Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.3.0 - Release Notes

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues in release 6.3.0
Resolved Issue Issue ID

Additional Metadata field may contain Gateway Password

In certain cases, the "Additional Metadata" field contained the Gateway Password used in the session. This is the password that the user used to authenticate on the SPS gateway, and belongs to the Gateway Username of the user. The passwords used to authenticate on the target servers were not affected.

For this error to occur, all of the following circumstances must have been met:

  • the client used an SSH session to access remote servers

  • in a joined SPS-SPP scenario

  • that used the SPS-initiated workflow

  • where the Authentication Policy of the SSH Connection Policy used the "Password" Gateway Authentication Method

  • and the version of the SPS appliance is 6.2.0 or 6.0.2.

The error has been corrected.

To find out whether this error has occurred in your environment, complete the following steps.

  1. Login to your SPS appliance as a user who has access to the Search page.

  2. On the Search page, enter the following search query: recording.additional_metadata: gp=

    • If there are no search results, the error did not occur in your environment. Upgrade to SPS version 6.3.0a or 6.0.3 to ensure that it does not occur in the future.

    • If there are search results, continue with the next step of this procedure.

  3. Click the ... button on the right of the Export CSV button.

  4. Add the Gateway Username and the Recording Connection Policy fields to the list of fields to export.

  5. Check which Authentication Policies do the Connection Policies that appear in Recording Connection Policy fields use.

  6. Navigate to SSH Control > Authentication Policies, and check which Authentication Backend do the affected Authentication Policies use.

  7. Contact the users appearing in the Gateway Username field to change their password in the affected backends.

PAM-11073

Table 2: General resolved issues in release 6.3.0
Resolved Issue Issue ID

Downloading audit trails fails on the Central Search node

In a cluster environment, downloading from audit trails from the web interface failed on the Central Search node. This has been corrected.

PAM-10971

The Protocol field on the Search page contains invalid value

In certain cases, the Protocol filed contained the '-1' value instead of the name of the protocol. This has been corrected.

PAM-10906

The connections of an SPP access request on a joined SPS-SPP fail after upgradind to SPS 6.2

The automatic upgrade of the SGAA/SGCredStore plugins caused a failure during the connections due to a plugin wrapper selection mistake. The plugin wrapper selection is fixed, connections now work as expected.

PAM-10888

'Analytics details are not available' warning appears on the UI

In some cases, the 'Analytics details are not available' warning was displayed even though the analytics scores were available for the session.

PAM-10886

The Analytics tab of a session keeps loading infinitely

Opening the Analytics tab of a session without the required privileges kept loading the page infinitely, instead of displaying a permission error. This has been corrected.

PAM-10859

If the session database is very large, opening new sessions is very slow

In some cases, persisting indexer job status updates and command/title events made a big load on the database which caused big delays in opening new connections through SPS.

The way of persisting indexer events to the database was optimized in a way that it should not add delay on new connections.

PAM-10821

Clicking on the chart in Flow view does not create the proper search query

Click on the chart in the Flow view of the Search page created incorrect search queries. This has been corrected.

PAM-10794

Report queries are not updated

In some cases, the queries of certain report subchapters were not updated, and therefore the reports contained outdated information. This has been corrected.

PAM-10787

None

PAM-10787

Error in handling compressed ICA traffic causes the server to terminate the session

In some cases, SPS handled compressed ICA traffic incorrectly, causing the server to terminate the session. The following log message appeared in the system logs:

'Compression PD: Unable to expand slab'

This has been corrected, the traffic is now handled properly.

PAM-10781

Corrections to the on-screen instructions on checking plugin integrity

The instructions on how to check the integrity of the plugins have been updated on the Basic Settings > Plugins page.

PAM-10675

None

When selecting a session in the Search page, clicking the 'Analytics' tab for first time showed an unnecessary error message for a second, before the actual contents were loaded. This has been corrected.

PAM-10671

Files copy-pasted in FreeRDP sessions cannot be exported

Files copy-pasted in FreeRDP sessions were recorded in the audit trail, but exporting them failed. This has been corrected.

PAM-10668

Clicking the Back button on the Search page removes every filter

Clicking the Back button of the browser on the Search page removed every filter, not only the last one. This has been corrected.

PAM-10636

After deleting a filter on the Search page you cannot re-add it

After deleting a filter from the query on the Search page, clicking on the same filed to re-add the filter did not have any effect. This has been corrected.

PAM-10583

Duplicate header appears on the ICA Control > Channel Policies page

While editing a new Channel Policy on the ICA Control > Channel Policies page, clicking on the Show details icon caused a new header and footer to appear. This has been corrected.

PAM-10575

The Edit option is displayed on the Search Subchapter page to users with only read rights

On the Reporting > Search Subchapters page, the Edit and Create New Subchapter options were visible even if the user had only Read privileges to the page. This has been corrected.

