IBM Tivoli Security Policy Manager 7.1.0-TIV-ITSPM-FP0001 and 7.1.0-TIV-ITRTSS-FP0001 Readme


Contents

Abstract
Downloading the Fix Pack
Known Issues
Installing the fix pack
Updating Version 7.1.0 with Fix Pack 7.1.0.1
Updating policy administration components
Updating the Tivoli runtime security services server
Updating the Tivoli runtime security services client
Updating the Tivoli Security Policy Manager software development kit
Updating the Runtime Security Services software development kit
Rolling back or uninstalling fix pack files
Uninstalling both Fix Pack 7.1.0.1 and Version 7.1.0 files
Fixes
Features
Notices
Trademarks

Abstract

The Fix Pack Readme topics describe the contents of the Tivoli Security Policy Manager Fix Pack 7.1.0.1

Readme file for: IBM® Tivoli® Security Policy Manager
Product/Component Release: 7.1.0
Update Name: Fix Pack 1
Fix ID: 7.1.0-TIV-ITSPM-FP0001
Fix ID: 7.1.0-TIV-ITRTSS-FP0001
Publication date: 16  November 2010
Last modified date: 16 November 2010

Downloading the Fix Pack

Download and extract the fix pack files from the Customer Support FTP site or website.

About this task

Tivoli Security Policy Manager Fix Pack 7.1.0.1 consists of two separate compressed files. One file contains the policy manager packages. The other file contains the runtime security services packages. Download the compressed files that apply to your deployment.

Table 1. Fix pack packages and compressed files
Package Fix Pack compressed file
Tivoli Security Policy Manager 7.1.0-TIV-ITSPM-FP0001.zip
Tivoli Security Policy Manager Software Development Kit
Runtime Security Services Server 7.1.0-TIV-ITRTSS-FP0001.zip
Runtime Security Services Client
Runtime Security Services Software Development Kit

Procedure

  1. Access either the FTP site or website:
  2. Extract the compressed files.

    Each compressed file contains packages of files. Extract the file or files that have the packages you want to install. Make note of the directory where you downloaded each compressed file.

Known Issues

Known issues with the fix pack are documented in this topic. You can also query the tech notes database on the Customer Support website.

There are known issues with the Installation Manager application:

Known problems and limitations about Tivoli Security Policy Manager are documented in the form of tech notes on the IBM Software Support website at

http://www.ibm.com/software/tivoli/support/security-policy-mgr/

As limitations and problems are discovered and resolved, the IBM Software Support team updates the knowledge base. By searching the knowledge base, you can quickly find workarounds or solutions to problems that you experience. The following link sends a customized query to the live Support knowledge base for Tivoli Security Policy Manager:

http://www.ibm.com/support/search.wss?tc=SSNGTE&rs=3554&rank=8&atrn=SWVersion&atrv=7.1&dc=DB520+DB560

To create your own query, go to the Advanced search page on the IBM Software Support website.

Installing the fix pack

Choose to either update an existing Version 7.1.0 installation with the fix pack files or to install both the Version 7.1.0 files and the fix pack files.

Choose your deployment scenario:

Updating Version 7.1.0 with Fix Pack 7.1.0.1

You can update a Tivoli Security Policy Manager 7.1.0 deployment with the files in Fix Pack 7.1.0.1.

About this task

Use the Installation Manager application to add the Fix Pack packages. The Installation Manager graphical user interface includes an Update icon. When you click this icon, Installation Manager runs a wizard that leads you through the required steps. During the update, you can specify values for the same configuration properties that you set when you installed Version 7.1.0.

Procedure

  1. Identify the packages and features that you want to update.
    Table 2. Tivoli Security Policy Manager packages and features
    Package Features
    Tivoli Security Policy Manager Tivoli Policy Platform
    Tivoli Security Policy Manager server
    Tivoli Security Policy Manager administration console
    Tivoli Integrated Portal console
    Tivoli Security Policy Manager configuration utility
    Tivoli Security Policy Manager SDK Software Development Kit and Samples
    Runtime Security Services Server Authorization Service
    Runtime Security Services Client Authorization Service Runtime
    Policy Management Administration Agent
    Web Services Application Enforcement
    Runtime Security Services SDK Software Development Kit and Samples
    Portal Application Enforcement Software Development Kit
  2. Complete the instructions for the package that you want to update.
  3. Verify success by reviewing the Installation Manager log files.

