12.8.1

Updated the branding for Bravura Security within the product installer for a few remaining areas.

Updated the scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

Updated the IDAPI Login function to return a generic error Invalid username or password  or the specified user has insufficient privileges when login fails in the following cases to prevent username enumeration:

Added database indexes to optimize REST API get_account_attributes performance. Three new indexes added: metaattr_idx_4, targetobjattr_idx_4, and targetobjattr_file_idx_2.

Add exit traps for help desk operations in idmlib REST calls.

Updated database queries in ObjAssociateInitial and UserList operations to use OPTION(MAXDOP 1) for improved performance.

The autores command line utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning notification is presented in the role assignment user interface if a selected role is disabled and/or unassignable.

Tomcat updated from 9.0.94 to 9.0.109.

The pslocalr.ocx and other controls are added back along with the pslocalr-x64.msi and pslocalr.msi Local Reset Extension installers.  The cgilocalr.cfg sample script is also updated for the pslocalr control.

The installer now validates that the database compatibility level meets the minimum requirement of 130.

Fixed an issue with the Websocket Connector Proxy to add mitigations to prevent exceptions when connecting to the proxy tunnel.  This was previously causing connection issues when multiple nodes were configured.

Fixed a runtime error in stored procedure UserclassIsMember due to SQL optimizer executing operations out of order, causing data type conversion failures.

Fixed a runtime error in the UserClassPointLoadFromCache stored procedure that occurred when the userclasspoint.criteriap field contained NULL value.

Changes to Create OTP user request:

Updated stored procedure TargetDelete to use RECOMPILE when deleting from targetobj to ensure that an unsuitable (from a performance perspective) cached query plan is not used when deleting large target systems.

Removed an SQL upgrade script that modifies the value of the discovery option Link accounts on this target system to subscribers for the target system discovery template NT_TEMPLATE and for all discovered systems created from NT_TEMPLATE.

Fixed issues with date timezones for Ajax and the product UI in general related to setting the preferred timezone environment variable.

Resolved an issue with the Login Assistant / SKA when upgrading from version 12.4.x to 12.8.1 and up.  Upgrading to 12.5.0 and up caused an upgrade issue due to rebranding from Hitachi ID to Bravura Security.

Fixed an issue where operation SRES (User self-reset result) is logged per account for both self-service and help-desk reset, which should be one operation per reset action and for self-service reset only. Also updated the Session activity report to generate the proper statistics for both self-service and help-desk change passwords.

Resolved an issue with Login Assistant / SKA to retain the value for the vpn-connect-terminate registry key on upgrade.  The value was previously being dropped after upgrading Login Assistant.

Resolved an issue with Login Assistant / SKA to retain the values for -vpnurl and -vpnurlsearch for the cmd registry key on upgrade.  The vpn-url and vpn-url-search registry keys are also now added for new Login Assistant / SKA installations.  These registry keys must be manually added prior to an upgrade of the SKA.

Fixed unexpected quit during password reset when the browser client IP was too long.

Fixed an issue when unlocking accounts, changing passwords, and detaching accounts for users when the accounts ended with .x.  Previously this caused these operations not to be successful.

Fix compatibility issue where the newer version of the interceptor cannot work with the older version of IDPM.

Updated the Orgchart graph page to load the current user's manager, even if the manager is in an orphaned Orgchart tree (calculated level is -1).

The autores utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning message is given in the role assignment user interface if the role is disabled and/or unassignable.

Resolved a certificate link failure with SAML authentication.

Adjust IDWFMServiceGetto only return a service with matching serverid and actingserver fields if picking a random server

Fixed an issue in the Requests app where the delegation manager was unable to delegate an implementer task on behalf of the selected primary implementer.

Updated requests app to not list requests with Calculating authorizers status with Active filter on.

Updated the idtm service to suppress operation failure emails when agent returns ACTryAgainLater.

Profile attributes now correctly fall back to the next-priority mapped account attribute when the highest priority attribute is removed.

During discovery, the order of precedence in target attribute overrides is obeyed when listing target attributes.

Fixed runtime error in ObjDiffAssociate stored procedure during auto discovery when handling duplicate accounts (sharing the same stable ID) across different targets with cross-target relationships.

Updated scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

Modified the component uninstallation to check if the table exists before removing component data.  This previously caused an issue/exception for hid_extdb to show an error for "no such table".

If relevant, the Link accounts on this target system to subscribers discovery option for the target system discovery template "NT_TEMPLATE" and for all discovered systems created from NT_TEMPLATE should be reviewed.  By default, this setting is disabled upon installation.

Added strings vpn-url and vpn-url-search.  During the upgrade, these registry keys must be manually added to construct the runurl command line (cmd registry key). To do this:

Use a full build to upgrade to apply the fix for the certificate link failure with SAML authentication.