Build History - SignOn Solutions 2008

Logon Client

Bug Fix:

• Mulitple Smart Card Reader Support.

Management Console

New Features and/or Functional Changes:

• The new option "allowEmptySource" was added to the variable manager. Is this option is activated, variable mapping will be performed even if the source resolves to empty.

SignOn Proxy

New Features and/or Functional Changes:

• Extended the variable manager to allow receiving variables from the SignOn Agent.

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• Each synchronization request has now a unique SyncID.
• Policy errors while setting the user password are now written to the log with the detailed error code.
• The new option "allowEmptySource" was added to the variable manager. Is this option is activated, variable mapping will be performed even if the source resolves to empty.
• The “After sync” variable mapping point was added.
• The agent can now send variables back to the SignOn Proxy.

Bug Fix:

• The agent no longer triggers a replication if only the user description has been changed.
• Missing logtransactions have been added.
• Fixed a bug in the “disableUserOnSyncError”-function, which has lead to the user being removed from all his group in addition to being disabled.

Logon Client

New Features and/or Functional Changes:

• Smartcard Logon via Comtarsia SignOn Proxy

Bug Fix:

• In local usermode the replacement of the %USERNAME% variable replacement had a case sensitive fault.
• In PKI local user mode the Replacement of the Variable %USERNAME% did not work in the homedirectory- and profile-path.
• In PKI-Mode by Credential Provider focus deselect missing PIN-field clear.

Management Console

New Features and/or Functional Changes:

• Configuration Parameter "ForcePasswordChange" was added.

Logon Client

New Features and/or Functional Changes:

• Each synchronization request has now a unique SyncID.
• ForcePAsswordChange function: The previous fix-defined LDAP user attribute "clcForcePasswordChange" can now be defined using the following parameters: REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\forcePasswordChangeAttribute =1 (Default:""). In Proxy Authentication mode is the on the proxy defined LDAP attribute evaluated and reset.
• The password change within a logon session in domain logon mode is processed over the domain controller instead by the SignOn Agent. With the Parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\PasswordchangeMode = 1 (default: 2) the previous mode is set (password change by SignOn Proxy).
• The session unlock is processed primarily via the Windows user. In case the password of the currently logged on user was changed by a another workstation, the session unlock will also works with this the new password and the new credentials will be applied to the current session. With the parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\PasswordUnlockMode = 1 (default: 2) the previous mode is set (unlock only with the logon password).

Bug Fix:

• In case of a password change triggered by the "Change after Reset" password policy message the user information were not readout completely.
• The cancelation of the password change dialog and subsequent call of the screen lock function causes under certain circumstances that the password change was displayed again.
• A error in the function WorkstationOUMove caused a CredentialProvider crash.

SignOn Proxy

Bug Fix:

• The UserDN variable in "OUSearchList" mode was not set.

Logon Client

New Features and/or Functional Changes:

• As a Windows user account a trusted domain can be configured.
• New LDAP Server Type "OpenDirectory" was added.

Bug Fix:

• An error in the function Groupmapping with case sensitive placeholders #Administrators, #Power Users und #Users was fixed.

Management Console

New Features and/or Functional Changes:

• Configuration options that are not yet integrated in the product have been hidden.
• Configuration audits disabled

Logon Client

Bug Fix:

• A logon via the function "Quick Logon" or via RDP session with autologon credentials causes an internal ComtRPCSrv services error.

Management Console

Bug Fix:

• The variable template for LDAPUser-DN was changed to "LDAPUser:__DN__".

Management Console

Bug Fix:

• The comments of the variables will now be 'escaped' stored in the Registry.

Logon Client

New Features and/or Functional Changes:

• The ComtRPCsrv readiness timeout has been increased from 120 to 180 seconds.

Bug Fix:

• For all Logon Client profiles the main profile SingOn Proxy configuration was used.
• The variable% USERNAME% in RDP sessions was not set correctly.

SignOn Proxy

Bug Fix:

• The UserDN variable in "OUSearchList" mode was not set.

SignOn Proxy

Bug Fix:

• An error in the variablemanager was fixed. The array operator was not cut off in the LDAP request

SignOn Proxy

New Features and/or Functional Changes:

• The internal variable %USERNAME% can now be used as alias for %user%.
• Support for Varialbes with the Regex-Formatter.

Bug Fix:

• An error in the default-variable-entry for LDAP-Groups was fixed.

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• The internal variable %USERNAME% can now be used as alias for %user%.
• Support for Varialbes with the Regex-Formatter.

