Novell SecureLogin 6.1 SP1, Hotfix 5 Readme

September 09, 2010

1.0 Documentation

This Readme provides information on the defects resolved in Novell SecureLogin Support Pack 1 (SP1), Hotfix 5.

The following sources provide information about Novell SecureLogin 6.1 Support Pack 1:

2.0 Introduction

Novell SecureLogin is a single sign-on application. It consists of multiple, integrated security systems that provide authentication and single sign-on to networks and applications. It provides a single entry point to the corporate network and its user resources, increasing security while enhancing compliance with corporate security policies. It eliminates the requirement for users to remember multiple usernames and passwords and automatically enters them for users when required.

This document provides you an introduction to the new features introduced in this version of Novell SecureLogin and also lists issues related to the administration, functioning, and other aspects of Novell SecureLogin.

3.0 Troubleshooting

During a fresh install of Novell SecureLogin 6.1 SP1, if you are prompted to upgrade, delete all references to the product key, then continue with the installation.

NOTE:Take a backup of the registry keys before deleting.

  1. Click Start > Run > type regedit.

  2. Search for 80D1DD4E-85FD-4978-B010-9C480B10DF18 in the registry keys.

  3. Delete the references to the product key.

4.0 Defects Fixed in Hotfix 5

  • Modified the change password error message. If SecureLogin is installed in LDAP Gina mode, the error messages displayed while changing the password using Ctrl+ Alt+ Del option is appended with the error code to provide adequate information to the user in case of failure.

  • Fixed the slow response time issue. Using Delay command when scripting Terminal Emulator will no longer block COM and Windows Messages. Identified with AGX HLLAPI.

  • If any part of the SSO data is deleted for a user, the delete record is not displayed in the slmanager and NSL client, but SecureLogin does not delete the data from the directory immediately because of ObituaryRecordsDeletion settings.

    The registry setting ObituaryRecordsDeletion value indicates the number of days to wait for permanently deleting the data from the directory. This is causing a lot of redundant data in the directory for the user object to be managed and causes malfunctioning occasionally.

    Use the following hotfix install process to resolve the issue:

    1. Set new DWORD value to zero in the following location:

      HKLM/Software/Protocom/SecureLogin/ObituaryRecordsDeletion

    2. Upgrade to Novell Secure Login 6.1 SP1 Hotfix 5.

    3. Restart the computer.

    After completing the cleanup, do one of the following:

    • Reset the registry value to 90 (default).

    • Reset the registry value to the number of days to wait before deleting.

    • Delete the registry value.

5.0 Defects Fixed in Hotfix 4

  • Fixed the error in setting inheritance rights for Country Objects with the iManager SSO plug-in.

  • Fixed the hanging SecureLogin process. The process hangs and fails to populate the credentials when run from a server enabled with Smooth Roaming and when applications are published through Citrix.

  • Fixed the issue of AD secrets missing in Novell SecureLogin 6.1 SP1 HF3.

  • Fixed the admin access control issue for password policy that occurs if access control is set on the object or container when using SecureLogin Admin Console (slManager) or Microsoft Management Console (mmc).

6.0 Defects Fixed in Hotfix 3

  • Fixed the delay in displaying the GINA menu when home or laptop users press Ctrl+Alt+Del.

  • Fixed a randomly occurring error where Windows shutdown after user unlocked the workstation.

  • Fixed an error where Notes Single Login service (npnotes) was not detecting Active Directory password change event.

    To synchronize passwords between the directories and Lotus Notes:

    1. Create the following DWORD registry keys atr HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP.

      • DisableCADUserSelection - Set the registry value to 1.

      • IgnoreGraceLoginAndEnforcePasswordChange - Set the registry value to 1.

      • ChangePasswordRetryNumber - Set the registry value to 3.

  • Rectified a multi-delay parameter on actions in Desktop Automation Services.

  • Previously, when disconnected from a network an error message indicating, You are not logged in to a Directory and SecureLogin was unable to find any cached user data was displayed repeatedly. This is now fixed.

  • Fixed an error where slwinsso.exe crashes when Novell SecureLogin detects a window being closed.