    Use the Installation Manager log viewer:

Updating policy administration components

You can update the policy administration components using the fix pack installation files that are downloaded from the Customer Support website. The policy administration components include the policy manager server, configuration tool, and policy manager console.

About this task

Note:
This Fix Pack introduces support for deploying policy administration components into a WebSphere cluster. This means that there are no prior cluster deployments to update. You can update policy administration components that are deployed on a stand-alone WebSphere Application Server. To install policy administration components in a WebSphere cluster, complete a new installation. See Tivoli Security Policy Manager in a clustered WebSphere Application Server environment.

Procedure

  1. Start Installation Manager.
    AIX®, Linux®, Linux on System z®, or Solaris
    1. Open a command-line window and navigate to the directory containing Installation Manager.

      The default installation directory is:

      /opt/IBM/InstallationManager/eclipse
    2. Start the program. 
      IBMIM
    Windows®
    Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
  2. Click File -> Preferences.
  3. Configure a repository connection. This step specifies the location of the fix pack installation files.
    1. Click Add Repository.
    2. Browse to directory containing the extracted files from the archive file.
    3. Locate the repository configuration file. For example, if you extracted the Fix Pack files on a Windows system in C:\Temp: 
      C:\Temp\policy\delta_7101\repository.config
    4. Click OK to add the location as a repository.
    5. Optionally, click Test Connections. Verify that you get the message: 
      All repositories are connected
    6. Verify also that the Tivoli Security Policy Manager 7.1.0 repository occurs in the repository before the Fix Pack repository. This ordering ensures that Installation Manager installs the Fix Pack files last.
    7. Click OK again.
    Note:
    Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
  4. Click Update.
  5. The Update Packages panel displays package groups. The TSPM package group is highlighted. Click Next.
  6. On the Update Packages panel, select the Version 7.1.0.1 package under Tivoli Security Policy Manager 7.1.0.0. Click Next.
  7. After reading the license agreement:
  8. Installation Manager displays a list of installed components. Each installed component is selected. These components will be updated. Verify that the list is correct and click Next.

    Components can include:

  9. Confirm the values in the Connection Details panel and click Next.

    Installation Manger displays current values for:

    SOAP port
    Specifies the port value that is used by WebSphere® Application Server for SOAP communications.
    Security enabled
    Specifies whether communication with WebSphere Application Server occurs only over secure connections.
    Note:
    Clear Security enabled only if instructed to do so by IBM Support personnel.
  10. If you are updating the policy manager server, specify the necessary passwords on the Security Details panel. Verify that the supplied values for the other properties are correct. Click Next.

    Supply a password for the administrative user and for the truststore. If your deployment uses the keystore, supply a password for it.

    Note:
    If your deployment does not have security enabled, you cannot specify these values.
    Administrative user name
    Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
    Administrative user password
    Required. Specifies the password for the WebSphere Application Server administrator.
    Truststore location
    Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
    Truststore password
    Required. Specifies the password for the truststore.
    Keystore location
    Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
    Keystore password
    Optional. Specifies the password for the keystore if a location was specified.
  11. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance and perform one of the following actions:
  12. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are updating the product components. Click Next.
  13. If you are updating the policy manager console, specify the password in the Tivoli Integrated Portal Install Details panel. Confirm that the other values are correct. Click Next.
    User name
    Specifies the name of the administrator for the console. The default value is tipadmin.
    User password
    Specifies a password for the administrator.
    Verify user password
    Specifies the password again for verification.
    Console HTTP port
    Specifies the port number to be used for connecting to the console using a web browser or accept the default. The default port number is 16310.
    Location to install Tivoli Integrated Portal (TIP)
    Specifies the fully qualified name of the directory where the Tivoli Integrated Portal is installed.