Logon Client

New Features and/or Functional Changes:

• In Proxy-Logon Mode the remote retrieve (= by proxy) of LDAP user attributes.
• Registry-Values can now be used directly in the variablemanager. Variablen-Source syntax: %Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 501\Log\logLevel%
• Environment-Values can now be used directly in the variablenmanager. Variablen-Source syntax: %ServiceEnv:PROCESSOR_ARCHITECTURE%
• %-Support: In order to define the character "%" on the variablemanager, "%%" must used now. This sequence is converted back to "%" while the export.
• Variables can be exported as environment variables in user context.

SignOn Proxy

New Features and/or Functional Changes:

• With the new parameter REG_DWORD:SignOnProxy\allowClientAttributeRequests=1 can be controlled, whether the proxy obtains logon user attributes from LDAP and forwards it to the client. If required, these values can be overridden by a proxy variable mapping.
• The "expression" of a variable mapping can now even include variables (number of single values and value-manimal a multi-value value).
• Registry-values can now be used directly in the variablemanager. Variablen-Source syntax: %Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 501\Log\logLevel%
• Environment-values can now be used directly in the variablemanager. Variablen-Source syntax: %ServiceEnv:PROCESSOR_ARCHITECTURE%
• %-Support: In order to define the character "%" on the variablemanager, "%%" must used now. This sequence is converted back to "%" while the export.

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• Registry-values can now be used directly in the variablemanager. Variablen-Source syntax: %Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 501\Log\logLevel%
• Environment-values can now be used directly in the variablemanager. Variablen-Source syntax: %ServiceEnv:PROCESSOR_ARCHITECTURE%
• %-Support: In order to define the character "%" on the variablemanager, "%%" must used now. This sequence is converted back to "%" while the export.

Bug Fix:

• An error in the function "waitForStartup"was fixed.

Logon Client

Bug Fix:

• A buffer error in the LDAP API was fixed. Response packets bigger 32KB caused the error (LDAP_SERVER_DOWN).

Management Console

New Features and/or Functional Changes:

• The SignOn Agent parameter "waitForStartup" was added.
• The SignOn Agent parameter "usersToSync" was added.

Logon Client

New Features and/or Functional Changes:

• Support "WorkstationLogonPolicy" for Proxy-Logon-Mode
• Variable Manager Support for Groups

Bug Fix:

• A bug in SyncClient has been fixed: the wrong version number for SignOn Proxy has been transferred.
• A Variable Manager problem with transmit to proxy was fixed.

SignOn Proxy

New Features and/or Functional Changes:

• The installer now creates variable manager-entries for the main LDAP attributes.
• The installer creates a default entry for a local SignOn Agent.

Bug Fix:

• An error in the SyncPolicy was corrected, so that only LDAP groups, but no other variables were used for the evaluation of the SyncPolicy.

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• The parameter REG_DWORD:SignOnAgent\Modules\System\User\usersToSync controls whether the SignOn Agent synchronizes all users (0xF0000000) or only users who already have a user description starting with "SERV_TMP_USER" (0x1.)

Management Console

New Features and/or Functional Changes:

• Checking for updates is now done asynchronously so that the Management Console can respond more quickly.
• Muiltiple LDAP server support was enabled.
• The variables configuration page was enabled.

Bug Fix:

• A fault which was caused by an old configuration has been fixed.
• Improvments on the ListBox(AcceptList, AttributeBasedGroups) were made.

Logon Client

New Features and/or Functional Changes:

• In the function "HwAdmin" the parameter REG_SZ:.\SOSProfile 001\Group\HwAdminSubOU was added. Is the Logon Client in mode "enableWkstLogonPolicy” enabled with the parameter[.\SOSProfile 001\LogonPolicy\enableWkstLogonPolicy= 1], the function "HwAdmin" is executed only if the SubOU which is defined with HwAdminSubOU is selected as Logon Type. If the HwAdmin criteria (HwAdminGroup and HwAdminAtrribute) not match the logon attempt is terminated.
• The interpretation of the parameter [.\SOSProfile 001\Group\HwAdminAttribute] was extended to Regular Expressions.
• In the Local User mode now is guaranteed that the automatically-managed local user gets the local user group membership if the group mapping results no another build-In group (power users or administrators).

Bug Fix:

• An error in the LDAP-Function "userObjectRequired" has been fixed.
• An error in the uninstall function has been fixed.

