RSA^® Governance & Lifecycle

Summary RSA announces the availability of Patch 7 for SecurID Governance & Lifecycle 7.5.2. This release contains numerous fixes and improvements. See the SecurID Governance & Lifecycle 7.5.2 Patch 7 Release Notes for information about the contents of the patch. Recommendation: RSA strongly recommends that customers upgrade to this latest update. Please note that all patches are cumulative. Obtaining Software and Documentation: The Release Notes are available in the SecurID Governance & Lifecycle 7.5.2 documentation area. You can access the RSA Identity Governance and Lifecycle 7.5.2 Patch 7 software in the SecurID Governance & Lifecycle 7.5.2 Downloads area on RSA Community. In the Download area, click Full Product Downloads to open myRSA and to view a list of your purchased products. Select the appropriate license link to access the RSA Identity Governance and Lifecycle software downloads. Contact RSA Customer Support if any licenses for products you have purchased are missing from the list. EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details. ... View more

Article Number 000068197 Applies To SecurID Governance & Lifecycle 7.5.2 P03 on IBM WebSphere Issue When SecurID Governance & Lifecycle 7.5.2 P03, deployed on IBM WebSphere 8.5.5.21, is configured to use IMAPS protocol (default port 993) for Approval Email Server, the following exception shows in the logs: javax.mail.MessagingException: Could not connect to message store for imaps://username@imaps-server.hostname:993; nested exception is: javax.mail.MessagingException: Remote host terminated the handshake; nested exception is: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:651) at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.checkForMail(MailboxMonitorThread.java:178) at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.run(MailboxMonitorThread.java:46) Caused by: javax.mail.MessagingException: Remote host terminated the handshake; nested exception is: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670) at javax.mail.Service.connect(Service.java:295) at javax.mail.Service.connect(Service.java:176) at javax.mail.Service.connect(Service.java:125) at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:625) ... 2 more Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.ibm.jsse2.bj.a(bj.java:18) at com.ibm.jsse2.bj.b(bj.java:1) at com.ibm.jsse2.bj.f(bj.java:427) at com.ibm.jsse2.bj.a(bj.java:406) at com.ibm.jsse2.bj.startHandshake(bj.java:160) at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549) at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:354) at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:237) at com.sun.mail.iap.Protocol.<init>(Protocol.java:116) at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:115) at com.sun.mail.imap.IMAPStore.newIMAPProtocol(IMAPStore.java:685) at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:636) ... 6 more An inspection of the TCP network traffic capture data shows a connection being attempted using TLSv1.0.   Cause The mail server and/or a network firewall is configured to only allow TLS v1.2 connections, and any connection attempts using TLS v1.0 are refused/terminated. Resolution On IBM WebSphere, hosting the SecurID Governance & Lifecycle application, configure the following JVM argument: mail.imaps.ssl.protocols=TLSv1.2 Note: The JVM argument can be added on the WebSphere console > click Servers > Server types > WebSphere application servers > Select server > select the server used for SecurID Governance & Lifecycle > Configuration tab > select Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Java Virtual Machine > Generic JVM Arguments. ... View more

Article Number 000068153 Applies To RSA Product Set: RSA Governance & Lifecycle RSA Version/Condition:  RSA Governance & Lifecycle 7.x.x Issue If the access that is being reviewed is removed outside of the review, collected, and verified and the access is also revoked from the review, a change request is created for access that is no longer there. Cause This is an improvement that is added by the engineering team in ACM-115513. Resolution The behavior is improved, so while creating the Change Request from the review RSA Governance & Lifecycle checks whether the item/review component access has already been revoked outside of the review or not, if yes, no change request is created. This improvement is added for all types of reviews starting from the following version.  SecurID Governance & Lifecycle 7.5.2 P07 ... View more

Article Number 000068115 Applies To RSA Product Set: RSA Governance & Lifecycle RSA Version/Condition:  RSA Governance & Lifecycle 7.x.x Issue The role count being reviewed shows the incorrect entitlement count in the role review. Image description Image description Cause This issue is caused by the occurrence of roles duplicate records in the T_AV_EXPLODEDUSERENTITLEMENTS table. Importing Roles that are created on legacy versions and with the existence of Roles having the same name as the Collected Roles results in duplicates creation in the T_AV_EXPLODEDUSERENTITLEMENTS entries Resolution Contact RSA Customer Support and quote this KB article for a cleanup script for this issue.  Notes Run the attached script Dup_Review_Comp_And_Xue.sql This script contains four select queries that detect if there are any duplicates for the roles. ... View more