    The default installation directory is:

    AIX, Linux, Linux on System z, or Solaris 
    /opt/IBM/tivoli/tip
    Windows 
    C:\Program Files\tivoli\tip
  14. Review the summary information and click Update. Installation Manager starts gathering files.
  15. Click Finish to complete the installation.
  16. Exit Installation Manager.

    Click File -> Exit.

What to do next

Complete the following steps to refresh the WebSphere OSGi cache:

  1. Stop the WebSphere Application Server for the policy manager.

    See the stopping topics in the WebSphere® Application Server information center:

  2. Run the OSGi configuration script to refresh the WebSphere OSGi cache.
  3. Start the WebSphere Application Server for the policy manager.

    See the starting topics in the WebSphere® Application Server information center:

  4. Stop and restart the server where the console (the Tivoli Integrated Portal component) is installed.
    Windows:
    Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
    1. Stop the server with the following command:

      stopServer.bat -server1 -username adminname -password adminpassword

    2. Start the server with the following command:

      startServer.bat server1

    AIX, Linux, or Solaris
    Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
    1. Stop the server with the following command:

      stopServer.sh -server1 -username adminname -password adminpassword

    2. Start the server with the following command:

      startServer.sh server1

Updating the Tivoli runtime security services server

You can update the Tivoli runtime security services server package using the fix pack installation files that are downloaded from the Customer Support website.

Procedure

  1. Start Installation Manager.

    If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

    AIX, Linux, Linux on System z, or Solaris
    1. Open a command-line window and navigate to the directory containing Installation Manager.

      The default installation directory is:

      /opt/IBM/InstallationManager/eclipse
    2. Start the program. 
      IBMIM
    Windows
    Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
  2. Click File -> Preferences.
  3. Configure a repository connection. This step specifies the location of the fix pack installation files.
    1. Click Add Repository.
    2. Browse to directory containing the extracted files from the archive file.
    3. Locate the repository configuration file. For example, if you extracted the Fix Pack files on a Windows system in C:\Temp: 
      C:\Temp\policy\delta_7101\repository.config
    4. Click OK to add the location as a repository.
    5. Optionally, click Test Connections. Verify that you get the message: 
      All repositories are connected
    6. Verify also that the Tivoli Security Policy Manager 7.1.0 repository occurs in the repository before the Fix Pack repository. This ordering ensures that Installation Manager installs the Fix Pack files last.
    7. Click OK again.
    Note:
    Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
  4. Click Update.
  5. The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
  6. On the Update Packages panel, select the Version 7.1.0.1 package under IBM Tivoli Runtime Security Services Server 7.1.0.0. Click Next.
  7. After reading the license agreement:
  8. The Update Packages panel displays the features to update The Authorization Service package is highlighted. Click Next.
  9. Confirm the values in the Connection Details panel and click Next.

    Installation Manger displays current values for:

    SOAP port
    Specifies the port value that is used by WebSphere Application Server for SOAP communications.
    Security enabled
    Specifies whether communication with WebSphere Application Server occurs only over secure connections.
    Note:
    Clear Security enabled only if instructed to do so by IBM Support personnel.
  10. Specify the necessary passwords on the Security Details panel. Verify that the supplied values for the other properties are correct. Click Next.

    Supply a password for the administrative user and for the truststore. If your deployment uses the keystore, supply a password for it.

    Note:
    If your deployment does not have security enabled, you cannot specify these values.
    Administrative user name
    Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
    Administrative user password
    Required. Specifies the password for the WebSphere Application Server administrator.
    Truststore location
    Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
    Truststore password
    Required. Specifies the password for the truststore.
    Keystore location
    Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
    Keystore password
    Optional. Specifies the password for the keystore if a location was specified.
  11. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance and perform one of the following actions:
    Note:
    If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
  12. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
  13. Review the summary information and click Update to begin the installation.
  14. Click Finish to complete the installation.
  15. Exit Installation Manager.

    Click File -> Exit.

What to do next

  1. Verify that you can issue administration commands to the runtime security services server.

    For example, you can use the administration console to verify that the runtime security services audit settings are visible.

  2. Verify that you can distribute policy to a policy distribution target.

    See the Tivoli Security Policy Manager Administration Guide for instructions on how to distribute policy.

