IBM^® Security Access Manager for Web

Fix Pack 8.0.0-ISS-ISAM-FP0005 README

©Copyright International Business Machines Corporation 2013, 2014. All rights reserved. U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

NOTE: Before using this information and the product it supports, read the general information under the Notices section of this document.

Date: Monday, 29 September 2014

1. About the fix pack

This fix pack provides fixes and new features for IBM Security Access Manager for Web & Mobile Version 8.0.0.5.

1.1 Fix pack contents and distribution

This fix pack package contains:

• An .iso image of the software

• A .pkg file image of the software

• This README file

This fix pack is distributed as an electronic download from the IBM Support Web Site .

1.2 Fix packs superseded by this fix pack

8.0.0-ISS-ISAM-FP0004

8.0.0-ISS-ISAM-FP0003

8.0.0-ISS-ISAM-FP0002

8.0.0-ISS-ISAM-FP0001

Back to Contents

2. APARs and defects fixed

2.1 IBM Security Access Manager for Web

2.1.1 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0005

IV64915 – Stability fix

Stability fix for WebSEAL.

IV64910 - Stability fixes for fixpacks page in LMI

Stability issues in the LMI related to Fixpacks.

IV64673 – Cannot obfuscate BASICAUTH-DUMMY-PASSWD

Cannot obfuscate basicauth-dummy-passwd.

IV63945 - Cannot clear msg__felb.log

Cannot clear the FELB message log from the LMI.

IV63863 - Unable to create users after migrating to ISAM with a standard data model.

Creation of authorization and WebSEAL servers after migrating an older version of Policy server to an 8.0 appliance results in errors.

IV63362 - "Junction cookie JavaScript block" pull down missing options

In ISAM 8 some of the options for the junction cookie block are missing.

IV63198 - Reverse proxy migration process allows importing kdb files which the LMI does not allow

Importing a kdb file that contains “.” in the file name does not work from the LMI

IV62914 – REST API documentation for system statistics (memory, storage, cpu) is incorrect

REST API documentation for retrieving system statistics like memory, CPU and storage on the appliance is incorrect.

IV62760 – Large snapshot file does not upload properly

When uploading a large snapshot file the progress indicator stops spinning but the snapshot is not in the list.

IV62496 – Failover cookies are ignored

Failover cookies are not working.

IV62323 – WebSEAL Gateway appliance LMI does not show the historical rollover log files

When a WebSEAL instance rolls over a log file, either msg,request, referer or agent log, the historical rollover logs are not shown in the LMI

IV62031 - Backup FELB can be started only one time

Switching multiple times between primary and backup FELB does not work.

IV60945 - ISAM V8 appliance with ISAM 7 Policy Server->AD

Customer cannot configure WebSEAL on ISAM 8.0 to ISAM 7.0 Policy Server.

2.1.2 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0004

IV61502 - ISAM 8.0 documentation contains incorrect / obsolete information about policy server high availability.

The ISAM 8.0 Information Center is confusing / misleading when describing the possibilities to configure high availability / fail-over of the Policy Server component.

IV61431 - WGA load balancer config generates alert errors and corrupts snapshots

Load balancer option 'option_forwardfor' cannot be deleted once selected and causes various errors including corrupting snapshots.

IV61393 - The policy server import process does not handle non-standard ports

The isam_migration script, which is used to migrate a software based policy server to the appliance, does not migrate the port information of the policy server. This means that if the policy server is using a non-default port it will revert to the default port on the appliance.

IV61364 - False failure after migration

Importing and deploying older configuration into appliance succeed, but after restart LMI shows instance could not be started and changes are active = false.

IV61204 - Need more documentation on system alerts, notifications, etc.

Additional information on notifications and system alerts and how customers can customize the alerts.

IV61128 - Unable to create virtual host junctions using the LMI

The "Virtal Host" and "Virtual Host Port" fields are missing from the Add Servers tab in the Local Management Interface (LMI)

IV60969 - 8.0.0.4 appliance incorrectly says "force" parameter set to true/false instead of yes/no.

Error in ISAM 8.0.0.4 REST documentation

IV60824 - Unable to delete or modify the first application interface address

You cannot currently delete or modify the first application interface address on an appliance which has been migrated from version 7 to version 8.

IV60771 - The "junction cookie JavaScript block" label in the junction management LMI is misspelled.

The "Junction Cookie JavaScript Block" label in the junction management LMI is misspelled.

