questions.

Workaround

To edit existing translated questions, add another translated language.

168957

The Password Manager Self-Service Site may not launch on Secure Password Extension (SPE) through a 32-bit operating system.

Workaround

If you have a 32-bit operating system, One Identity recommends to use the legacy Self-Service Site.

167871

When a password is changed from the target Active Directory (AD) system to that of the source AD, One Identity Quick Connect may be unable to synchronize passwords.

Workaround

Restart the Quick Connect Capture Agent Service on all the source and target systems.

167573

In Password Manager versions 5.8.2 and 5.9.x, you can only reconnect to a domain on the second attempt.

Workaround

To solve the problem:

  1. In the Password Manager Administration Site, select the User Scope, Helpdesk Scope or Password Policy you want to configure.

  2. Click Add domain connection twice to add a new domain connection.

166950

In email notifications, the #OPERATOR_ACCOUNT_NAME#, #OPERATOR_IP#, #WORKFLOW_RESULT#, and #WORKFLOW_SUMMARY# parameters are not populated.

141728

On Windows Server 2019, the Password Manager Service and One Identity rSMS Service may stop.

Workaround

To solve the problem, make sure that the domain controller machine and the clients are at two separate entities.

127587

When editing a dictionary file between the size of 10–20 MB from a Password Policy, the web browser session may crash, and an error may appear in the Windows Event Viewer.

Workaround

If you must modify a dictionary file larger than 10 MB, edit it from the domain machine where Password Policy Manager (PPM) is installed.

115957

When performing a password reset with the Password Manager Helpdesk Site, the site also accepts the previous/old password.

Workaround

Manually enter a different password during the short duration of the password reset.

114822

System requirements

This section provides the system requirements for installing and running Password Manager and its components.

Password Manager Service and Administration Site requirements

Password Manager Service and Administration Site requirements

Before installing Password Manager, ensure your system meets the following minimum hardware and software requirements. These requirements are applicable both to Full Installation and Distributed Installation (when the Self-Service Site and the Helpdesk Site are installed on separate systems).

Table 8: Password Manager Service and Administration Site requirements

Requirement

Details

Platform

1.6 GHz or higher.

Memory

At least 4 GB RAM.

Hard disk space

2.7 GB of free disk space.

 NOTE: If .NET Framework is already installed, then installation may require less disk space.

Operating system

Password Manager can be run on any of the following operating systems:

  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

NOTE: Consider the following operating system and machine restrictions:

  • Password Manager is not supported on Windows Server Core mode setup.
  • One Identity does not recommend installing Password Manager on the machine where the Domain Controller (DC) server is installed.

  • Password Manager supports Windows Server 2012 R2 and later versions in domain and forest functional levels, including domains operating in a mixed mode.

  • Password Manager does not support Windows 2008 and earlier versions.

Internet Information Services

Password Manager requires any of the following Microsoft Internet Information Services (IIS) versions on the web server of your environment:

  • IIS 7.0
  • IIS 7.5
  • IIS 8.0
  • IIS 10.0

TIP: To ensure best practice security, configure Password Manager to use HTTPS. For more information, see Password Manager 5.9.7 Administrator Guide or Password Manager 5.9.7 Administrator Guide (AD LDS Edition).

Web browser

Password Manager supports the following web browsers:

  • Microsoft Internet Explorer 11

  • Microsoft Edge

  • Mozilla Firefox 10 or later

  • Apple Safari 5 or later

  • Google Chrome 15 or later

Microsoft .NET Framework

Microsoft .NET Framework 4.7.2

 NOTE: Install .NET Framework before you install Password Manager.

Visual C++ Runtime Libraries

Password Manager supports the following Visual C++ Runtime Libraries:

  • Visual C++ Runtime Libraries 2017

  • Visual C++ Runtime Libraries 2010

Visual C++ Runtime Libraries x86 and x64 are included in the Password Manager distribution package.

 NOTE: Install Visual C++ Runtime Libraries 2010 and Visual C++ Runtime Libraries 2017 before you install Password Manager.

Adobe Acrobat Reader

Acrobat Reader DC

 NOTE: Acrobat Reader DC 17.009.20044 is included with the Password Manager distribution package.

Minimum screen resolution

1280x1024 pixels

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택