WIXLIB

CA Single Sign-OnRelease Notesr12.1 CR05

This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred toas the “Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time.This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, withoutthe prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosedby you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governingyour use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you andCA.Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you mayprint or otherwise make available a reasonable number of copies of the Documentation for internal use by you and youremployees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproducedcopy.The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicablelicense for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility tocertify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANYKIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE,DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOSTINVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THEPOSSIBILITY OF SUCH LOSS OR DAMAGE.The use of any software product referenced in the Documentation is governed by the applicable license agreement and suchlicense agreement is not modified in any way by the terms of this notice.The manufacturer of this Documentation is CA.Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictionsset forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, ortheir successors.Copyright 2011 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong totheir respective companies.

CA Product ReferencesThis document references the following CA products: CA Single Sign-On (CA SSO) CA Access Control CA ACF2 CA Audit CA Directory CA Top Secret Unicenter Software DeliveryContact CAContact CA SupportFor your convenience, CA provides one site where you can access the information thatyou need for your Home Office, Small Business, and Enterprise CA products. Athttp://ca.com/support, you can access the following resources: Online and telephone contact information for technical assistance and customerservices Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your productProviding Feedback About Product DocumentationIf you have comments or questions about CA product documentation, you can send amessage to techpubs@ca.com.To provide feedback about CA product documentation, complete our short customersurvey which is available on the CA Support website at http://ca.com/docs.

ContentsChapter 1: Welcome11Chapter 2: Changed Features in CA SSO r12.1 CR0113Limit Number of Concurrent Sessions on a Workstation . 13Enhancements to Certificate Filtering . 14Support for Modifying Password Labels. 14Hide PIN Field in the RSA Authentication Dialog . 15Enhancements to psgbc Utility . 15Display a Custom Name on the CA SSO GINA Dialog . 16Support for CRL as Fallback Revocation Method . 17Enhancements to html connect Extension. 18Support for Enforcing Password Policies . 19Chapter 3: Fixed Issues List21Issues Fixed in CA SSO r12.1 CR01 . 21Issues Fixed in CA SSO r12.1 CR02 . 22Issues Fixed in CA SSO r12.1 CR03. 23Issues Fixed in CA SSO r12.1 CR04 . 24Issues Fixed in CA SSO r12.1 CR05 . 26Chapter 4: New Features in CA SSO r12.129Support for Java Applications . 29Changes to Client.ini File . 29Support for Window Watching Capability. 30Enhancements to the Application Wizard . 30Enhancements to the Policy Manager . 31Enhancements to TCL Scripts . 32Chapter 5: New Features in CA SSO r12.1 CR0233New Command Line Option to Check Client Availability Status . 33Chapter 6: New Features in CA SSO r12.1 CR0335Support for Oracle Jinitiator . 35CA SSO Integration Kit . 35Contents 5

Support for Microsoft Windows 2008 R2. 35Chapter 7: New Features in CA SSO r12.1 CR0437Enhancement to the TCL Script . 37Changes to SSO Token Cookie . 37Enhancements to SSOLaunchBar . 37Support for Citrix . 37AD Configuration Wizard . 38Support for Microsoft Windows 2008 R2 SP1 (64-bit) . 38Support for Microsoft Windows 7 SP1 . 38Support for Windows 2008 R2 Hyper-V . 38Enhancement to CAPKI. 38Enhancements to SSO and SiteMinder Integration . 38Chapter 8: New Features in CA SSO r12.1 CR0539Disable Windows PSA . 39Double-click on CA SSO Launchbar . 40CA SSO PSA Installer Option Added. 40IE9 Certified for CA SSO . 40CA Directory R12SP8 Certified for CA SSO . 40Windows 2008 R2SP1 Certified for CA SSO . 40Application Wizard Support for x64 Windows Platforms. 41CA License Upgrade . 41Extension Added for Protected Mode Compatibilty . 41Enhancement to the TCL Script . 42Chapter 9: Operating System Support43CA SSO Server . 44CA SSO Client . 45ADS Listener . 46Authentication Agents . 46Password Synchronization Agent . 49Application Wizard . 49Policy Manager . 50Session Administrator . 50Chapter 10: System Requirements51CA SSO Server . 51CA SSO Client . 526 Release Notes

