Product SiteMinder Web Agent 6QMR5 Certifications are added in

Document Sample
Product SiteMinder Web Agent 6QMR5 Certifications are added in Powered By Docstoc
					Product: SiteMinder Web Agent 6QMR5

Certifications are added in CR's. The certifications explicitly listed
in this document include fixes neccessary in the product in order for
the certification to be carried out.

For the current list of supported platforms, see the platform matrix
on the CA Support site:

      1. Login to CA Support site http://support.ca.com
      1. You can access the Platform Support Matrices from the CA
SiteMinder
         Web Access Manager product page. Scroll down to the Product
Status
         section and follow the link.
Note:

Information explaining how to integrate SiteMinder with SharePoint can be
found
in the Knowledge Base on CA Support Online in a document titled
“Configuring
SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms Based
Authentication.

Note:

Certain version of Apache 1.3 and related web servers such as IHS 1.3
may not start correctly on Solaris due to an issue with Solaris run time
initialization. To avoid this problem, please set the following
environment variable

LD_PRELOAD=<web_agent_home>/lib/libbtunicode.so


Note:

Solaris customers should ensure that the following patches are installed
on
systems running the web agent to avoid potential problems with web agent
startup

Solaris 8 - 108434-22
Solaris 9 - 111711-16
Solaris 10 - 119963-08


Note: AIX users need to make sure that their C/C++ runtime environment is
upgraded to version 8.0.0.0 in order for the re-architected SUnOne and
re-architected Apache agents to start correctly. The instructions for
downloading these patches can be found at:

http://www-1.ibm.com/support/docview.wss?uid=swg1IY78159

Note: In the SiteMinder Web Agent Guide, v6.0 SP 5, the appendix with the
alphabetical list of parameters has been added back to the guide.

KNOWN LIMITATIONS:

Linux users using the JRockit JVM and Linux kernel versions lower than
2.4.21-27.EL may experience a failure to install the web agent. This
problem
was resolved in the RHEL3 U4 kernel on 1-Dec-2004 (in kernel version
2.4.21-27.EL).
(54534)


Note: The list below will help identify the correct installer for a
particular
Platform Support Section:

OS           OS Version          Arch                Install version

AIX          5.2, 5.3, 6.1       32-bit              smwa-6qmr5-crXXX-
aix.zip
             5.2, 5.3            64-bit              smwa-6qmr5-crXXX-
aix64.zip

Solaris      8, 9, 10            32-bit x86          smwa-6qmr5-crXXX-sol-
x86.zip
             8, 9, 10             32-bit SPARC       smwa-6qmr5-crXXX-
sol.zip
             8, 9, 10            64-bit SPARC        smwa-6qmr5-crXXX-
sol64.zip
             10                  64-bit x86          smwa-6qmr5-crXXX-sol-
x86-64.zip

HPUX         11.23                32-bit PA-RISC     smwa-6qmr5-crXXX-
hp.zip
             11.23               32-bit Itanium      smwa-6qmr5-crXXX-hp-
itan.zip
             11.23, 11.31        64-bit Itanium      smwa-6qmr5-crXXX-hp-
itan64.zip

Red Hat      AS 2.1              32-bit x86          smwa-6qmr5-crXXX-
linux.zip
            ES/AS 3.0, 4.0, 5.0   32-bit x86         smwa-6qmr5-crXXX-
rhel30.zip
          ES/AS 3.0, 4.0        64-bit x64         smwa-6qmr5-crXXX-
rhas30-x86-64.zip

SuSE         ES 9, 10            32-bit x86          smwa-6qmr5-crXXX-
rhel30.zip
            ES 9, 10             64-bit x64          smwa-6qmr5-crXXX-
rhas30-x86-64.zip

zSuSE       ES 8, 9              31-bit zLinux       smwa-6qmr5-crXXX-
suse-zlinux.zip
zRed Hat    AS 4.0                 31-bit zLinux     smwa-6qmr5-crXXX-
suse-zLinux.zip
            AS 4.0                 64-bit zLinux     smwa-6qmr5-crxxx-
rhas40-zLinux-64.zip