  3. Update the runtime security services clients.

Updating the Tivoli runtime security services client

You can update the Tivoli runtime security services package using the fix pack installation files that are downloaded from the Customer Support website.

Procedure

  1. Start Installation Manager.

    If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

    AIX, Linux, Linux on System z, or Solaris
    1. Open a command-line window and navigate to the directory containing Installation Manager.

      The default installation directory is:

      /opt/IBM/InstallationManager/eclipse
    2. Start the program. 
      IBMIM
    Windows
    Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
  2. Click File -> Preferences.
  3. Configure a repository connection. This step specifies the location of the fix pack installation files.
    1. Click Add Repository.
    2. Browse to directory containing the extracted files from the archive file.
    3. Locate the repository configuration file. For example, if you extracted the Fix Pack files on a Windows system in C:\Temp: 
      C:\Temp\policy\delta_7101\repository.config
    4. Click OK to add the location as a repository.
    5. Optionally, click Test Connections. Verify that you get the message: 
      All repositories are connected
    6. Verify also that the Tivoli Security Policy Manager 7.1.0 repository occurs in the repository before the Fix Pack repository. This ordering ensures that Installation Manager installs the Fix Pack files last.
    7. Click OK again.
    Note:
    Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
  4. Click Update.
  5. The Update Packages panel displays package groups. Verify that the RTSSClient package group is selected. Click Next.
  6. On the Update Packages panel, select the Version 7.1.0.1 package under IBM Tivoli Runtime Security Services Client 7.1.0.0. Click Next.
  7. After reading the license agreement:
  8. The Update Packages panel displays the installed features to update. Verify that the required features Authorization Service Runtime and Policy Management Administration Agent are selected. If the optional feature Web Services Application Enforcement is installed, verify that it is selected. Click Next.
  9. Confirm the values in the Connection Details panel and click Next.

    Installation Manger displays current values for:

    SOAP port
    Specifies the port value that is used by WebSphere Application Server for SOAP communications.
    Security enabled
    Specifies whether communication with WebSphere Application Server occurs only over secure connections.
    Note:
    Clear Security enabled only if instructed to do so by IBM Support personnel.
  10. Specify the necessary passwords on the Security Details panel. Verify that the supplied values for the other properties are correct. Click Next.

    Supply a password for the administrative user and for the truststore. If your deployment uses the keystore, supply a password for it.

    Note:
    If your deployment does not have security enabled, you cannot specify these values.
    Administrative user name
    Required. Specifies the user name of the administrator that is managing the WebSphere Application Server instance. The default value is wasadmin.
    Administrative user password
    Required. Specifies the password for the WebSphere Application Server administrator.
    Truststore location
    Required. Specifies the fully qualified path and name of the truststore for WebSphere Application Server.
    Truststore password
    Required. Specifies the password for the truststore.
    Keystore location
    Optional. Specifies the keystore location used by the WebSphere server to establish a secure connection with the installation program. If you are using the default keystore, the location is blank.
    Keystore password
    Optional. Specifies the password for the keystore if a location was specified.
  11. In the Queried WebSphere Server Information panel, verify that the listed values are correct for the WebSphere Application Server instance and perform one of the following actions:
    Note:
    If you are installing in a WebSphere cluster, the displayed text shows the correct cell name, but incorrectly shows the server name as one of the nodes.
  12. In the Server Or Cluster To Deploy panel, select the WebSphere environment where you are installing the product components. Click Next.
  13. Review the summary information and click Update to begin the installation.
  14. Click Finish to complete the installation.
  15. Exit Installation Manager.

    Click File -> Exit.

What to do next

Update and verify the client configuration. Use the links below to complete the configuration. The links point to configuration tasks on the Tivoli Security Policy Manager information center.

Updating the Tivoli Security Policy Manager software development kit

You can update the Tivoli Security Policy Manager software development kit package with the fix pack installation files.

Procedure

  1. Start Installation Manager.

    If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

    AIX, Linux, Linux on System z, or Solaris
    1. Open a command-line window and navigate to the directory containing Installation Manager.