SignOn Proxy

New Features and/or Functional Changes:

• The SignOn Proxy supports now multiple LDAP servers. All LDAP configuration values can be defined for each LDAP server.

Bug Fix:

• An error in the Uninstall function has been fixed.
• An error in the function "WkstOUMove" has been fixed.

SignOn Agent for Active Directory

Bug Fix:

• An error in the uninstall function has been fixed.

Management Console

Bug Fix:

• A Problem with the Credential Provider registration was fixed.

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• During a new installation an entry for importing all SignOn Proxy variables is created automatically.

Logon Client

Bug Fix:

• An error with LDAP-authentication and the function "SearchForUser"/"FailoverOnUserNotFound" was fixed.

Management Console

New Features and/or Functional Changes:

• Logon Client Multiple LDAP Server support.
• If the LDAP server type changed to "Microsoft AD" a another Credential Provider is registered.
• Values of input fields are now also checked in Menu Events.

Logon Client

New Features and/or Functional Changes:

• Extended Active Directory LDAP Support.
  • Authentication including support for password policy messages.
  • Password change; this requires a communication to the Active Directory over LDAPS. For this to work, in the AD domain the "Certificate Services " must be installed.
  • group memberships using the new group type 0x10.
  • Referrals Support. This can be controlled by the new configuration parameter: DWORD:"LDAPServer\followReferrals"=1.
• Muliple LDAP-Server configuration support for failover function. This allows a completely separate configuration for each ldap server. The parameter DWORD:"LDAPServer\priority"=0 defines the priority of the servers. A small value defines a high priority. There must always be only one server with a specific priority value. If only one LDAP server is defined, the value “failover host” can still be used for compatibility reasons.

Management Console

New Features and/or Functional Changes:

• The "SmartcardHandler" Logflag was added.
• The Logon Client PKI-profile SessionPasswordMode configuration was added.
• In PKI-Profiles the SecurePinEntryMode is configurable via "Logon Policy/PKI"

Bug Fix:

• An error with the assortment of the log flags was repaired.

Logon Client

New Features and/or Functional Changes:

• A new session password mode was introduced, in which the session password is changed only in defined time intervals. This mode is compatible with the Comtarsia Logon Client 2006 session passwords mode (2).
• Is a Smart Card Reader is detected by the Logon Client, it checks to see whether the "Secure PIN Entry"according to PC/SC V2 Part 10 is supported. The parameter "smartCardSecurePINEntryMode" controls how the reader is used for the PIN entry.

Bug Fix:

• Wrong error message after wrong PIN input in the PKI Logon mode was corrected.
• A memory leak in module ComtRPCsrv.exe was solved.

Management Console

New Features and/or Functional Changes:

• Suport for PKI – Logon Mode
• Multiple Profile Mode

Logon Client

New Features and/or Functional Changes:

• Smart Card / PKI – Logon Mode

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• the log messages have been extended.

Bug Fix:

• For creating a user in previous builds the "default group container" instead of the "default user container" were used.
• An error in the function domain Discover was fixed.

SignOn Proxy

New Features and/or Functional Changes:

• The function “GetSessionPassword” and parameter “setSessionPasswordCondition”

SignOn Agent for Active Directory

New Features and/or Functional Changes:

• The function ADS-Discover was adapted for the remote synchronization.

Bug Fix:

• Errors in the LDAP Directory Replicator with synchronization requests were solved.

Initial Bundle Release

Bug Fix:

• A problem with the setting „LDAPGroupTypes“=ibm-allGroups (0x8) was solved.

Bug Fix:

• An error in the installation program of Build 5.0.20.4 was fixed!!
• The ComtRPC Service readiness timout has been increased from 40 to 90 seconds. On very slow computers at boot time the 40 seconds timeout was too short and caused this error message ” ComtRPCSrv" service ist not running!!”.

New Features and/or Functional Changes:

• Function Quick Logon: A login attempt with pre-defined credentials is performed through an additional selection option on the login dialog.
• Autologon with Winlogon Credentials: In case Winlogon autologon credentials are defined, the Microsoft Credential Provider is not filtered out so that the Auto Logon function can perform.
• With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Language (default:English)=“ Italian“ the logon clients switch to Language ID 0x10 = Italian.

New Features and/or Functional Changes:

• The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\ignoreNoUniqueUser=1 (Default:0) lets a user log on, even if they aren’t unique in the directory.
• The parameter DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LDAP\__LDAPSERVER__\ignoreNoUniqueUser=1 (Default:0) specifies that, for a „UserDN Mode“: „Search for User“-configuration, the search will continue on the failover LDAP server if the LDAP user wasn’t found on the primary LDAP server.