Windows      2000, 2003, 2008      32-bit x86        smwa-6qmr5-crXXX-
win32.zip
             2003                  64-bit x64        smwa-6qmr5-crXXX-
win64.zip

Tracking # Problem description
---------- -------------------
07/20/2009 6.0 SP5 CR031 contains fixes for the following tracking
numbers:

81903        The web agent will no longer terminate abornal due to a
buffer
             overflow. This applies to Domino agents only

84506        The web agent installer will no longer show the DMSAdmin
password
             in clear text. This applies to IIS 6.0, re-architected
             Apache 2.0, re-architected SunOne, IIS5, Apache 1.3 and
Domino
             agents only.

86374        You will now be able to return to a previous screen in the
web agent
             installee when unconfiguring a web agent. This applies to IIS
6.0,
             re-architected Apache 2.0, re-architected SunOne, IIS5,
Apache 1.3
             and Domino agents only.

89729      If the AllowLocalConfig=yes for the TraceFile and
TraceFileName values
           we will correctly use the values in the localconfig file if
they are
           defined. This applies to IIS 6.0, re-architected Apache 2.0,
           re-architected SunOne agents only.

86399      The web agent will now support P3P Compact Headers. This
applies to
           re-architected Apache 2.0, re-architected SunOne agents only.

             To enable this feature, the Web Server must be configured to
emit the
           appropriate P3P Compact Header. For Apache Web Servers, the
“P3PCompactPolicy”
           parameter must be set to the appropriate value

             i.e. ="NON DSP COR CURa ADMa DEVa CUSa TAIa", in the
SiteMinder
           Agent Configuration Object. This parameter need not be
configured for the
           SunOne Web Server.

           See your Web Server’s instructions for configuring custom
headers.



Tracking # Problem description
---------- -------------------
06/17/2009 6.0 SP5 CR030 contains fixes for the following tracking
numbers:

86843      The web agent will now use the TraceFile and TraceFileName
values from the
           LocalConfig.conf when AllowLocalConfig=no. This applies to
IIS 6.0,
           re-architected Apache 2.0, re-architected SunOne agents only.

86624      The web agent will now corrected push the session when
impersonation
           fails. This applies to IIS 6.0, re-architected Apache 2.0,
           re-architected SunOne agents only.

86346       The web agent will now correctly block cross site scripting
attacks when
            FCCCompatMode=yes. This applies to IIS 6.0, re-architected
Apache 2.0,
            re-architected SunOne, IIS5, Apache 1.3 and Domino agents
only.

86544      The web agent message regarding the failure to rm the
semaphore has
           been downloaded to informational as its not really an error.

Certifications
------------------

86460           Web Agent 6QMR5 CR-30 (32-bit) has been certified with
IBM HTTP Server 7.0 (32-bit)
                on the Red Hat Enterprise Linux AS 4 platform.

Tracking # Problem description
---------- -------------------
05/15/2009 6.0 SP5 CR029 contains fixes for the following tracking
numbers:

83132      The wbe agent will no longer produce intermittant errors such
as
           "Bad ot missing encryption context" or “Unable to Decrypt
SMSESSION Cookie”
           after the web agent has terminated. This applies to IIS 6.0,
           re-architected Apache 2.0, re-architected SunOne agents only.
85171       The Sharepoint 2007 plugin will now correctly when Legacy
mode is set
            to Yes.

85787         The user will now be correctly directed back to the change
password
              page when smauthreasoin 18 occurs. This applies to IIS 6.0,
              re-architected Apache 2.0, re-architected SunOne agents only.

Tracking # Problem description
---------- -------------------
04/22/2009 6.0 SP5 CR028 contains fixes for the following tracking
numbers:

85165       The silent installer will now correctly configure IHS 6.1 on
AIX 5.3 and
            Red Hat Linux.

84410         The Web agent will now correctly handle the session state for
a failed
           impersonation attempt. This applies to IIS 6.0, re-
architected Apache 2.0,
           re-architected SunOne agents only.

82755      The web agent will no longer intermittently return
SM_SESSION=NO when
           a valid cookie is presented to the web agent. This applies to
           IIS5 agents only.