IV60645 - Reverse proxy throughput and average response time panels are incomplete.

The Dashboard panels "Reverse Proxy Throughput" and "Average Response Time" panels do not always show correct information.

IV60556 - Upgrading to ISAM 8 SSL junctions fail.

ISAM is upgraded to version 8 and previously working SSL junctions fail.

IV60509 - The reverse proxy start/restart just shows a cascading progress bar

Sometimes the cascading progress bar which is shown in the LMI when starting or restarting a WebSEAL instance never finishes even though the operation has completed.

IV60094 - The policy server import process does not include the sub-domain databases

The isam_migration script, which is used to migrate a software based policy server to the appliance, does not migrate the database files which are associated with different IBM Security Access Manager domains.

IV60075 - Sorting of the key database columns in the LMI

The Edit SSL Certificate Database "Not Before" and "Not After" columns sort alpha by month name instead of chronologically.

IV59727 - Cannot create reverse proxy instances with one-letter names.

Any attempts to manage a reverse proxy instance with a single letter name will throw the an error dialog with the text "System Error".

IV58901 - Configuring context based authorization when LDAP is configured to use SSL will cause WebSEAL to fail to restart.

Problem caused by isamcfg utility not adding the pdsrv.kdb and pdsrv.sth to the [rtss-cluster] stanza of the webseald.conf file there by causing WebSEAL fail to start if ldap is configured to use SSL.

IV57178 - WebSEAL can crash when it receives a specific failover cookie

WebSEAL can crash when a specific failover cookie it supplied.

IV56691 - WebSEAL can crash when the first client authenticated

WebSEAL might crash when the first client tries to authenticate when WebSEAL is using AD-LDAP as the user registry.

IV55079 - WebSEAL does not filter base href URL's from the root

WebSEAL does not filter the "base href" tag in a document served by the root junction which is created against a backend server.

IV55044 - WebSEAL will occasionally crash

WebSEAL can sometimes crash when configured with the DSC.

IV55018 - The 'R' action doesn't influence authorization rules

Authorization rules will still be invoked, even if the user has the 'R' action set on the ACL.

IV54980 - The pdweb.snoop trace point reports the wrong number of bytes

The pdweb.snoop trace point can report the wrong number of byes.

IV54822 - A cookie name is different in server HTML templates

The redirect.html file has a cookie named TAMOriginalURL whilst all the other html files use ISAMOriginalURL. This breaks the redirection.

IV54315 - Cannot set the value of the tag-value-missing-attr-tag to NULL

It is no longer possible to set the "tag-value-missing-attr-tag" configuration entry to an empty string. When this option is not provided or even if it is set to "tag-value-missing-attr-tag = ", it always defaults to "NOT_FOUND".

IV53808 - The certification authentication cannot be triggered when 'allow-empty-form-fields' is true

When "allow-empty-form-fields=true" in the WebSEAL configuration file, certificate authentication with prompt_as_needed cannot be triggered, that is, after clicking "Certificate Login Prompt", WebSEAL produces an authentication failure error message.

IV30376 - The WebSEAL statistics functionality can leak memory

The command which is used to reset the WebSEAL statistics can cause WebSEAL to leak memory.

IV26238 - WebSEAL does not always return the response body

WebSEAL does not return the response body if the response status of the first request is a 503.

IV23497 - Memory leak when using the portal map

WebSEAL will leak memory when using portal-map functionality.

IV21467 - Add support for the pass-http-only-cookie-attr option

Add support for the pass-http-only-cookie-attr option.

IV20543 - A post to /pkmslogin.form logs sees an unauthenticated user in the request log

When logging in successfully through forms authentication the "unauth" user is logged in the request log. It should be the username from the form.

IV16613 - Delays are seen during the TCP FIN exchanged between WebSEAL and the DSC

When the DSC sends a FIN packet to WebSEAL, WebSEAL does not recognize that the connection has been closed. When WebSEAL then reuses the connection, it tries to send data but then determines that the tcp connection has been closed.

IV08718 - PDMgrd contacts a readonly LDAP server with modify/delete requests

The Policy Server will attempt GSO update operations even when the LDAP Server is configured as READONLY in the ldap.conf file.

IV06766 - When EAI and BA are enabled the BA header is missing

The end user is not presented with a BA popup when EAI is enabled. This occurs when both BA and EAI authentication are enabled.

IV04339 - Allow anti-csrf tokens to be used with pkmslogout

Added a new configuration option to require "referer" and "host" headers to be present in order to allow a pkmslogout request.

