Fixed Issues in 7.1.1 Patch 1

Document created by RSA Information Design and Development on Jul 12, 2019Last modified by RSA Information Design and Development on Nov 15, 2019
Version 5Show Document
  • View in full screen mode

The following issues were fixed in RSA Identity Governance and Lifecycle version 7.1.1 Patch 1.

Access Certification

                                                                                           

Issue

Description

SF-1176983

ACM-88167

The Radio button text "Review items are signed off" on the configuration page of a User access review definition appeared when the sign-off option was not actually available.

SF-1262429

ACM-92238

The Member, Entitlements, and Analytics tabs of a role could not be clicked in a role review with "submit" as the mandatory signoff comment.

SF-1090220

ACM-83577

The “Explicit by Owner” option in the Account Access and Ownership review, when sub-components were automatically revoked through a revoked parent component, caused incorrect confirmation messages after canceling review changes.

SF-845541

ACM-67727

The "Apply to account entitlements" option for bulk actions did not work on associated app roles and entitlements in an account review due to a column filter in a custom review display view.

SF-1300767

ACM-94654

The Account Name column was missing from the available columns to display in a review display view.

SF-1170335

ACM-87413

Could not send emails using the Send Email button in the All Groups tab of group reviews.

SF-1150335

ACM-93895

Reviewers attempting to save or sign off changes while their earlier changes were still processing saw the following error message: “The request could not be handled.”

SF-1307372

ACM-87205

Localization in the new reviewer user interface required multiple improvements.

SF-1332517

ACM-96153

After the scheduled run time for a review was changed, the task was duplicated in the memory and the review was run multiple times.

SF-1273418

ACM-93625

In the legacy user access review definition, previously selected options for the Replace state were reset when editing the review definition without opening the States tab.
ACM-92635 During delegation from the "By Reviewer" tab of reviews, a "Delegated From" user was incorrectly identified as the last reviewer when expanding the tab instead of the actual reviewer from whom items were delegated.

SF-1159200

ACM-86631

When a review item that had been maintained with expiration was revoked, the reviewer was incorrectly set to AveksaAdmin.

SF-1159011

ACM-86618

The status for a review was not updated properly upon review completion.

SF-726389,
SF-1007919

ACM-61543

In review definitions, the "include sub-groups" option was available for selection when no specific groups were selected.

SF-1322438

ACM-95464

Review escalations scheduled to run before or after the review due date were not triggered when either the escalation was scheduled after the review due date had passed or when the application was down during the due date.

SF-1215725

ACM-90109

Review generation took more than sixty hours when the review did not use the option “Include group memberships that are entitlements of their assigned global roles.”

SF-1329501

ACM-95763

Violation Remediation review generation failed with the ORA-12899 error.

SF-1261298

ACM-94057

When a role containing app-roles was deleted in a role review, change items to remove the app-roles were not generated.

SF-1274991

ACM-92885

The user interface took a long time to load certain tabs in reviews that had large data sets.

SF-1172039

ACM-87438

Some reviewer escalation workflows were not triggered and the review history did not update if the review became active by an escalation workflow.

Access Requests

                                                   

Issue

Description

SF-781743
SF-856286
SF-872111

ACM-61578

Change requests with fulfillment dates set later than 2040 were erroneously fulfilled immediately.

SF-1290694

ACM-94018

The ${avform.requestor.Id} variable did not resolve as expected for users.Supervisor and grayed out the associated button due to the resulting sql error.

SF-1260207
SF-1290214

ACM-92751
ACM-93823

The default out-of-office functionality failed to process Global Common Submission Questions when configured.

SF-843249

ACM-67217

When a user viewed a request form with table grouping enabled, the list of entitlements took much longer than expected to expand if the checkbox next to the entitlement type was selected.

SF-1170215,
SF-1321998

ACM-87978
ACM-95417

When multiple users were selected, submission variables appeared in only the first change request.

SF-1299740

ACM-94324

Change requests to remove a user from a group that were generated by a Group review did not complete if the fulfillment workflow was configured to “Create a Job per group.”

SF-1264368
SF-1249082

ACM-93112

Optimized statements for Change Requests involved with determining missing or extra indirect entitlements.

