4.7

Added a new Python connector for targeting Ceridian Dayforce for agtdayforce.con that makes use of agtdayforce.py and agtpython.exe.

Added the agttelnet-openssl.exe Telnet connector that adds support for OpenSSL 3.0.

Added support for OpenSSL 3.0 for the psunix package for Connector Pack and for the idmunix package for Bravura Security Fabric.

Added the Generic Solaris Server (SSH) (agtsolaris_ng) connector that adds Python support for the Solaris connector.

Added the loadcvagents utility to install the Customer-Verified connectors. The post-installation or post-upgrade tasks when loading connectors is also modified to install the Customer-Verified connectors for the configured target systems on the Bravura Security Fabric instance server.

Removed the Customer-Verified pre-installation check to no longer run for proxy server upgrades.

Updated the notice message for target systems to notify if any targets are missing their connectors and to show a list of the affected platforms.

Added a pre-installation check for Connector Pack upgrades to identify Removed connectors for configured target systems on the Bravura Security Fabric instance server.

The psunix and idmunix configuration, sample, other files are rebranded for Bravura Security references.

Added the Path to attribute value (XPath/JSONPath) parameter when creating or overriding account attributes for a target type for the path meta attribute to attribute definition schema that provides the ability for the customization of rest/xml paths to specific data in custom schemas.  This is primarily for REST / JSON based connectors with expandable schemas.

Updated the netvalidatepwpol plugin to be able to validate directly against Azure password policies.

Updated the Bravura Security Fabric (agtidm) connector's namespace from hitachi-id to bravurasecurity.

Added support fo the group user add, group user delete, group create, group delete, list groups and list members operations for the Bravura Safe User Management (agtbsafe-user) connector and added the "Default level of access when adding users to collections" target system address option.

Modified the group create operation for the Bravura Safe (agtbsafe) and Bravura Safe User Management (agtbsafe-user) connectors to disallow creating collections with duplicate names.

Updated the Ceridian Dayforce (agtdayforce) python connector to now be able to follow redirects for the server URL. The connector previously could not handle the redirects and would produce an error.

Added more stringent error handling for the Ceridian Dayforce (agtdayforce) python connector when failing to list users during auto-discovery.

Added authentication key management for the following Python-based connectors:

Converted the Unix target system connnector (agtunix) over to using the KVGroup format for the address line.

Converted the NULL target system connector (agtnull) over to using the KVGroup format for the address line.

Added trace logging for the agent framework to be able to log requests and responses from the server side.

Added the Trace Logging target system address option and feature in the advanced section for connectors.

Updated the List Override target system address line option for the following:

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector for the following:

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector for the try again (ACTryAgainLater) message.

Added the "Trace Logging" target system address configuration option for the SAP Server (Netweaver 7.5+) (agtsapnw) connector.

Resolved issues for the SAP Server (Netweaver 7.5+) (agtsapnw) connector regarding incorrect field names in the GRACUSER and GRACROLE table.

Added the LOCACTIVITYGROUPS and LOCPROFILES table lookups and their account attributes for the SAP Server (Netweaver 7.5+) (agtsapnw) connector to provide support for SAP / CUA systems for local ACTIVITYGROUPS and PROFILES.

Updated the Okta connector (agtokta) to improve the error handling when listing users and other objects to prevent a partial listing returning success. This was previously causing only a partial listing of Okta users to be loaded for the instance when running auto-discovery.

Updated the Okta connector (agtokta) to improve error handling for the enable and serverinfo operations. This was previously causing an issue when enabling an account that is already enabled and is not suspended.

Fixed an issue with legacy list operations for connectors when listing without members,

Fixed the Bravura Safe connector (agtbsafe) to maintain and correctly add to the Bravura Safe credential’s password history when resetting passwords.

Fixed an issue with the Bravura Safe (agtbsafe) connector when resetting the credentials within a user's collection when the password for the Safe item was previously empty.

Updated connectors that make use of winhttp calls to ensure that logging is added to state both the method and the URL and to say which calls are being made.

Fixed an issue with the Azure Active Directory (agtazure) connector to properly send failure return codes and other attribute information back through to the Bravura Security Fabric instance.

Fixed the Azure Active Directory (agtazure) connector regarding the post create lookup when checking newly created user objects.

Modified the Active Directory DN (agtaddn) connector to improve the operation performance when listing users/accounts during the auto-discovery process.

Fixed an issue with the SMB Protocol for Active Directory DN (nrcifs.exe) connector for the showmember operation to return the list of user members in the correct format for the name format address line attribute.

Fixed an issue with the Active Directory DN (agtaddn) connector regarding error handling for connection failures when reading a list of managed domains that previously caused accounts to be removed during auto discovery.

Improves the Active Directory DN (agtaddn) and Azure Active Directory (agtazure) connectors to return more specific error codes on some connection issues.

Resolved various scenarios for the Windows NT Server connector ((agtnt)) where the ntlm calls were not properly getting mapped to more detailed agent return codes and were instead defaulting to the ACUnknownError return code.

Added the script name used by a connector to the PerfConnector performance log line.

Fixed an issue with the Telnet target system (Script) (agttelnet) connector to be able to communicate over SSL.

Changed the platform category for the Workday (agtworkday) to be categorized as a Human Resource Management System.

Removed the ability to generate ecdsa keys using the sshkeygen utility.

This addresses CVE-2024-31497 for a security vulnerability for ECDSA private keys for SSH authentication. More information can be found here:

https://www.bravurasecurity.com/cve-2024-31497-full-recovery-of-ecdsa-private-keys-possible

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector to comment out reading the ZMT_USER_SYSTEMS_READ function for CUA systems.

Updated the Palo Alto Networks firewall with PAN-OS (SSH) connector (agtpanos) for an issue that was previously preventing auto-discovery for listing objects and for password resets from functioning properly.

Updated the Python Script (agtpython) connector for the serialization of KVPair attributes such as UPDATE_ONLY_CHANGED_ATTRS within agent.run Python calls.  This is beneficial when wrapping connectors that make use of agtpython in order to properly pass through operations and pseudo attributes.

The Generic Linux Server (SSH) (Legacy) (agtlinux) and SSHD Host target system (Script) (agtssh) connectors are no longer installed by the Connector Pack by default and are now Customer-Verified connectors.

See the full list and more information about Bravura Security-Verified and Customer-Verified connectors.

Removed the Bravura Security Fabric (agtidm) connector from the Connector Pack.

The SAP Server Customer-Verified connector (agtsap) is deprecated starting with Connector Pack 4.7.0 and will be fully removed for Connector Pack 4.9.0. The SAP Server (Netweaver 7.5+) connector (agtsapnw) should be used in its place.