==============================================================================
= IBM WebSphere Business Integration for Financial Networks for AIX          =
= 5724-D96 Extending Features V2.2.0 SWIFTAlliance Gateway Add-On 2.2.0.4    =
= PTF for APAR PK96455                                                       =
==============================================================================


0. Important Notes
------------------

 If you did not previously install an SAG Add-On APAR fix containing PK45605
 you should read section "D. Migration of existing passwords".


A. How to use this document
---------------------------

 This file describes how to install the SWIFTAlliance Gateway (SAG) Add-On 
 2.2.0.4 PTF for APAR PK96455 on a SAG Release 6 or 6.1.

 This PTF replaces all previous SAG Add-On PTFs and APAR fixes.

 When installing this PTF you have to apply the PTF for APAR PK65298
 for WebSphere BI for FN on AIX to enable it to correctly display new or
 updated events sent by the SAG Add-On.

 You can download the PTF from the following FTP site:
 http://www.ibm.com/support/fixcentral/

 Get the file for your SAG platform:
   AIX: sag6sagaddon_V220_aix_PK96455.tar
   Sun: sag6sagaddon_V220_sun_PK96455.tar
   Win: sag6sagaddon_V220_win_PK96455.exe


B. Changes to your current system
---------------------------------

 The SAG Add-On is completely replaced.
 A backup copy of the SAG Add-On profile 'dnfcssao.cfg' should be retained.

C. Installation
---------------
 
 To be able to install this PTF you have to uninstall your previous version
 of the SAG Add-On. Before you do this, create a backup copy of the SAG 
 Add-On profile 'dnfcssao.cfg'.

 Install the current SAG Add-On PTF as described in 'Planning, Installation,
 and Customization'. Instead of creating a new SAG Add-On profile you can
 reuse the backup copy you created before.


D. Migration of existing passwords
----------------------------------

 The APAR fix for PK45605 which is also contained in this PTF has changed the
 type of passwords created with the SAG configuration commands 
 'createCertificate' and 'recoverCertificate' from 'human' to 'application',
 because the passwords used by WebSphere BI for FN have a clear application
 characteristic.
 The main differences between these two policy types are as follows:
  human:        8 to 20 characters, to be changed every 90 days
  application: 17 to 20 characters, to be changed every 2 years

 To migrate passwords previously created as human passwords into
 application passwords:

 - issue command 'setUpUserForRecovery
 - initialize the HSM partition of this certificate (if the certificate is
   located on an HSM)
 - issue command recoverCertificate

 Note that you will have a mixture of human and application passwords, if you
 do not migrate all existing passwords, and create new passwords.

 Section "E. Transition period for human passwords" contains further information
 about the password length check performed by the SAG configuration commands.


E. Transition period for human passwords
----------------------------------------

 To allow the further use of human passwords for a transition period the 
 password length check performed by the various SAG operation commands will
 not be adjusted. This means when specifying a short password with length 8 
 you will not receive message DNFG2122E but a SAG error response like this:

DNFS1751E Command failed to execute.
DNFS1741E The 'SwGbl:Code' is 'Sw.Gbl.UnexpectedSystemError'.
DNFS1741E The 'SwGbl:Severity' is 'Transient'.
DNFS1741E The 'SwGbl:Text' is 'Unexpected System Error'.
DNFS1741E The 'SwGbl:Details/SwGbl:Code' is 'Sw.Sec.PKI_IrrecoverableCondition'.
DNFS1741E The 'SwGbl:Details/SwGbl:Text' is 'Fatal error in PKI security interface, SessionId=23278 
          :LocalError=-22201 :FuncID=114 :EntrustError=-11005028 [Unable to recover user. ] [Unable to recover user. ]  
          [Error encountered for user: test2-aixsagta."The provided password must be at least 17 characters in length."]  
          [(-1664) Password rules validation reported error.] '.
DNFS1741E The 'SwGbl:Details/SwGbl:Action' is 'See parameter for exact details of the error'.
DNFS1741E The 'SwGbl:Details/SwGbl:Code' is 'Sw.Sec.PKI_IrrecoverableCondition'.
DNFS1741E The 'SwGbl:Details/SwGbl:Text' is 'Fatal error in PKI security interface, SessionId=23278 
          :LocalError=-22201 :FuncID=114 :EntrustError=-11005028 [Unable to recover user. ] [Unable to recover user. ]  
          [Error encountered for user: test2-aixsagta."The provided password must be at least 17 characters in length."]  
          [(-1664) Password rules validation reported error.] '.
DNFS1741E The 'SwGbl:Details/SwGbl:Action' is 'See parameter for exact details of the error'.
DNFS1741E The 'SwGbl:Parameter' is 'SessionId=23278 :LocalError=-22201 :FuncID=114 :EntrustError=-11005028 
          [Unable to recover user. ] [Unable to recover user. ]  
          [Error encountered for user: test2-aixsagta."The provided password must be at least 17 characters in length."]  
          [(-1664) Password rules validation reported error.] '.