ADS Listener . 52Authentication Agents . 52Password Synchronization Agent . 53Policy Manager . 53Session Administrator . 53Chapter 11: General and Installation Considerations55Sizing and Scaling Consideration . 55SSO Client Installer Consideration . 55CA SSO Server Installation Consideration . 55Policy Manager Cannot Connect to the CA SSO Server When Different Modes of Operation Are Used. 55Installation on SUN Solaris and Red Hat Linux . 56Server Upgrade from r8.1 GA to r12.1 Is Not Supported . 56Microsoft Windows Installation Consideration . 56Post Upgrade Configuration for Client.ini Files . 56Change Install Paths of Response Files. 57Chapter 12: Known Issues59CA SSO Server . 59Online Updates to the CA SSO Server Are Not Loaded after selang Updates . 59CA Directory Errors during CA SSO Server Startup . 60CA SSO Server Uninstall May Fail . 60CA SSO Server Data Migration Tools Do Not Support Non-English Characters from Pre-r12.1 Releasesof CA SSO . 60Active Directory Object Limits on Microsoft Windows Platforms Affect CA SSO Server . 61Cannot Log into SSO Server from Policy Manager after Changing to Run in FIPS Mode . 61Issue with CA SSO Server on some Windows 2008 R2 Systems . 62Policy Manager . 62Alternative Languages not Supported . 62Authentication Agents . 62Windows Authentication Host Keyword auto Error. 63Authentication Agents Port Conflict . 63SSO Authentication Method Dialogs not Canceled . 63No Notification Given when Windows Authentication Fails . 63Cert Auth Authentication Does Not Work if the CA SSO Client is in FIPS-only Mode of Operation . 64Interpreter . 64Lycos and Hotbot Do Not Work with sso html search Extension . 64SSO Waittext Extension Failure . 64Cannot Connect to IE7 without specifying an URL with the html browse extension . 65Cannot Connect to a URL using html connect Extension if the Username is Administrator . 65Getscrape and Waittext Extension Failure . 65Contents 7

Session Administrator . 65Internet Shortcut Is Not Created in Mozilla or Firefox . 66Navigating Using Interactive Mode . 66Password Synchronization Agent (PSA) . 66PSA Modify/Repair Installation Functionality not Available . 66Application Wizard . 66Punctuation Characters must not be Used in Application Windows and Pages . 67Do Not Use Non-Standard Control Types on the Window You Are Automating . 67SSO Client . 67Dialogs Are Not Closed . 68Keep Servers Listed to a Minimum . 68Taskbar Right-Click Menu Does Not Work when Launchbar Is Docked . 68Taskbar Icon Does Not Disappear when Launchbar Application Is Exited . 68Launchbar Screen Size Does Not Automatically Adjust . 69Launchbar May Not Resize Correctly . 69Application Names May Be Truncated . 69Event Commands May Execute in Both Local and Remote Sessions . 69Navigating Using Interactive Mode . 69Remote Desktop Logon for GINA and Credential Providers Fails . 69Change Password Fails When Using LDAP Authentication Agent . 70Citrix Application Fails to Start . 70Citrix Terminal Session Ends . 71SSO Client (64-bit) Cannot Launch Citrix Applications . 71SSO Client (64-bit) Does Not Support Smart Cards . 71Chapter 13: International Support73Chapter 14: Accessibility Features75Product Enhancements . 76Keyboard Shortcuts . 78Hot Keys . 79Chapter 15: Bookshelf89Chapter 16: Published Fixes91Appendix A: Third Party Acknowledgements93Softwares Under the Apache License. 94Boost 1.40 . 97Java Access Bridge v2.0.2 . 988 Release Notes

TCL 8.4.19 . 99Tclxml 2.6 . 100OpenSSL 0.9.8.d and 0.9.8.h . 101Zlib V1.2.3 . 103Contents 9

Chapter 1: WelcomeWelcome to CA Single Sign-On (CA SSO). This document contains information aboutinstallation, operating system support, new features, changes to existing features,known issues, third-party acknowledgments, and about contacting CA TechnicalSupport.Chapter 1: Welcome 11

Chapter 2: Changed Features in CA SSOr12.1 CR01This section contains the following topics:Limit Number of Concurrent Sessions on a Workstation (see page 13)Enhancements to Certificate Filtering (see page 14)Support for Modifying Password Labels (see page 14)Hide PIN Field in the RSA Authentication Dialog (see page 15)Enhancements to psgbc Utility (see page 15)Display a Custom Name on the CA SSO GINA Dialog (see page 16)Support for CRL as Fallback Revocation Method (see page 17)Enhancements to html connect Extension (see page 18)Support for Enforcing Password Policies (see page 19)Limit Number of Concurrent Sessions on a WorkstationNote: The following enhancement is valid on Windows Vista and Windows 7 inworkstation modes 4 and 5 only.You can now configure the CA SSO Client to limit the number of concurrent sessions ona workstation. To create a session, the CA SSO Client does the following during a userlogin process:1.Verifies if the number of concurrent sessions has reached the specified limit. If thelimit is not reached, a new session is created.2.If the specified limit is reached, the CA SSO Client verifies each of the existingsessions starting from the oldest session for any active monitored applications. TheCA SSO Client will log off a session that has no active monitored applications. If allthe existing sessions have active monitored applications, the CA SSO Client does notcreate a new session.Note: Monitored applications are your preferred applications that are mentioned inthe MonitorAppExes in the Client.ini file.The following entries in the [CredentialProvider] section of the Client.ini file controls thisCA SSO Client behavior. MaxConcurrentSessions LimitChoice MonitorAppExesNote: For more information about these entries, see the Client.ini file description in theAdministration Guide.Chapter 2: Changed Features in CA SSO r12.1 CR01 13