4.6.1

Added the loadcvagents utility to install the Customer-Verified connectors. The post-installation or post-upgrade tasks when loading connectors is also modified to install the Customer-Verified connectors for the configured target systems on the Bravura Security Fabric instance server.

Removed the Customer-Verified pre-installation check to no longer run for proxy server upgrades.

Updated the notice message for target systems to notify if any targets are missing their connectors and to show a list of the affected platforms.

Added a pre-installation check for Connector Pack upgrades to identify Removed connectors for configured target systems on the Bravura Security Fabric instance server.

When upgrading Connector Pack, the installer runs a pre-installation check for "Connectors Being Removed" to identify connectors for configured targets in the Bravura Security Fabric instance that you are upgrading from that are removed and therefore no longer offered in the version that you are upgrading to.

A list of the platforms is provided for connectors requiring manual intervention. There is also a link to the "Removed connectors and replacements" topic in the documentation to outline a list of the removed connectors in recent Connector Pack releases and if there are any replacements available for them.

Deprecated and removed connectors and replacements

After the upgrade, the target configuration page will also show a message such as

"At least one target system is missing its connector. Locate each affected target system using the advanced search on this page".

A list of the platforms missing their connectors will be provided to further identify the removed connectors, which can be searched for using the Target system type parameter.

When the instance-specific or global Connector Pack is upgraded using setup, only the Bravura Security-Verified and connectors will be upgraded.

Customer-Verified connectors are now provided separately in the connector-pack-customer-verified.zip file. They are copied over during the post-install or post-upgrade tasks by the loadcvagents.exe utility when loading connectors.

During an installation or upgrade, only the Customer-Verified connectors that are currently configured as targets on the Bravura Security Fabric instance will be copied and loaded for this action.

The loadcvagents.exe can also be ran separately after an installation or upgrade to copy additional Customer-Verified connector files if needed. This utility is added for Bravura Security Fabric 12.7.1 and up.

Added support for PKI-based authentication (public key authentication) for the following Python-based connectors:

Public key authentication previously existed and was later deprecated for the Legacy PSLang-based versions of these connectors but is now available for the Python-based connectors.

Updated the List Override target system address line option for the following:

The location for the database list files for automatically discovered targets is different than the directory for manually added targets. This fix allows for a fallback to the psconfig directory to allow the differing directories for the location of the list files such as for automatically discovered targets or for custom directory paths.

The doNotLoad option also allows for the list file to not be loaded during the auto discovery process. This may be used in some situations such as where the source is a fake target, it can take an exceedingly long time to list, during testing, and you do not wish to actually load the data until it is validated, or other scenarios where you may not wish to load the data.

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector for the following:

Updated the SAP Server (Netweaver 7.5+) (agtsapnw) connector for the try again (ACTryAgainLater) message.

Added the "Trace Logging" target system address configuration option for the SAP Server (Netweaver 7.5+) (agtsapnw) connector.

Resolved issues for the SAP Server (Netweaver 7.5+) (agtsapnw) connector regarding incorrect field names in the GRACUSER and GRACROLE table.

The Bravura Safe connector (agtbsafe) now populates password history within Bravura Safe when resetting passwords for integrated credentials.

This ensures passwords password history in Bravura Safe is retained when a user's Bravura Safe password is reset using the Bravura Safe connector (agtbsafe). This is also a significant enhancement to Pass Plus implementations, ensuring availability of passwords after re-secure events. For example, the availability of old password values for offline devices that are still requiring authentication against a cached password.

Fixed an issue with the Azure Active Directory (agtazure) connector to properly send failure return codes and other attribute information back through to the Bravura Security Fabric instance.

Fixed the Azure Active Directory (agtazure) connector regarding the post create lookup when checking newly created user objects.

Fixed an issue with the SMB Protocol for Active Directory DN (nrcifs.exe) connector for the showmember operation to return the list of user members in the correct format for the name format address line attribute.

Fixed an issue with the Active Directory DN (agtaddn) connector regarding error handling for connection failures when reading a list of managed domains that previously caused accounts to be removed during auto discovery.

Removed the ability to generate ecdsa keys using the sshkeygen utility.

This addresses CVE-2024-31497 for a security vulnerability for ECDSA private keys for SSH authentication. More information can be found here:

https://www.bravurasecurity.com/cve-2024-31497-full-recovery-of-ecdsa-private-keys-possible

Updated unixssh.py to fix issues with the reset operation when the date last changed and account expiry date attributes are empty.