      The default installation directory is:

      /opt/IBM/InstallationManager/eclipse
    2. Start the program. 
      IBMIM
    Windows
    Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
  2. Click File -> Preferences.
  3. Configure a repository connection. This step specifies the location of the fix pack installation files.
    1. Click Add Repository.
    2. Browse to directory containing the extracted files from the archive file.
    3. Locate the repository configuration file. For example, if you extracted the Fix Pack files on a Windows system in C:\Temp: 
      C:\Temp\policy\delta_7101\repository.config
    4. Click OK to add the location as a repository.
    5. Optionally, click Test Connections. Verify that you get the message: 
      All repositories are connected
    6. Verify also that the Tivoli Security Policy Manager 7.1.0 repository occurs in the repository before the Fix Pack repository. This ordering ensures that Installation Manager installs the Fix Pack files last.
    7. Click OK again.
    Note:
    Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
  4. Click Update.
  5. The Update Packages panel displays package groups. The TSPM package group is highlighted. Click Next.
  6. On the Update Packages panel, select the Version 7.1.0.1 package under Tivoli Security Policy Manager 7.1.0.0. Click Next.
  7. After reading the license agreement:
  8. The Update Packages panel highlights the Software Development Kit package. Confirm that the package is correct and click Next
  9. Review the summary information and click Update to begin the installation.
  10. Click Finish to complete the installation.
  11. Exit Installation Manager.

    Click File -> Exit.

Updating the Runtime Security Services software development kit

You can update the Runtime Security Services software development kit package by installing the fix pack installation files.

Procedure

  1. Start Installation Manager.

    If installing into a WebSphere cluster, start Installation Manager on the WebSphere Application Server deployment manager.

    AIX, Linux, Linux on System z, or Solaris
    1. Open a command-line window and navigate to the directory containing Installation Manager.

      The default installation directory is:

      /opt/IBM/InstallationManager/eclipse
    2. Start the program. 
      IBMIM
    Windows
    Click Start -> All Programs -> IBM Installation Manager -> IBM Installation Manager.
  2. Click File -> Preferences.
  3. Configure a repository connection. This step specifies the location of the fix pack installation files.
    1. Click Add Repository.
    2. Browse to directory containing the extracted files from the archive file.
    3. Locate the repository configuration file. For example, if you extracted the Fix Pack files on a Windows system in C:\Temp: 
      C:\Temp\policy\delta_7101\repository.config
    4. Click OK to add the location as a repository.
    5. Optionally, click Test Connections. Verify that you get the message: 
      All repositories are connected
    6. Verify also that the Tivoli Security Policy Manager 7.1.0 repository occurs in the repository before the Fix Pack repository. This ordering ensures that Installation Manager installs the Fix Pack files last.
    7. Click OK again.
    Note:
    Depending on your network configuration, you also might need to configure proxy settings or adjust your firewall settings.
  4. Click Update.
  5. The Update Packages panel displays package groups. The RTSS package group is highlighted. Click Next.
  6. On the Update Packages panel, select the Version 7.1.0.1 package under Runtime Security Services 7.1.0.0. Click Next.
  7. After reading the license agreement:
  8. The Update Packages panel highlights the packages that are installed. This includes Software Development Kit package, and can include Software Development Kit and Samples and Portal Application Enforcement Software Development Kit. Confirm that the packages are correct and click Next.
  9. Review the summary information and click Update to begin the installation.
  10. Click Finish to complete the installation.
  11. Exit Installation Manager.

    Click File -> Exit.

Rolling back or uninstalling fix pack files

Use Installation Manager to roll back or uninstall a set of software packages.

Installation Manager supports two different tasks for removing the Fix Pack files. You must choose which task you want to do.

The Installation Manager graphical user interface presents an icon for Roll back and an icon for Uninstall.

Select the instructions appropriate for your deployment:

Uninstalling both Fix Pack 7.1.0.1 and Version 7.1.0 files

Use Installation Manager to uninstall both the Fix Pack 7.1.0.1 files and the Version 7.1.0 files.