6.1 Support for SelectLoginCancelled Event

  • This hotfix supports SelectLoginCancelled event. This event allows the OnException command to detect if a user has canceled a multiple login picklist.

7.0 Defects Fixed in Hotfix 2

  • Modified MakeLocal to use symbolplatform instead of the platform name, so that local runtimes are set correctly in terminal emulator sessions.

  • Fixed an issue that was making Internet Explorer non-responsive, while trying to download files.

  • iManager now displays all preferences applied to a user who is part of a group.

  • Modified the SecureLogin SSO plug-in version numbering, because of which the upgrade was failing.

  • Fixed an issue so the Save As dialog box now appears while exporting the application definitions.

  • Fixed the issue of cache files losing synchronization with the directory authentication data after changing the password.

  • Fixed the random issue of SecureLogin going to offline mode after changing the password.

  • The change password dialog box now does not accept blank passwords.

  • Fixed an issue with SecureLogin installation that was resulting in The specified module could not be found, error during upgrade.

  • Fixed the issue of a string getting truncated after a new line when ReadText is used.

  • Fixed an issue in importing XML file in iManager where application data in uppercase was converted to lowercase.

  • Fixed an issue with iManager SSO to enable proper deactivation of application definitions.

  • Removed the Synchronize with Mobile Device option from the UI because the feature is no longer available in SecureLogin.

  • Fixed the SecureLogin SSO issue of not assigning eDirectory rights when using Role Based Services (RBS).

  • If you delete a credential from the menu, you no longer need to restart the application to create a new credential.

  • If you log in with a smart card and change a password by using Ctrl+Alt+Del, syspassword now changes correctly.

  • Fixed The specified module could not be found error, which was occurring during upgrade of Hotfix 1 in LDAP mode.

8.0 Known Issues in 6.1 SP1 Hotfix 2

8.1 Force Shutdown Leaves SecureLogin Icon in System Tray

If you click Start > Run, then type SLProto /forceshutdown to shut down Novell SecureLogin, you can still see the SecureLogin icon in the notification area. This icon vanishes when you move the mouse over it.

9.0 LDAPauth Integration with IDM

Novell SecureLogin is now integrated with IDM-CLE. If IDM-CLE is installed on the client, then the LDAP login dialog box in the GINA mode displays the Forgotten Password link. The text for the link and the URL to be launched can be configured from the CLE installer. The default text is Did you forget your password? This option is useful as a password self-service option to change forgotten passwords.

10.0 Defects Fixed in Hotfix 1

  • Made an enhancement to synchronize the changed password between eDirectory and Active Directory domain users.

  • Fixed an issue where you can select multiple user accounts in the Change Password dialog box.

  • Novell SecureLogin client now successfully switches to online mode after reconnecting to network by using the DoNotLogoffUser registry key.

  • Fixed an error that occurred when exporting the single sign-on preferences. During export the cache refresh was present in the sso-export.xml file but, was missing when the file was imported.

  • Fixed an issue where Tlaunch failed to remain in memory for multiple selection.

  • Tlaunch now works correctly in the background by using the /b switch.

  • Fixed an issue where Novell SecureLogin showed a Java exception error for some custom Java Web sites that utilize combo boxes.

  • Fixed an error where the user was prompted for passphrase when the Security preferences Use Smart card to encrypt SSO Data was set to PKI Credentials and Enable Passphrase Security System was set to No.

  • Fixed an error where users were unable to see the converted application definitions in iManager.

  • Resolved an issue where users were not able to disable the application settings by deselecting the Enable option in iManager > SecureLogin SSO > Applications > Settings.

  • Fixed an issue where the admin user was not able to see the scripts in iManager if Allow Application Definition to be viewed by users and Allow Application Definition to be modified by users options were set to No for non-admin users.

  • Fixed an error where iManager SSO plug-in failed to export or import if the configuration contained any extended characters.

11.0 Known Issues in 6.1 SP1

For a list of issues in using Novell SecureLogin 6.1 SP1, see the Novell SecureLogin 6.1 Support Pack 1 Readme at the Novell SecureLogin documentation Web site..

12.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.