83216         The Web agent will now work correctly when the + character is
specified
              in the BadURLChar parameter. This applies to IIS 6.0, re-
architected
           Apache 2.0, re-architected SunOne, IIS5, Apache 1.3 and
Domino agents only.

84904      The Web Agent will now log the resolved URL when the URL
contains bad
           URL characters as specified by the BadURLChars setting. This
applies
           to IIS 6.0, re-architected Apache 2.0, re-architected SunOne
agents only.

Certifications
------------------

85713             WebAgent 6QMR5 CR28 32-bit has been certified with Oracle
HTTP
              Server 10.1.3.0 (Apache 1.3.x) on the Red Hat Enterprise
Linux
              5.0 platform (32-bit) platform.
                 Note: For OHS 10.1.3.0 (Apache 1.3.x) to work properly on
RHEL 5.0,
           you must install Oracle patch 6078836. Please follow the
instructions
           at Oracle’s website to download and install this patch.

86317           WebAgent 6QMR5 CR28 64-bit has been certified with Sun
Java Webserver
           7.0 64-bit (including Reverse Proxy mode) on the Solaris 10
           SPARC 64-bit platform.

Enhancements
-----------------

69355      The web agent will no longer use the inode value of a fixed
file to create
           its keys for interprocess communcation. This means that there
is less likelyhood
           of a clash and that we will be able to support nfs mounted
configurations.



Tracking # Problem description
---------- -------------------
03/13/2009 6.0 SP5 CR027 contains fixes for the following tracking
numbers:

65352      The FCC login page will no longer be cached in the web
browser. This
           applies to Apache 1.3, IIS5, Domino agents only.

82059      The web agent will no longer strip characters from the URL
when a $ sign
           is encounted. This applies to the Domino agent only.

82955      The localconfigfile configuration setting is not longer
required to have a
           value if AllowLocalConfig is not set to yes. This applies to
           IIS 6.0, re-architected Apache 2.0, re-architected SunOne,
IIS5,
           Apache 1.3 and Domino agents only.

83324      The web server will no longer terminate abnormally when the
smerrlog file
           is specified without an extension but there are files in the
directory
           with the same name as the smerrlog plus an extension. This
applies to
           IIS 6.0, re-architected Apache 2.0, re-architected SunOne,
IIS5,
           Apache 1.3 and Domino agents only.

Certifications
------------------
81702           Web Agent 6QMR5 CR27 has been certified with Sharepoint
Server 2007 on
                the IIS 7 web server on the Microsoft Windows Server 2008
platform.

82637            Web Agent 6QMR5 CR27 has been certified with the Domino
8.5 web server
                 on the Microsoft Windows Server 2003 platform.


Tracking # Problem description
---------- -------------------
02/13/2009 6.0 SP5 CR026 contains fixes for the following tracking
numbers:

76541       The web agent will no longer report start times later than
end times for
            monitoring data. This applies to IIS 6.0, re-architected
Apache 2.0,
            re-architected SunOne, IIS5, Domino agents only.

80349      The REMOTE_USER varaible will now be correctly populated on
the backend web
           agent when proxyTrust is set to Yes. This applies to IIS 6.0,
re-architected
           Apache 2.0, re-architected SunOne agents only.

81282      The web agent server error file redirect will correctly work
when the SMAGENT
           uri value is invalid. This applies to IIS 6.0 agents only.


01/23/2009 6QMR5 CR025 contains fixes for the following tracking
numbers:
Tracking # Problem description
---------- -------------------

76981       The WebAgent has been enhanced to prevent a Denial of Service
attack
            that overloads the Agent with requests that generate DNS
calls to resolve
            bogus server names or IP addresses. This applies to IIS 6.0,
            re-architected Apache 2.0, re-architected SunOne, IIS5,
Domino, and
            Apache 1.3 agents only

            A new agent configuration object parameter "DisableDNSLookup"
should be
            set to YES, to disable all DNS lookups used to service client
requests.
           This applies to IIS 6.0, re-architected Apache 2.0, re-
architected SunOne,
           IIS5, Domino, and Apache 1.3 agents only
76978      The WebAgent has been enhanced to support a new agent
configuration object
           parameter OverlookSessionforMethodURI=<method>,<URI>, that
prevents update of
           session cookies for the combination of method and URI
mentioned in the
           list. This is used to prevent the extension of Sessions by
applications
           that generate heartbeat requests. This applies to IIS 6.0,
           re-architected Apache 2.0, re-architected SunOne, IIS5,
Domino and Apache 1.3
           agents only.

