12.7.3

Updated the branding for Bravura Security within the product installer for a few remaining areas.

Added database indexes to optimize REST API get_account_attributes performance. Three new indexes added: metaattr_idx_4, targetobjattr_idx_4, and targetobjattr_file_idx_2.

Updated the scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

The autores command line utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning notification is presented in the role assignment user interface if a selected role is disabled and/or unassignable.

Tomcat updated from 9.0.94 to 9.0.109.

The pslocalr.ocx and other controls are added back along with the pslocalr-x64.msi and pslocalr.msi Local Reset Extension installers.  The cgilocalr.cfg sample script is also updated for the pslocalr control.

Fixed formatting issue of error message when unable to load customer-verified connectors during setup.

Fixed an issue with the Websocket Connector Proxy to add mitigations to prevent exceptions when connecting to the proxy tunnel.  This was previously causing connection issues when multiple nodes were configured.

Adjusted the early termination condition in im_corp_hr_orgchart_manager to check the OrgChart data in addition to attribute values.

im_corp_hr_orgchart_manager: adjust the early termination condition to check the orgchart data in addition to attribute values

Updated the Orgchart graph page to load the current user's manager, even if the manager is in an orphaned Orgchart tree (calculated level is -1).

Fixed unexpected quit during password reset when the browser client IP was too long.

Resolved an issue with the Login Assistant / SKA when upgrading from version 12.4.x to 12.8.1 and up.  Upgrading to 12.5.0 and up caused an upgrade issue due to rebranding from Hitachi ID to Bravura Security.

Fixed an issue where operation SRES (User self-reset result) is logged per account for both self-service and help-desk reset, which should be one operation per reset action and for self-service reset only. Also updated the Session activity report to generate the proper statistics for both self-service and help-desk change passwords.

Fixed an issue when unlocking accounts, changing passwords, and detaching accounts for users when the accounts ended with .x.  Previously this caused these operations not to be successful.

Fix compatibility issue where the newer version of the interceptor cannot work with the older version of IDPM.

The autores utility now skips and warns for roles that are disabled and/or unassignable when submitting.

A warning message is given in the role assignment user interface if the role is disabled and/or unassignable.

Resolved a certificate link failure with SAML authentication.

Fixed component import and export of managed system policies with multi-phase authorization so that all authorizers are accounted for instead of just one.

Changes to Create OTP user request:

Updated stored procedure TargetDelete to use RECOMPILE when deleting from targetobj to ensure that an unsuitable (from a performance perspective) cached query plan is not used when deleting large target systems.

Fixed issues with date timezones for Ajax and the product UI in general related to setting the preferred timezone environment variable.

Fixed an issue where implementer(request)-created account could conflict with discovered account if their object names only differ by case, resulting in a runtime error during discovery.

Fixed an issue where the authmod plugin failed to populate authorizers if a request has duplicate RLUA operations (added by wfreq plugin).

Fixed an issue where wizard entitlement members page is broken to start a request in the roles app, when some of the potential members descriptions are too long.

Fixed an issue in the Requests app where the delegation manager was unable to delegate an implementer task on behalf of the selected primary implementer.

Updated the idtm service to suppress operation failure emails when agent returns ACTryAgainLater.

Performance fix for stored procedures AttributeSet and AttribAdd leading to the prevention of deadlocks when large sets of data are involved.

Fixed a runtime error in stored procedure UserclassIsMember due to SQL optimizer executing operations out of order, causing data type conversion failures.

Fixed a runtime error in the UserClassPointLoadFromCache stored procedure that occurred when the userclasspoint.criteriap field contained NULL value.

Fixed REST API endpoint PATCH /targetSystems({key)} to properly save target system option "automaticallyDiscoverResourcesToLoad".

Adjust IDWFMServiceGetto only return a service with matching serverid and actingserver fields if picking a random server

Added a fix to clear the SAML Session ID on failure so that authentication cannot be bypassed.

Profile attributes now correctly fall back to the next-priority mapped account attribute when the highest priority attribute is removed.

Modified the component uninstallation to check if the table exists before removing component data.  This previously caused an issue/exception for hid_extdb to show an error for "no such table".

During discovery, the order of precedence in target attribute overrides is obeyed when listing target attributes.

Fixed runtime error in ObjDiffAssociate stored procedure during auto discovery when handling duplicate accounts (sharing the same stable ID) across different targets with cross-target relationships.

Updated scheduled report configuration page to allow editing and saving the previously saved scheduled report on a patch version upgraded instance.

Fixed an issue that previously still showed connectors in the target type drop-down list that have been removed on upgrade of the Connector Pack.

Use a full build to upgrade to apply the fix for the certificate link failure with SAML authentication.