SF-964505

ACM-74785

When a user is granted the same entitlement through both a role and an account and the account is deleted from the user, an error occurs when the role is later deleted from the user.

SF-1290843

ACM-94916

When canceling a change request there was a significant delay.

SF-1286545

ACM-93599

A "Remove account to group" change request from a webservice did not set the affected users in the request information.

Account Management

               

Issue

Description

SF-1191999

ACM-89978

The AFX output parameter did not update the pending account, even though AFX received the value from the endpoint.

Admin Errors

               

Issue

Description

SF-1205426

ACM-90188

Email failures did not appear in the notification tray to alert the admin.

AFX

                   

Issue

Description

SF-1191999

ACM-93039

Output parameters were not resolved when DN suffix mapping was used for account creation.

SF-1297770

ACM-94271

When the database suddenly went down or was unable to connect to AFX, AFX stopped running until the AFX service was restarted.

Application Wizards

               

Issue

Description

SF-1073265

ACM-82980

Custom Value List display names were not allowed in an advanced search with Integer Type attribute filtering.

Authentication

               

Issue

Description

SF-1195900

ACM-91400

Active Directory users were unable to authenticate from the host controller in a WildFly cluster environment.

Change Requests and Workflows

                                                                         

Issue

Description

 

SF-1230171

ACM-90666

On restart, a Change Request with only form fulfillment created a workflow that skipped all its form fulfillment nodes. 

SF-1277646

ACM-93113

Parallel Phase Nodes duplicated workflow and fulfillment jobs because of concurrency errors. 

SF-1284183

ACM-93525

A fix applied in an earlier patch for change requests stuck in the fulfillment phase stopped working after an upgrade. 

SF-1292210
SF-1228815

ACM-94109

Role approvals grouped by a custom category mixed up the acm.JobGroup values assigned in the workflow to define the group. 

SF-1307962

ACM-95063

A new workflow form for an activity or approval did not associate to its respective node when saved and did not replace the previous form as a result.  

SF-1279390

ACM-93461

Corrupted mapping for provisioning command parameters occurred after an upgrade.  

SF-1314848

ACM-95214

The conditional transition selection failed to save the first time when setting the condition through the drop-down selection button. 
ACM-94082Could not delete an escalation that referenced an escalation workflow that did not exist from the approval node. 

SF-1274945

ACM-92854

When a change request was created with an entitlement that had a business description, the short and long business descriptions appeared empty under user Changes in the change request approval screen. 

SF-1155926

ACM-87274

Additional Javadoc was needed about the use of Java nodes in workflows. 

SF-1255736,
SF-1279531,
SF-1349690,
SF-1332507

ACM-91858

After importing a workflow from a higher patch version into a lower patch version, migration failed with the ORA-0001 error. 

SF-1314265

ACM-95190

The Activities page loaded slowly when using a monitoring policy with a large number of activities and when filtering activities with the “By Entitlement” tab.  

Collector

                       

Issue

Description

SF-1298037

ACM-94661

The ServiceNow collector failed after certain plug-ins were activated.

SF-1269198

ACM-92669

After viewing a collector schedule without making changes, the system updated the Date Modified field of the Collector History with the time the schedule was viewed.

SF-1305102

ACM-94653

CSV database processing could not handle column header values nested in double quotation marks.

Custom Attributes

               

Issue

Description

SF-1187149

ACM-88462

Custom user attributes were not populated in the table options of the accounts tab.

Dashboard

                   

Issue

Description

SF-938836,
SF-1082693

ACM-74513

Secondary pages of a report displayed within a dashboard were not displayed properly.

SF-1156786

ACM-88676

An object dashboard was not displayed in the order expected based on the specified Display Sequence value.

Data Collection Processing and Management

                                                     

Issue

Description

 

SF-1300333

ACM-94263

Running two MAEDCs failed with error ORA-30926 if they overlapped in applications and IDs.  

SF-1187676

ACM-89996

Users could not login during the first step, Account Data Collection, of a running ADC.  

SF-1249962

ACM-91612

Change Verification performance slowed on large datasets after an upgrade. 

SF-1312022

ACM-93036

The App Metadata collector failed with the “character string buffer too small” error. 

SF-1312017

ACM-94871

The App Metadata collector trimmed values longer than 38 characters for owner and CAU fields. 

SF-1217455

ACM-89969

Indirect relationship processing ran for more than 5 days after changes to the MAEC. 

SF-1216820

ACM-92280

The provided fix to truncate the T_AV_BUSINESS_DESCRIPTIONS table did not successfully shorten the long collection time. 

SF-1314874

ACM-95225

Objects in relationships that were deleted and revived in prior collections caused changed relationships to be rejected during collection. 

Data Governance

               

Issue

Description

SF-1302256

ACM-94318

Data purging failed with the ORA-02292 error "integrity constraint (AVUSER.FK_T_PCS_EXN_HY_PC_ID_T_PCS_ID) violated - child record found".

Database Management/Performance

                               

Issue

Description

SF-1246819

ACM-93524

A database import process generated unneeded statistics for certain tables.

SF-1297442

ACM-94181

The "Provisioning screens for 50 users" performance test showed an unoptimized sql query.

SF-1312843
SF-1298331

ACM-94891

Rule pre-processing performance significantly slowed after adding segregation-of-duty rules for a large environment.

SF-1280916
SF-1330311

ACM-94602

When running the data archiving function, the data archiving process completed as expected but the purging process fails due ORA errors.

SF-1316146

ACM-95109

Additional columns that were added to the Groups table were not exposed in all views.

Email

                               

Issue

Description

SF-1191611
SF-1240924

ACM-88807

Some Approval Email replies did not show the correct reference numbers for a request and showed <AV-MsgRef-REF> instead.

SF-824105
SF-1006954

ACM-65511

The Review Completed event sent emails only to reviewers with open items.

SF-803604

ACM-64365

The View Review hyperlink to a deleted review result in a New Review email incorrectly showed the error "The Request could not be handled."

SF-1300504

ACM-94697

Case-sensitive email approvals resulted in "Wrong user replied" responses when taking an approve or reject action through email.

SF-1155182

ACM-88160

Lotus Notes could not correctly display Nordic characters in emails sent by RSA Identity Governance and Lifecycle.

Installer

               

Issue

Description

SF-922041

ACM-78015

Patch installation took an unusually long time to complete.

Metadata Import/Export

                   

Issue

Description

SF-1257224

ACM-92539

Performance slowed for importing or modifying an application with a large amount of users.

SF-1230774

ACM-92269

An application that was imported from an exported metadata file was missing information about mapping the application to a connector.

Password Management

               

Issue

Description

SF-1177525

ACM-87860

In a clustered environment, the PasswordResetNag and PasswordChangeNag tasks could be duplicated and cause a startup error.

Platform

                   

Issue

Description

SF-642369

ACM-52522

Changes to the root logger level in a clustered environment failed to apply to all associated nodes.

SF-1019541

ACM-78253

After running the HardenHTTPSProtocols.sh script in the /home/oracle/deploy directory, the following error occurred: “WARN: can’t find jboss-cli.xml. Using default configuration values.”

Reports

                                               

Issue

Description

SF-1284789
SF-1291139

ACM-93688

CSV Column headers were duplicated when exported as an attachment in an email from a scheduled report generation.

SF-1158510

ACM-93535

Two OOTB report templates, Changes in User Global Roles by Date Range and Changes in User Global Roles in the Last n Days, worked only for collected role changes and not local role changes.

SF-1261751

ACM-93822

The report query processed the < character as HTML mark-up code and truncated text that followed it.

SF-1163099

ACM-86916

When using the replace function during a preview or submission, special characters were removed from queries.

SF-1190029

ACM-88495

Query parameter detection did not work properly with an unmatched single quotation mark in the comment.
ACM-89680When a user tried to view a report that was no longer available, the following incorrect error message was displayed: “Access Denied. Insufficient privileges to view this page.”

SF-1158510

ACM-88913

The OOTB report using the template "Changes in User Global Roles by Date Range" could become stuck due to excessive query executions.

SF-1219878

ACM-90513

A new public view was needed for a customer’s reporting purposes.

SF-1219878

ACM-90512

The tables T_AV_AFX_REQUEST & T_AV_AFX_REQUEST_HISTORY did not contain public views.