Before you begin

If you are uninstalling the Tivoli Security Policy Manager package, and have previously created a response file for the Tivoli Security Policy Manager configuration tool, and want to preserve the file for future use, save the response file before uninstalling the product.

If you created a response file for the Tivoli Security Policy Manager configuration tool in the /opt/IBM/TSPM directory hierarchy, back up the response file before you uninstall Tivoli Security Policy Manager. Place the backup files in a directory that is separate from the Tivoli Security Policy Manager installation directory.

About this task

You can use one Installation Manager uninstallation task to remove both the Fix Pack 7.1.0.1 files and Version 7.1.0 files. The Fix Pack has the same packages (components) and features as Version 7.1.0. The Installation Manager uninstallation process removes all files for the selected packages.

Procedure

  1. Use the uninstallation process that is documented on the Tivoli Security Policy Manager information center. See Uninstalling Tivoli Security Policy Manager.

    The uninstallation process on the information center applies to the fix pack files as well as to the Version 7.1.0 files. The information center describes both interactive and silent uninstallation mode. The information center topics describe the necessary unconfiguration and uninstallation steps for each of the product packages:

  2. If you uninstalled the Tivoli Security Policy Manager policy manager component, you must refresh the WebSphere OSGi cache. Complete the following instructions:
    1. Stop the WebSphere Application Server for the policy manager.

      See the stopping topics in the WebSphere® Application Server information center:

    2. Run the OSGi configuration script to refresh the WebSphere OSGi cache.
      • AIX, Linux, Linux on System z, or Solaris 
        WAS_HOME/profiles/profile_name/bin/osgiCfgInit.sh
      • Windows 
        WAS_HOME\profiles\profile_name\bin\osgiCfgInit.bat
    3. Start the WebSphere Application Server for the policy manager.

      See the starting topics in the WebSphere® Application Server information center:

    4. Stop and restart the server where the console (the Tivoli Integrated Portal component) is installed.
      Windows:
      Go to C:\Program Files\IBM\tivoli\tip\profiles\TIPProfile\bin
      1. Stop the server with the following command:

        stopServer.bat -server1 -username adminname -password adminpassword

      2. Start the server with the following command:

        startServer.bat server1

      AIX, Linux, or Solaris
      Go to /opt/IBM/tivoli/tip/profiles/TIPProfile/bin
      1. Stop the server with the following command:

        stopServer.sh -server1 -username adminname -password adminpassword

      2. Start the server with the following command:

        startServer.sh server1

  3. When you complete the uninstallation, you can optionally review the Installation Manager log files.

    Use the Installation Manager log viewer:

Fixes

The fix pack provides fixes for a number of the APARs.

Table 3. Fixes contained in Fix Pack 7.1.0.1
APAR Problem summary
IZ80883 RTSS LOCAL MODE IS FAILING WITH J2EE ENFORCEMENT
IZ87160 NULLPOINTEREXCEPTION IN STS ATTRIBUTE FINDER WHEN PARSING RTSR
IZ77364 JAX-WS PEP DOES NOT ENFORCE SERVICES USING MESSAGE LEVEL AUTHENTICATION
IZ87161 JAXWS PEP SHOULD LOOK IN MESSAGE CONTEXT FOR SUBJECT
IZ87166 JAXWS PEP SHOULD FALL BACK TO RUN-AS SUBJECT
IZ83168 PROBLEM ATTACHING POLICY VIA CLASSIFICATION

Features

This fix pack contains new features. The new features are not enabled by default. You can enable the features you want to use.

Some of the new features are part of the runtime environment. These features are not enabled by default. To enable them, see: New features for the runtime environment

Other new features provide enhanced capabilities for configuration or customization. To deploy these features, see New features for deployment.

The new features are fully described on the Tivoli Security Policy information center. Click on the following links to access information on each new feature:

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY  10504-1785
U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
USA

Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.

The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at http://www.ibm.com/legal/copytrade.shtml

Adobe, Acrobat, Portable Document Format (PDF), and PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both.

Intel, Intel Inside (logos), Itanium, MMX, and Pentium are trademarks of Intel Corporation in the United States, other countries, or both.

Linux is a trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java logo Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.