Bug Fix:

• In EnableWkstLogonPolicy=1 mode and OFFLINE logon the desktop unlock was not possible.

New Features and/or Functional Changes:

• Failover LDAP Server: A failover LDAP-Server are defined, which is used when the primary LDAP-Server is unreachable.
• Function Log to Syslog: Added ability to log to a syslog server.

Bug Fix:

• An error in the LDAP Posix groups has been fixed. The group search has used the full user DN instead of the UID.
• An Error in the „sambaLMPassword“-Algorithm has been fixed.

New Features and/or Functional Changes:

• On each successful LDAP authentication and LDAP password change the specific Samba user information (Samba password hash) can be set automatically.
• User credentials (user and password) which are send with a RDP connection triggers a LDAP auto logon during the session establishment.
• With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Language (default:English)=“French“ the logon clients switch to Language ID 0x0c = French.

New Features and/or Functional Changes:

• The parameter REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\MinPwdLen (default:0) defines the minimum passwort lenght for password change and LDAP Logon.
• With the registry setting REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\RemoveUser = 3 (0x1 User Account + 0x2 Profile)(default:0) the local user account and profile will be deleted during log-off.

Bug Fix:

• A logic error in the function „SearchForUser“ has been corrected. The object class „person“ instead of the defined user object class has been used.

New Features and/or Functional Changes:

• With the regsitry setting REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\language= „auto“ (default = “auto”), the logon client switches to the system-language automatically.

Bug Fix:

• A logic error in the local group mapping function and in local user mode has been corrected.

New Features and/or Functional Changes:

• The parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\LogonInformationText defines an alternate text which appears when the user clicks on the 'Information'-Link on the logon screen.
• Starting from this build CAFLP license keys are supported.
• Extension of the function “Workstation Logon Policy“.

Bug Fix:

• A logic error has been corrected, which caused a sync request at local workstation unlock.
• A time-out problem in the module ComMSSO was fixed.
• A Installer problem on 64 Bit Platforms was fixed.

New Features and/or Functional Changes:

• New function „HWADMIN“.
• If REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\Scripts\NoScriptByCachedCredLogon = 1 by cached credential logon (offline logon) the logon and logoff scripts are not executed.
• With the paramater REG_DWORD:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonPolicy\EnableWkstLogonPolicy= 1 the function Workstation Logon Policy is enabled.
• SyncClient trigger on Workstation Unlock.

New Features and/or Functional Changes:

• New function „GroupFilter“.

New Features and/or Functional Changes:

• The Installer was adapted for Windows7.

Bug Fix:

• A timing problem in Event Service was fixed.

New Features and/or Functional Changes:

• Windows7 Support

New Features and/or Functional Changes:

• Function „LogonAllowGroups“.
• Function „DefaultEveryoneGroup“.
• Function „DefaultNoGroup“.
• Function „SearchForUser“.
• Function „AttributeBasedGroups“.

Bug Fix:

• A bug by reading of the paramenters REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\UserEnvironment\HomeDirDrive was fixed.

New Features and/or Functional Changes:

• Function „PanelBitmap“: With the parameter REG_SZ:HKEY_LOCAL_MACHINE\SOFTWARE\Comtarsia\SOSProfile 001\LogonClient\ PanelBitmap=” C:\Program Files\Comtarsia\SignOn Solutions 2008\logon_tile.bmp“ can own Logon Client Kachel be loaded. Bitmap 128 x 128 pixel.

New Features and/or Functional Changes:

• Diverse optimizations in domains performance and storage requirements
• Extended support for Novell eDirectory inclusive evaluation of the passwort policy

Bug Fix:

• A bug by LDAP passwort change was fixed, whereat the user received flase error notification due to false LDAP policy evaluation.
• A bug the SSO-functionality was fixed, whereby by the users that logged in for the first time, the SSO-process (ComtMSSO.exe) partially terminated after the startup by itself.

Bug Fix:

• A mistake by connection setup of inter-process-communication was fixed.
• The level of EventLog-entries was not set in some cases.

• A support for the reading of the set IBM Directory Server Password Policy (IBM DS <= 6.0) as well as Effective Password Policy (IBM Ds >= 6.1) for the user object.

Bug Fix:

• A mistake by the setting of a new password after a „Change On Reset“ policy-warning was fixed.