*------------------------------------------------------------------------*
*     End of Migration                                                   *
*------------------------------------------------------------------------*

F. APARs addressed
------------------

PK96455   SAG ADDON PASSES A CORRUPT MESSAGE  
          Formerly, when an entry from the SAG event log contained 
          parameters with one or more ampersand characters in it, for 
          example, a logical file name that started with an ampersand 
          character, the SAG AddOn passed a corrupt message to the 
          DNF_FTEVNTS service and caused the CIN to stop. The problem 
          occured when using DFAS and the SAG Add-on FileAct handler
          processed an Event.
          Now, the SAG AddOn behaviour is corrected and no corrupted
          message is passed to the DNF_FTEVNTS service. 

APARs from superseded PTFs or APAR fixes:

PK79811   UNINSTALL / INSTALL ERROR SAG ADDON ON AIX PK64187 
          GETEXTFILEINT RETURNING -1 ERROR
          Formerly, the SAG Add-On on PTF level PK64187 got the 
          uninstall / install error getExtFileInt returning -1 error 
          caused by external license function of License Acceptance 
          Process (LAP) tool.
          Now, the SAG Add-On behaviour is corrected.

PK64187   PROBLEM DURING THE WBIFN SAG ADDON EVENT PROCESSING FORWARDING 
          DUE TO THE DAYLIGHT SAVING TIME FLAG
          Formerly, the SAG Add-On did use an own calculation to 
          convert from GMT to local time which depending on the settings
          could differ from the method the SAG uses for his events. As a
          consequence the SAG AddOn may not have sent the SAG events to
          WebSphere BI for FN for the period resulting from the difference 
          when a new SAG was connected, or in any other situation where the
          queue SNCCLOGKEYS is empty.
          Now, the SAG AddOn uses a conversion method that matches to the
          method used by the SAG.

PK50378   SAG ADDON MESSAGE DNFS1533E DOES NOT SPECIFY THE CONFIGURATION
          OBJECT NAME WHICH HAS A PROBLEM
          Formerly, when using the SAG configuration service to deploy
          many changes at once to the SAG AddOn, but a single object
          had a missing mandatory attribute, the error message did not
          enable you to locate the erroneous object.
          Now, message DNFS1533E lists the name of the object that 
          causes the failure.

PK51650   REMOVECERTFROMSAG COMMAND FAILED
          Formerly, removing a certificate from the SAG using DNFSAGCFG
          command removeCertFromSag fails with following error event:
            Error:   Sag:SN-I.002.002                                  
            Message: Invalid content.                                  
            Details: Real profile is still referenced by the following 
                     message partner(s) : 'dnfsaomp'                   
          The error event was logged in the SAG event log.
          Now, the SAG AddOn automatically removes the certificate from
          the internally used message partner 'dnfsaomp' before it
          tries to remove the certificate from the SAG.

PK50170   AFTER THE SAG RESTART WBIFN ADDON V2.2 DOES NOT CONNECT AGAIN
          AUTOMATICALLY TO SAG
          Formerly, when the SAG was restarted, but the SAG Add-On kept
          running, it was not able to reconnect after the SAG was
          restarted. This has been fixed.

PK50747   WBIFN SAG ADDON V2.2 STOPS PROCESSING WITHOUT ANY INDICATION    
          Formerly, the SAG Add-On could did stop when certain WMQ
          connection problems did occur. This was fixed.

PK48944	  DIFFERENT TIME ZONES IN DNI MONITOR DISPLAY
          Formerly, the events reported by the SAG Add-On did use the
          timestamp from the SAG event log and therefore were not in
          GMT. This caused problems to correlate the events later in
          WebSphere BI for FN. The SAG Add-On now generates an own
          timestamp when retrieving the events from the SAG and adds
          the original timestamp from the SAG event log as an additional
          parameter.

PK45605   WBI-FN ALWAYS CREATES CERTIFICATES OF TYPE HUMAN, BUT TYPE  
          APPLICATION IS REQUIRED BY THE WBI-FN SERVICES
          Formerly, the SAG configuration commands 'createCertificate' and
          'recoverCertificate' created human passwords. However, in the
          WebSphere BI for FN context application passwords are more
          appropriate. WebSphere BI for FN now always creates application
          passwords.

PK45760   SAG ADDON LOOPS WHEN IT TRIES TO PARSE A CORRUPTED EVENT
          SAG events containing the ampersand character '&' could have 
          caused a loop in the SAG AddOn, so that for instance customers
          using FileAct did not receive further transfer events to update
          the file status.

PK42511	  EXCEPTION IN SAG ADDON DURING DEPLOY WHEN NO CERTIFICATES EXIST
          Formerly, an exception occured in the SAG AddOn during deploy
          when no certificates existed. This behaviour has been corrected.


G. Known issues
---------------

 The list below contains information about known issues related to the SAG 
 Add-On and its installation:

------------------------------------------------------------------------------

 On Solaris, when starting an attended installation in graphical user
 interface, the following text is displayed by the installation process in the 
 shell:

   Searching for Java(tm) Virtual Machine...
   ...................................
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/UpFolder.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/ListView.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/Computer.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/File.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/Directory.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/FloppyDrive.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/NewFolder.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/DetailsView.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/HomeFolder.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/HardDrive.gif not found.
   com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/JavaCup.gif not found.

 This issue has no impact on the SAG Add-On installation.


*------------------------------------------------------------------------*
*     End of Document                                                    *
*------------------------------------------------------------------------*