PAM-10429

SDP cannot replay VNC sessions with TightSecurity

SDP failed to replay audit trails that contained VNC over WebSocket sessions that had TightSecurity enabled. This has been corrected, now SDP can replay these sessions.

PAM-10279

Clicking values with special characters on the Search page are not escaped

Clicking on values on the Search page added the value to the search query, but special characters were not escaped, resulting in incorrect search queries if the selected value contained Lucene-specific characters. This has been corrected.

PAM-10234

Misspelled OK buttons on the web interface

Some OK buttons were spelled as 'Ok' on the web interface. These have been corrected.

PAM-10155

Inaccurate warning when upgrading external indexers

When upgrading an external indexer, an inaccurate warning was displayed about removing the directory that contained the configuration files of the old version of the indexer. This has been corrected.

PAM-9707

Content search field does not handle the '<' character

Typing the '<' character followed by other characters in the screen content search field caused the query to disappear. This has been corrected, such queries are now handled properly.

PAM-9264

OpenSSL encryption failure when changing the password of a permanent keystore

In some rare cases, when changing the password of a permanent keystore on the web interface, encrypting the keys failed with the following error message:

'Fatal error: escapeshellarg(): Input string contains NULL bytes in /opt/scb/lib/OpenSSL.php on line 62'

This has been corrected.

PAM-8345

If completing the Welcome Wizard using the REST API fails, the appliance becomes unreachable

If completing the Welcome Wizard using the REST API failed, an internal error made the product unreachable: the IP address became 192.168.1.1 and the console access of the root user was disabled. From now on, the console access of the root user remains active, so it can be used to fix such situations.

PAM-7760

The 'Timestamping policy' field is displayed for Local policies

On the <Protocol> > Global Options > Audit page, the 'Timestamping policy' field was displayed even when the timestamping policy was set to 'Local'. This has been corrected, now the field appears only if 'Remote' timestamping is selected.

PAM-426

System requirements

Before installing SPS 6.3, ensure that your system meets the following minimum hardware and software requirements.

The One Identity Safeguard for Privileged Sessions Appliance is built specifically for use only with the One Identity Safeguard for Privileged Sessions software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

For the requirements about installing One Identity Safeguard for Privileged Sessions as a virtual appliance, see one of the following documents:

Supported web browsers and operating systems

Caution:

Since the official support of Internet Explorer 9 and 10 ended in January, 2016, they are not supported in One Identity Safeguard for Privileged Sessions (SPS) version 4 F3 and later.

Caution:

Even though the One Identity Safeguard for Privileged Sessions (SPS) web interface supports Internet Explorer and Microsoft Edge in general, to replay audit trails you need to use Internet Explorer 11, and install the Google WebM Video for Microsoft Internet Explorer plugin. If you cannot install Internet Explorer 11 or another supported browser on your computer, use the the Safeguard Desktop Player application. For details, see "Replaying audit trails in your browser" in the Administration Guide and Safeguard Desktop Player User Guide.

NOTE:

SPS displays a warning message if your browser is not supported or JavaScript is disabled.

NOTE:

The minimum recommended screen resolution for viewing One Identity Safeguard for Privileged Sessions's (SPS's) web interface is 1366 x 768 pixels on a 14-inch widescreen (standard 16:9 ratio) laptop screen. Screen sizes and screen resolutions that are equal to or are above these values will guarantee an optimal display of the web interface.

Supported browsers

The current version of Mozilla Firefox and Google Chrome, Microsoft Edge, and Microsoft Internet Explorer 11 or newer. The browser must support TLS-encrypted HTTPS connections, JavaScript, and cookies. Make sure that both JavaScript and cookies are enabled.

Supported operating systems

Windows 2008 Server, Windows 7, Windows 2012 Server, Windows 2012 R2 Server, Windows 8, Windows 8.1, Windows 10, Windows 2016, and Linux.

The SPS web interface can be accessed only using TLS-encryption and strong cipher algorithms.

Opening the web interface in multiple browser windows or tabs is not supported.

Safeguard Desktop Player system requirements

The Safeguard Desktop Player application supports the following platforms:

  • Microsoft Windows:

    64-bit version of Windows 7 or newer. Install the appropriate driver for your graphic card.

  • Linux:

    RHEL 6, CentOS 6, or newer. The Safeguard Desktop Player application will probably run on other distributions as well that have at least libc6 version 2.12 installed.

  • Mac:

    macOS High Sierra 10.13, or newer.

Installing the Safeguard Desktop Player application requires about 120MB disk space, and a temporarily used disk space to store the audit trails that are replayed. The size of the temporary files depends on the size of the replayed audit trails.

You can install the Safeguard Desktop Player application with user privileges.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating