-
Title
Password Manager 5.8.2 cumulative hotfix -
Description
244141 – Due to enhanced security changes within Starling Two-Factor Authentication, Password Manager 5.8.2 Starling Two-Factor Authentication unjoin function fails when the TLS 1.2 protocol is enforced. Additionally, in Password Manager 5.8.2 the activity Authenticate with Starling Two-Factor Authentication SMS and Phone Call options also fail if Password Manager is already joined to Starling Two-Factor Authentication.
This cumulative hotfix also contains all previously discovered issues since the release of Password Manager 5.8. For a full listing of resolved issues please consult the included documentation within the hotfix package.
-
Cause
Starling Two-Factor Authentication has been enhanced to only accept the TLS 1.2 protocol.
Defects addressed:
244141, 236819, 236820, 217557, 106778, 100051, 100266, 101164, 108986, 109946, 108086, 110869, 111445, 126565, 125661, 127765, 170379, 184323, 201031, 220312, 108355/122791, 112471, 114913, 115815, 142180, 169932, 167521, 216728, 218133, 218760, 220083, 221967, 223773, 222330, 235732, 233548, 122971, 110595, 141501
-
Resolution
Hotfix Installation
Please download the hotfix here.NOTE: During the hotfix installation, click NO when prompted for a system restart. Perform a manual restart after the installation of the hotfix is completed.
After the successful installation of the hotfix and a system restart, verify the following files.
If the following content is not available, it must be updated.
- In the <Password Manager installation folder>\Service\QPM.Service.Host.exe.config, the following is to be present under <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" /> </startup>
- In the <Password Manager installation folder>\Web\Admin\web.config, the following is to be present under <system.web> node: <httpRuntime requestPathInvalidCharacters="" targetFramework="4.6.1" />
- In the <Password Manager installation folder>\Web\User\web.config, the following is to be present under <system.web> node: <httpRuntime requestValidationMode="2.0" targetFramework="4.6.1" />
- In the <Password Manager installation folder>\Web\Helpdesk\web.config, the following is to be present under <system.web> node: <httpRuntime requestValidationMode="2.0" targetFramework="4.6.1" />
To install the hotfix
- Copy the supplied file PasswordManager-5.8.2_SOL319838.exe.rename to the One Identity Password Manager 5.8.2 computer.
- Remove the .rename file name extension.
- Run the file PasswordManager-5.8.2_SOL319838.exe and follow the on-screen instructions to complete the hotfix installation.
- Perform Steps 1—3 for each instance of Password Manager installed in your environment.
NOTE: Enable sticky session if you are hosting any site on the load balancer, as Admin, Helpdesk, and Self-service sites use session state management technique.
If it is not possible to install and apply this cumulative hotfix, you may manually update the following files to implement the fix.
Otherwise please install the hotfix and it will automatically update the files, and no further action is required.
Manual Workaround
NOTE: Before manually updating these files or before installing the hotfix, One Identity recommends to take a backup of the following files listed here.
<Password Manager Installation Folder>\Service\QPM.Service.Host.exe.config <Password Manager Installation Folder>\Web\Admin\web.config <Password Manager Installation Folder>\Web\User\web.config <Password Manager Installation Folder>\Web\NewUser\web.config <Password Manager Installation Folder>\Web\Helpdesk\web.config 1. In the Path C:\Program Files\One Identity\Password Manager for AD LDS\Service. Edit the file QPM.Service.Host.exe.config. Change the following content as follows:ORIGINAL: <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />Replace with: <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />2. In the Path C:\Program Files\One Identity\Password Manager for AD LDS\Web\Admin. Edit the file Web.config. Change the following content as follows:ORIGINAL: <httpRuntime requestPathInvalidCharacters="" />Replace with: <httpRuntime requestPathInvalidCharacters="" targetFramework="4.6.1" />:
3. In the Path C:\Program Files\One Identity\Password Manager for AD LDS\Web\Helpdesk. Edit the file Web.config. Change the following content as follows:ORIGINAL: <httpRuntime requestPathInvalidCharacters="" />Replace with: <httpRuntime requestPathInvalidCharacters="" targetFramework="4.6.1" />4. In the Path C:\Program Files\One Identity\Password Manager for AD LDS\Web\User. Edit the file Web.config. Change the following content as follows:ORIGINAL: <httpRuntime requestPathInvalidCharacters="" />Replace with: <httpRuntime requestPathInvalidCharacters="" targetFramework="4.6.1" /> -
Change Request
TF00241191