IV61556 - Format of session identifier

In IBM Security Access Manager 7.0 we introduced the ability to use the session identifier to help protect against cross-site-request-forgery. This means that we had to make a change to the session identifier so that it is non-deterministic. Unfortunately this means that the structure of the session identifier has changed, which has broken some applications. A customer needs to be able to switch on this new feature without having to change their back-end applications.

IV65150 - Cannot change the host name

The host name cannot be changed from the first-steps application when the appliance is first installed.

IV61431 - Load balancer configuration errors

If you currently configure the load balancer software with the 'option_forwardfor' advanced tuning parameter the load balancer will cease to work. It is then difficult to remove this tuning parameter from the configuration.

IV61364 - The incorrect WebSEAL status can be shown in the LMI

If the WebSEAL instance has many junctions it can take a little while to fully start, and the LMI can then sometimes falsely report that the WebSEAL instance could not be started.

2.2 IBM Security Access Manager for Mobile

2.2.1 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0005

IV62300 – Invalid characters in “Success HTTP response body regex pattern”

Attempting to create a regular expression with "<" or ">" characters results in "The value entered is not valid".

IV65152 – ISAM8 SSL errors for HTTP Client calls in Mapping Rules

Making calls to SSL protected http endpoints from mapping rules fails with errors.

IV65155 – ISAM OAuth20 Token Cache Cleanup thread errors

The OAuth token clean up thread continuously throws errors.

2.2.2 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0004

IV61401 - ISAM 8 for Mobile loses all policy information.

ISAM for Mobile setup to use remote DB2 and clustering enabled for runtime and certificates loses all mobile policy information.

IV58675 – Additional auditing for OTP

OTP validation failures and OTP expirations do not appear in the Authentication and Federated Identity audit log.

IV50087 - Authentication and Federated Identity adds '&amp' during transform

When using "SPS.http.request.claims.filter.spec with value = parameters=*" Authentication and Federated Identity will transform trigger URL parameters so they can be used within mapping. When a parameter is a complex type, Authentication and Federated Identity transforms the parameter twice resulting in 'amp' being added.

2.2.3 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0003

Reselect button on one-time password login page

The one-time password login page enables a user to select a one-time password provider. By default the page is designed so that if the user wants to change the selection, the user clicks the Reselect button on the page.

If you are upgrading the appliance to version 8.0.0.5, you will need to modify and update your existing login page template files for the Reselect button.

For more information, see Update template files.

Permit with Obligation selection changes to Permit with Authentication

When you author a policy and select Permit with Obligation, you might notice that it has changed to Permit with Authentication after you have saved and re-opened the policy.

System can fail to compute the risk score when running risk score-based access policies concurrently

The system can fail to compute the risk score when a policy that computes the risk score is attached to multiple resources, such as images and JavaScript files, that are loaded by the browser concurrently from the same page.

Stability fixes for the Distributed Session Cache in multi-master clustered environments

2.2.4 Problems fixed by fix pack 8.0.0-ISS-ISAM-FP0001

IV52923

The isamcfg tool does not add the ssl-keyfile and ssl-keyfile-stash entries in WebSEAL configuration file when they are used to configure a WebSEAL instance.

IV52945

The otp.html and device_selection.html pages do not display correctly in Internet Explorer^® 9. Run the isamconfig tool again to apply the fix. For more information, see Using the isamcfg tool.

IV52949

Saving of a risk profile fails when the profile contains more attributes than what the panel can fit.

IV52950

An error occurs when a large number of user session data is deleted by using the database maintenance page and the default transaction log is used.

IV52951

The attribute collector REST API does not work.

Back to Contents

3. New features

The new features are described in the IBM Knowledge Center. See What is new in this release.

Back to Contents

4. Before installing the fix pack

Complete the following task if you have enabled risk engine reports in your environment.

4.1 Saving risk reports before an upgrade

When you upgrade to version 8.0.0.5, any risk reports that you generated before the upgrade are not preserved.

Before upgrading, export copies of the risk reports and save them locally by completing the following steps.

Procedure

1. Log in to the local management interface.

2. Click Monitor Analysis and Diagnostics > Application Log Files.

3. Expand mga and select the risk reports to export.

4. Click Export and save the files.

4.2 Database failover in a cluster upgrade

For information about how the upgrade affects database failover in a cluster, see the following tech note:

http://www.ibm.com/support/docview.wss?uid=swg21666968

Back to Contents

5. Installing the fix pack

Procedure

• Install the appliance for the first time.