Request Forms

                           

Issue

Description

SF-1300030

ACM-94292

The User picker control type reports an SQL exception error when the user filter is enabled and no variable substitution is defined in the filter.

SF-1310845

ACM-94989

Variable substitution in the control type "Drop Down with Web Service" did not encode for javascript.

SF-1201270

ACM-88959

After a button was configured to include forms of multiple form types, only global forms were displayed when the button was pressed.

SF-1224614

ACM-91417

The error message “An error occurred loading the fields for the form” occurred when running a form if the “Hide table if empty” option was enabled for an entitlement table that contained a dynamic value.

Role Management

                   

Issue

Description

SF-1158276

ACM-86615

An indirect entitlement provided through a role could erroneously be removed while comparing users.

SF-1208476

ACM-91790

Under rare circumstances, a rare condition can result in Aveksa Entitlements getting out of sync when the privileges are granted or revoked through a Role or a Group.

Rules

                               

Issue

Description

SF-1264397

ACM-93893

When a UCD rule detected an orphan account, an email was sent to a random supervisor if no supervisor was associated to the account.

SF-1322268

ACM-95316

The Attribute Change rule skipped users when multiple Rule runs were queued.

SF-1320363

ACM-95258

Rules processing failed with the error ORA-12899 because the character limit for the application reference value was not large enough.

SF-1312843

ACM-95146

Rules post-processing task "Step 8/9: Post processing: Populate violations for review components" took an hour longer than expected when processing review items with violations.

SF-1333143

ACM-95904

A provisioning/termination rule did not create change requests to revoke entitlements when there are accounts to disable and delete.

Security

                                   

Issue

Description

SF-1307234

ACM-94695

Sensitive info in REST and SOAP Web Service node configuration could be viewed by users without edit privileges.

SF-986549

ACM-78252

A request form vulnerability showed authorizations that a user should not be able to request.

SF-1158051

ACM-86836

The status page shown at the end of the password reset process needed a sanitized URL.

SF-1284851

ACM-93533

Needed to update the Apache Commons jar to the most recent version to increase security.

SF-1158051

ACM-86955

Additional validation and sanitization was needed for the file upload functionality in access requests.

SF-1158051

ACM-87527

Additional validation was required for JSP files uploaded in the Admin section.

Server Core

               

Issue

Description

SF-1257836

ACM-93038

Scheduled Unification was triggered before the scheduled IDC run and caused the incorrect processing of rules.

User Interface

                                                       

Issue

Description

ACM-92994Proxy protocol changes in a Rest Node could not be saved.

SF-1251232

ACM-92551

The load time for Review pages and Request Activity pages slowed after an upgrade.

SF-1310137

ACM-94849

After a data retention job runs, the Change State column in the Activities view could not display some of the remaining data.

SF-1193085

ACM-88580

The user interface did not notify that a previously uploaded .jsp file reloaded with modifications required a server restart for the changes to take effect.

SF- 1167740

ACM-92498

In a dashboard, the complete name of a request button was not fully visible.

SF-630081,
SF-680821

ACM-54208

When a user submitted a request, the Select Request Source screen displayed incorrect business source attributes.

SF-1324961

ACM-95538

Users granted view access to a group's directory could not see the group members.

SF-673708

ACM-53828

Under Resources > Applications, in the Accounts tab, custom attributes were not displayed for Application Roles or Entitlements.

SF-1246951
SF-1220313

ACM-91654

Intermittent high CPU usage caused performance issues in the RSA Identity Governance and Lifecycle user interface.

SF-1048792

ACM-81142

Under Reviews > Activities, when an Actions menu appeared at the bottom of the page, some menu options were cropped out of view.

SF-1176345

ACM-88381

The node filter in System > Logs could not show any logs in a WebLogic environment.

Web Services

                           

Issue

Description

SF-108829

ACM-87443

Online documentation for the createChangeRequest web service needed to clarify when the change request is not created.

SF-983571
SF-1223579

ACM-76016

The User Attribute Change web service reported a "User Not Found" error when the User ID was on record.

SF-1319168
SF-1325745

ACM-95505

Change requests created from a web service erroneously included a deleted account.

SF-1253334

ACM-92041

Duplicate group names on a multi app collector could cause the webservice call that created a change request to choose the wrong group.

Attachments

    Outcomes