76979      The WebAgent has been enhanced to support two new agent
configuration
           object parameters LogFilesToKeep and TraceFilesToKeep. These
parameters
           specify the number of old files to keep when new log or trace
files are
           created. When the parameter is set to N, the N+1th file is
deleted whenever
           a new file is created. This applies to IIS 6.0, re-
architected Apache 2.0,
           re-architected SunOne, IIS5, Domino only.

78339      The agent name mapping will now work correctly when the web
agent does
           not find the SMAGENTNAME query string. This applies to IIS
6.0,
           re-architected Apache 2.0, re-architected SunOne agents only.

78477      The agent will now throw a challenge response when the
contents of a
           the SMSESSION cookie from one machine is sent from another
machine.
           This affects Domino agents only.


Certifications
------------------

77710           WebAgent 6QMR5 CR25 64-bit has been certified with IHS
6.1 (64-bit) web
                 server on Solaris 10 x86 (64-bit) platform.

79209           WebAgent 6QMR5 CR25 32-bit has been certified with IHS
6.1 (32-bit) web
                 server on SuSE Linux 10 (64-bit) platform.

80683           WebAgent 6QMR5 CR25 32-bit has been certified with Domino
7.0.3 web
                server on Windows Server 2003 SP2 platform.
81210           WebAgent 6QMR5 CR25 32-bit has been certified with IHS
6.1 (32-bit) web
                 server on AIX 5.2 (64-bit) and AIX 5.3 (64-bit) platform.

81721            WebAgent 6QMR5 CR25 32-bit has been certified with IBM
HTTP Server v5.3
                 (Domino Go) web server on z/OS 1.10 platform.

12/19/2008 6QMR5 CR024 contains fixes for the following tracking
numbers:
Tracking # Problem description
---------- -------------------

76005      The web agent will now work on AMD quad core processors. This
applies to
           all web agents.

76082      The web agent will now support the older streaming
functionality for chunked
           data. To enabled this mode a new Agent Configuration Object
has been added,
           LegacyStreamingBehavior. Set LegacyStreamingBehavior to YES
to enabled this new
           mode. This applies to Apache 2.0 agents only.

76622       The web agent will correctly only send the relevant URI from
a fully qualified
            URL to the policy server for processing when BadUrlChars is
enabled.
            This applies to IIS 6.0, re-architected Apache 2.0, and re-
architected
            SunOne agents only.

76931      The web agent will now start correctly when max procs is
greater than 1 on
           large systems under load. This applies re-architected SunOne
agents only.

77014       The SSL login prompt will no longer be repeated after
submission when
            the firefox browser is used. This applies to IIS 6.0, re-
architected
            Apache 2.0, re-architected SunOne agents only.

77151      The SM_USERGROUPS will now correctly returned the user group
information.
           This applies to IIS 6.0, re-architected Apache 2.0, re-
architected SunOne,
           IIS5, and Apache 1.3 agents only.

77783      The web agent will now handle POST preservation data
correctly with the
           X509 client certificate or form template. This applies to IIS
6.0,
           re-architected Apache 2.0, re-architected SunOne agents only.

77990      The web agent will now work correctly a URL that contains a :
character. This
           applies to IIS 6.0, re-architected Apache 2.0, re-architected
SunOne agents
           only.

78560       Agent Configuration Objects variables and valyes will not
longer be able
            to be specified in the webagent.conf file. A subset of these
values will
            still be allowed. The values that are still allowed to
specified are
            HostConfigFile, AgentConfigObject, EnableWebAgent,
ServerPath,
            LocalConfigFile, EnableIntroscopeAgentSupport and LoadPlugin.


78824      The web agent will now use the LogFile and LogFileName values
from the
           LocalConfig.conf when AllowLocalConfig=no. This applies to
IIS 6.0,
           re-architected Apache 2.0, re-architected SunOne agents only.

79088      The web agent will no longer terminate abnormally under load.
This applies to
           IIS 6.0 agents only.


Certifications
------------------

74496           WebAgent 6QMR5 CR24 64-bit has been certified with the
IIS 7.0 (64-bit)
                 web server on the Microsoft windows Server 2008 (x64, 64-
bit) platform.

75104           WebAgent 6QMR5 CR24 64-bit has been certified with the
ASF Apache 2.0.xx
                (64-bit) web server on Red Hat Enterprise Linux 4.0 on
System Z (64-bit)
                platform.

79205           WebAgent 6QMR5 CR24 64-bit has been certified with the
IBM HTTP Server 6.1
                (64-bit) web server on HP-UX 11.23 (64-bit) itanium
platform.

79342           WebAgent 6QMR5 CR24 31-bit has been certified with the
IBM HTTP Server 6.1
                (31-bit) on Red Hat Enterprise Linux 4.0 on System Z (64-
bit) platform.
11/20/2008 6QMR5 CR023 contains fixes for the following tracking
numbers:
Tracking # Problem description
---------- -------------------

78326      The Web Agent configuration wizard will now let you pick the
web server in
           console mode.

67645       The Web Agent has been modified such that “multi-
part/formsdata” forms encoding
            can now be used safely in conjunction with forms-based
authentication. Previously,
            only “application/x-www-form-urlencoded” post data was
supported across a
            forms-based authentication challenge. This enhancement
properly preserves
            multipart form data. This applies to IIS 6.0, re-architected
Apache 2.0,
            re-architected SunOne, IIS5, and Apache 1.3 agents only

69552      A new fcc ‘smaceauth.fcc’ has been introduced containing a
new directive @smacefcc
           that deals with proper redirection and setting of new
password in case the fcc
           is used with ACE authentication. The directive should be set
to 1 in case the
           user wishes to use the fcc with ACE authentication.

           When a custom file is used for ACE authentication, which in
turn posts data to a
           fcc file, smacefcc directive would come into picture. While
processing Advanced
           Authentication Challenge, if invalid credentials are entered,
then based on the
           new directive @smacefcc, it would be determined if fcc is to
be displayed or the
           custom page to display the re-challenge. The same directive
would also work for
           new PIN mode.

           This applies to IIS 6.0, re-architected Apache 2.0, and re-
architected SunOne agents
           only.

73604      The Web Agent will no longer add additonal headers when
AllowCacheHeaders is set
           to no. This applies to IIS 6.0, re-architected Apache 2.0,
and re-architected
           SunOne agents only.


74775      Traditional SiteMinder Web Agents (IIS 5, Domino, and Apache
1.x)
           handle POST preservation data in an incompatible fashion from
           SiteMinder Agent Framework Web Agents (IIS 6, Apache 2.x, Sun
ONE).

            A new Agent Configuration Object parameter
"LegacyPostPreservationEncoding"
            has been added to allow a 6QMR5 framework agent to work with
these older
            traditional agents. Setting this parameter to Yes will
enabled the new behavior.

           All 6QMR5 framework agents will have to have the same setting
for them to work
           with each other. This applies to IIS 6.0, re-architected
Apache 2.0, and
           re-architected SunOne agents only.

75072      The Web Agent will no longer terminate abnormally when
resolving the agent name under
           heavy load. This applies to IIS 6.0, re-architected Apache
2.0, and re-architected
           SunOne agents only.

75076      The Web Agent will no longer terminate abnormally when
performing agent name mapping
           under at startup. This applies to IIS 6.0, re-architected
Apache 2.0, and
           re-architected SunOne agents only.

75110      The Web Agent will now produce a more detailed error message
when a failure with the
           semaphore's or shared memory occurs. This applies to IIS 6.0,
re-architected
           Apache 2.0, and re-architected SunOne agents only.

75232      The Web Agent will no longer show an encoded string on the
password change form
           when the old password supplied was wrong. This applies to IIS
6.0, re-architected
           Apache 2.0, and re-architected SunOne agents only.