  1. Download the .iso image.

  2. Follow the instructions in the IBM^® Security Access Manager Virtual Appliance Quick Start Guide .

Note: If you download from Fix Central or IBM Security Systems site, skip step 1 in the Virtual Appliance Quick Start Guide.

1. Complete the configuration instructions for Mobile or the configuration instructions for Web.

• Upgrade by using the local management interface.

  1. Download the .pkg file.

  2. In the local management interface, select Manage System Settings > Updates and Licensing > Available Updates.

  3. Click Upload. The New Update dialog opens.

  4. Click Select Update.

  5. Browse to the .pkg file.

  6. Click Open.

  7. Click Save Configuration. The upload process might take several minutes.

  8. Select the new firmware and click Install. The installation of the new firmware takes a few minutes to complete. After the update is successfully applied to the system, the appliance reboots automatically.

• Upgrade by using a USB drive.

  1. Download the .pkg file.

  2. Copy the firmware update onto a USB flash drive. The flash drive must be formatted with a FAT file system.

  3. Insert the USB flash drive into the hardware appliance.

  4. Log in as admin in the appliance console or use secure shell.

  5. Type updates and then press Enter.

  6. Type install and then press Enter. The following options must be selected.

     1. Select 1 for a firmware update

     2. Select 1 to install the update from a USB drive

     3. YES: To confirm that the USB drive is plugged into the appliance

     4. <index>: Select the appliance firmware from the list

     5. YES: To confirm the update and start the update process

Note: The firmware update takes a few minutes to complete and the appliance automatically reboots.

• Upgrade by using the online update server.

  1. Ensure that the following conditions are met:

     1. A valid license is installed on the appliance.

     2. The appliance has network connectivity to the online update server.

  2. In the local management interface, select Manage System Settings > Updates and Licensing > Available Updates.

  3. Click Refresh. The table displays newer versions of the firmware.

  4. Select the firmware update.

  5. Click Install. The firmware update can take a long time to complete, depending on the bandwidth that is available to the appliance. After the update is successfully applied to the system, the appliance reboots automatically.

Back to Contents

6. After installing the fix pack

Check that the correct version is installed. From the local management interface, select Manage System Settings > Updates and Licensing > Overview.

You can also navigate to Manage System Settings > Updates and Licensing > Firmware Settings. Examine the details that are associated with the Active partition and ensure that the firmware version is correct.

6.1 IBM Security Access Manager for Mobile

6.1.1 Upgrading a SolidDB external runtime database

If you are using SolidDB as the external runtime database, upgrade it after you install the 8.0.0.5 fix pack.

The updates to the .sql file for each release are not cumulative. Therefore, depending on which version of the isam_mobile_soliddb_update_v*.sql file you have installed, make the following updates:

• v8003.sql not installed: First upgrade to v8003, then to v8004, and finally v8005.

• v8003.sql installed: First upgrade to v8004 and then to v8005.

• v8004.sql installed: Upgrade to v8005.

Use the steps below to install each version you require, replacing references to isam_mobile_soliddb_update_v8005.sql with the version number you are upgrading to each time, and starting with the earliest version you require.

Procedure

1. Log in to the local management interface.

2. Click Manage System Settings > File Downloads.

3. Expand mga > database > soliddb.

4. Select isam_mobile_soliddb_update_v8005.sql.

5. Click Export.

6. Save the file.

7. Log in to the solsql utility.
   
   /opt/solidDB/soliddb-7.0/bin/solsql network_name username password
   
   network_name The network name of the solidDB server.
   username The user name for the database administrator.
   password The password for the database administrator.

8. Run the following command in the SolidDB SQL Editor:

@<fully_qualified_path_to_script>

The following command shows the fully qualified path to the script:

@/tmp/isam_mobile_soliddb_update_v8005.sql

9. Validate that the tables were successfully created.

10. Ensure that no errors were returned during the creation and log in to the database to manually check that the tables exist.

11. From the top menu of the local management interface, select Manage System Settings > Cluster Configuration to open the Cluster Configuration management page.

12. Select the Database tab.

13. You must enter the following JDBC connection information.
    
    Type The database type: Solid DB.
    Address The IP address of the external database server.
    Port The port on which the external database server is listening.
    Username The name of the database administrator.
    Password The password for the database administrator.