75503      The Web Agent will now correctly retain user entries in the
user session cache. This
           issue was causing the web agent to always send the request to
the policy server
           which was affecting performance. This affects Domino agents
only.

75715      The Web Agent will no longer terminate abnormally while
processing advanced
           authentication. This applies to IIS 6.0 agents only.

77153      The Web Agent will now correctly create its log and trace
files with 644
              permissions on UNIX platforms. This applies to re-architected
Apache 2.0,
              and re-architected SunOne agents only.

75055           The SiteMinder Web Agent installer on HP-UX itanium will
now correctly describe the
                requirement for having a dynamic loader and linker
installed on the system. It no
                longer specifies patch level PHSS_26560 since this only
applies to HP-UX 11.11.

Certifications
------------------

73124           SiteMinder Web Agent 6QMR5 CR23 has been certified with
ASF Apache web server
                2.2 (64-bit) on Red Hat Enterprise Linux 5.0(64-bit).

75112           SiteMinder Web Agent 6QMR5 CR23 has been certified with
Red Hat Apache web
                server 2.2 (64-bit) on Red Hat Enterprise Linux 5.0(64-
bit).

73431           SiteMinder Web Agent 6QMR5 CR23 has been certified with
IBM HTTP Webserver
                (IHS) 6.0 and 6.1 (32-bit)   on Red Hat Enterprise Linux
5.0.


09/30/2008    6QMR5 CR022 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

59617      The web agent will now return the error Forbidden (403)
instead of Internal Server
           Error (500) when the anonymous authorization scheme is in
used. This applies
           to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne agents.

69287      The web agent will no longer terminate abnormally on
shutdown. This applies to
           IIS 6.0 agents only.

71575      The web agent will no longer corrupt the cookies when they
begin with the word
           SMSESSION. This applies to IIS 6.0, re-architected Apache
2.0, and re-architected
           SunOne agents only.

74173      The web agent will no longer terminate abnormally when
logging is in use and more
           than 256 virtual servers are configured. This applies to the
Solaris platform only.

Certifications
------------------

67572      WebAgent 6QMR5 CR20 has been certified with Microsoft IIS 7.0
Web Server
           on Windows Server 2008 (x86, 32-bit). To configure the Web
Agent with IIS 7,
                you must install the following “Role Services” on the IIS
7 web server:
                ASP.NET, CGI, ISAPI Extensions and ISAPI Filters. Please
refer to Microsoft’s
                documentation on managing “Role Services”.

71893           WebAgent 6QMR5 CR22 has been certified with the Red Hat
Apache 2.2 web server
                on Red Hat Enterprise Linux 5. For correct operation,
please ensure that the
                Red Hat “Legacy Software Development” tools are
installed.

71226           Web Agent 6QMR5 CR22 has been certified with the ASF
Apache 2.2 (64-bit) web
                server on HP-UX 11.23 (IA 64) and HP-UX 11.31 (IA 64).


09/02/2008   6QMR5 CR021 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

72806        Corrected the selectlogin.fcc sample code to work correctly.

73611      Added a new form to use with Sharepoint signoff, this stops
the sharepoint
           integration from re-authenticating the user when NTLM
authentication is used.

73105       Sharepoint integration will now correctly handle subsequent
login's and
            logout's as a different user.

71518      The web agent will now start correctly when max procs is
greater than 1. This
           applies re-architected SunOne agents only.

Certifications
------------------

67572      WebAgent 6QMR5 CR20 has been certified with Microsoft IIS 7.0
Web Server
             on Windows Server 2008 (x86, 32-bit)

73095        WebAgent 6QMR5 CR20 64-bit has been certified with HP Apache
2.0.5x
             (Reverse Proxy tested) on HP-UX 11.23 and HP-UX 11.31 Itanium


08/01/2008   6QMR5 CR020 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

72096      Logging functionality has been enhanced for Framework Web
Agent such that
           if the path to the SmHost.conf file is empty in the
WebAgent.conf file,
           then an appropriate error message is displayed.

65705       The web agents will now recover from a hung state if there
has been an
            abnormal termination of the web server process. This applies
            to re-architected Apache 2.0, and re-architected SunOne
agents only on UNIX
            platforms.