14. Click Save.

15. Deploy the changes.

Note: The following error message returns in the Database Maintenance panel after the location of the runtime database is changed from Local to the cluster to Remote to the cluster in the Cluster Configuration panel:

System Error FBTRBA091E The retrieval failed because the resource cannot be found.

16. Restart the local management interface and resolve the error.

    • Use an ssh session to access the local management interface.

    • Log in as the administrator.

    • Type lmi, and press Enter.

    • Type restart, and press Enter.

    • Type exit and press Enter.

The appliance is configured to use the runtime database that is deployed on the external system.

What to do next

• Tune the external database by setting the configuration parameters.

• For a SolidDB external runtime database, change the DurabilityLevel to 3 from the default value of 1 to prevent loss of data. Edit the solid.ini file for the runtime database to change the DurabilityLevel.

• After you modify and save the solid.ini file, shut down and restart the runtime database.

6.1.2 Upgrading a DB2 external runtime database

If you are using DB2 as the external runtime database, upgrade it after you install the 8.0.0.5 fix pack.

The updates to the .sql file for each release are not cumulative. Therefore, depending on which version of the isam_mobile_db2_update_v*.sql file you have installed, make the following updates:

• v8004.sql not installed: First upgrade to to v8004 and then to v8005.

• v8004.sql installed: Upgrade to v8005.

Use the steps below to install each version you require, replacing references to isam_mobile_db2_update_v8005.sql with the version number you are upgrading to each time, and starting with the earliest version you require.

Procedure

1. Log in to the local management interface.

2. Click Manage System Settings > File Downloads.

3. Expand mga > database > db2.

4. Select isam_mobile_db2_update_v8005.sql.

5. Click Export.

6. Save the file.

7. Open the isam_mobile_db2_update_v8005.sql in an editor on the DB2 server.

8. Replace the following macros with the values specific to your environment:
   
   &DBINSTANCE The name of the DB2 instance.
   &DBUSER The name of the DB2 administrator.
   &DBPASSWORD The password for the DB2 administrator.

9. Save the changes.

10. Log in to the DB2 Command utility (Windows) or DB2 host (UNIX) as the DB2 administrator.

11. Run the following command:

db2 -tsvf <fully_qualified_path_to_script>

The following example shows the fully qualified path to the script:

db2 -tsvf /tmp/isam_mobile_db2_update_v8005.sql

12. Validate that the tables were successfully created.

13. Ensure that no errors were returned during the creation and log in to the database to manually check that the tables exist.

14. From the top menu of the local management interface, select Manage System Settings > Cluster Configuration to open the Cluster Configuration management page.

15. Select the Database tab.

16. You must enter the following DB2 connection information.
    
    Type The database type: DB2
    Address The IP address of the external database server.
    Port The port on which the external database server is listening.
    Username The name of the database administrator.
    Password The password for the database administrator.
    Secure Select this check box to create a secure connection with the DB2 server.
    Database name The name of the database instance on the external DB2 server.
    
    Note: Before a secure connection can be established, you must first import the certificate that the appliance uses to communication with the DB2 server. Use the SSL Certificates page to import the appropriate certificate.
    
    Complete the following steps to identify and specify the DB2 database name when your DB2 database is remote to the cluster that you are configuring.

    • Open the isam_mobile_db2_update_v8005.sql file that was used to create the database and tables.

    • In the CREATE DATABASE entry, get the name that is specified.
      
      In the following entry, HVDB is the string that identifies the default database name:
      CREATE DATABASE HVDB ALIAS HVDB using codeset UTF-8 territory us
      COLLATE USING UCA400_NO PAGESIZE 8192 WITH "HVDB Tables";

17. Click Save.

18. Deploy the changes.

Note: The following error message returns in the Database Maintenance panel after the location of the runtime database is changed from Local to the cluster to Remote to the cluster in the Cluster Configuration panel:

System Error FBTRBA091E The retrieval failed because the resource cannot be found.

19. Restart the local management interface and resolve the error.

    • Use an ssh session to access the local management interface.

    • Log in as the administrator.

    • Type lmi, and press Enter.

    • Type restart, and press Enter.

    • Type exit and press Enter.

The appliance is configured to use the runtime database that is deployed on the external system.

What to do next

• Tune the external database by setting the configuration parameters.

6.1.3 Set backward compatibility mode for one-time password

The following advanced configuration property determines if the one-time password authentication code should be enabled for backward compatibility mode. Update this value, if necessary.

poc.otp.backwardCompatibilityEnabled

Indicates whether the one-time password authentication mechanism should run in backward-compatibility mode. The default value is false, if it is a new installation. The default value is true, if the installation is an upgrade.

Data type: Boolean
Example: true

See Managing advanced configuration on the IBM Knowledge Center for more information about working with advanced configuration properties.

6.1.4 Update template files

If you want to update your template files to version 8.0.0.5 to use the new capabilities, follow the instructions below. Otherwise, the template files from the previous version are ready for use after applying the fix pack.

Download the new template file

1. Log in to the local management interface.

2. Select Manage System Settings > File Downloads.

3. Expand mga > pages and select mga_template_files.zip.

4. Click Export and save the file.

Extract the mga_template_files.zip file onto your computer

1. Edit and customize the template files, as necessary.

2. Compress the template files into a .zip file.

Update the template files on the appliance

1. Log in to the local management interface.

2. Select Secure Mobile Settings > Template Files.

3. Select Manage > Import Zip.

4. Click Browse and locate the .zip file you compressed in step 2.

5. Click Open.

6. Click Import.

7. Deploy the changes.

6.1.5 Adding DB tables to cluster replication

The solidDB is read-only during the firmware upgrade on the primary node when a high availability cluster is active. This scenario prevents the upgrade process from writing to the database for actions such as creating new tables, modifying the schema of existing tables, and inserting or updating rows in tables.

The database on the primary node becomes read-only because the firmware upgrade requires the appliance to be rebooted. The high availability controller switches the secondary master to be read/write and act as the temporary primary master.

When the primary node reboots and the database starts, it recognizes that the secondary node is in control and starts in read-only mode. The appliance cluster manager includes a background thread, which eventually switches the primary node to resume its role as the primary master database. When this scenario occurs, the database on the primary node becomes writeable.

However, in the upgrade case, the database upgrade scripts are executed before the primary database becomes writeable. You must make the cluster a single master cluster during the firmware upgrade by completing the following steps:

Use the local management interface on the master node to update the configuration.

1. Select Manage System Settings > Cluster Configuration > General.

2. Do not change the Primary Master setting.

3. Remove the Secondary Master and other high availability cluster member settings.

4. Click Export and save the files.

5. Wait for the cluster to synchronize.

6. Upload and install the firmware .pkg file on the primary node appliance. This step includes the reboot.

7. Upload and install the firmware .pkg file to other cluster member appliances, and reboot each one.

8. From the local management interface on the master node, update the cluster configuration to set the high availability cluster members back to the settings you want.

9. Wait for the cluster to synchronize.

The firmware for each appliance is now upgraded, and the cluster is operational.

6.2 IBM Security Access Manager for Web

No additional steps are required.

Back to Contents

7. Uninstalling the fix pack

You cannot uninstall the firmware update, but you can boot the appliance to the previous version of the firmware. For more information, see Managing firmware settings .

Procedure

1. In the local management interface, select Manage System Settings > Updates and Licensing > Firmware Settings.

2. Select the partition and click Set Active.

3. Click Yes to accept the warning about swapping the partition. This automatically reboots the machine with the previous firmware partition.

Back to Contents

8. Documentation

The IBM Knowledge Center contains all documentation for this release. See IBM Security Access Manager for Web & Mobile Version 8.0.0.5

Back to Contents

9. Known issues, limitations, and workarounds

Documentation for known issues, limitations, and workarounds is maintained on the IBM Support site. For more information, see Release Information on the IBM Knowledge Center.

Back to Contents

10. Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information that has been exchanged, should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.

The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

10.1 Trademarks

IBM, the IBM logo, and ibm.com^® are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml.

Adobe^®, Acrobat, PostScript^® and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both.

IT Infrastructure Library^® is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.

Intel^®, Intel logo, Intel Inside^®, Intel Inside logo, Intel Centrino^®, Intel Centrino logo, Celeron^®, Intel Xeon^®, Intel SpeedStep^®, Itanium^®, and Pentium^® are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Linux^® is a trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT^®, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

ITIL^® is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.

UNIX^® is a registered trademark of The Open Group in the United States and other countries.

Cell Broadband Engine^™ and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in the United States, other countries, or both and is used under license therefrom.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

Other company, product, and service names may be trademarks or service marks of others.

End of the IBM^® Security Access Manager for Web 8.0.0-ISS-ISAM-FP0005.README file.