69488      Step up authentication will now work correctly with a cookie
provider. This affects
           IIS5, Domino and Apache 1.3 agents only.

69700       The web agent will no longer return the 500 error when legacy
cookie mode
            is set and the POST request is not for a post preservation
scenario. This applies
            to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne agents only.

70866      The smreghost utility will no longer produce a bad shake
error and fail
           to connect on faster platforms.

71038        The web agent will no longer go into a login loop if existing
cookies
             end with the same name as the zone cookie. This applies to
IIS 6.0,
             re-architected Apache 2.0, and re-architected SunOne agents
only.

71356      The "server" header variable can now be removed from the http
header. To
           remove the "server" variable set the new agent configuration
parameter
           SuppressServerHeader to Yes. This applies to IIS 6.x agents
only.
72151      The web agent will no longer terminate abnormally if DNS is
not configured
           correctly on the server. This applies to IIS 6.0, re-
architected Apache 2.0,
           and re-architected SunOne agents only.

Certifications
------------------

69463        WebAgent 6QMR5 CR17 has been certified with ASF Apache Server
2.2 on
             Windows server 2008 (x86-32 bit) platform.

70851       WebAgent 6QMR5 CR18 (32-bit) has been certified with Oracle
HTTP Server
            10.1.3.0 (Apache 2.0.x based) on SuSE Linux 9 (64 bit).

70506        WebAgent 6QMR5 CR18 has been certified with ASF Apache 2.0.58
Server on
           RHAS 5.0 and RHES 5.0. Please ensure that the RHEL "Legacy
Development Tools"
           are installed.

71678      WebAgent 6QMR5 CR18 has been certified with ASF Apache 2.2.3
Server on RHAS 5.0
           and RHES 5.0. Please ensure that the RHEL "Legacy Development
Tools" are
           installed.


07/03/2008   6QMR5 CR019 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

68995      The Wiley IntroScope support no longer requires the one view
monitor to
           be enabled.

69825      Fcc files will now work correctly if they do not contain a
trailing CR/LF pair
           at the end of the fcc file.

69593      The web agent will no longer translate the URI path if
DisableDirectoryList
           is set to Yes. With this setting additional HTTP 0.9 messages
will no longer be
           generated.

69649      The URL protocol specification can now be forced to always be
in lowercase.
            To enable this behavior a new Agent Configuration Object
parameter has been
            added called LowerCaseProtocolSpecifier. Setting this to yes
will enable
            this feature.

70151      A post with SMPostPreserve set will no longer return any
meaningful
           information if SiteMinder internal cookies are posted to the
web agent.

70726      The web agent load balancer will check for and handle divide
by 0 errors.


Certifications
------------------

69485        Web Agent 6QMR5 CR017 has been certified with IBM HTTP Server
6.1 on
             z-Series Red Hat Enterprise         Linux AS 4

69612        Web Agent 6QMR5 CR018 has been certified with ASF Apache
2.0.5x on
             z-Series Red Hat Enterprise Linux        AS 4

70344      Web Agent 6QMR5 CR018 has been certified OHS 10.1.3.0
(Apache2.0.x) on
           Red Hat Enterprise Linux ES and        AS 4 (64 bit)


05/30/2008   6QMR5 CR018 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

64954      The web agent will no longer terminate abnormally when a zero
length packet
           is recieved after the web agent has been performing chunk
encoding. This
           applies to Apache 2.0 agents only.

69191       Closed a cross-site scripting attack vulnerability with the
use of the %00
            character sequence. This applies to IIS 6.0, re-architected
Apache 2.0,
            and re-architected SunOne agents only.

Certifications
------------------

67574       Web Agent 6QMR5 CR17 has been certified with IBM Domino 8 on
IBM AIX 6.1
69111      Web Agent 6QMR5 CR17 has been certified with HP Apache2.0.58
(64 bit) and
           ASF Apache 2.0.x (64-bit) on HP-UX 11.31 (64-bit Itanium)

68975       Web Agent 6QMR5 CR17 (32-bit) has been certified with Oracle
HTTP Server
            10.1.3.0 (Apache 2.0.x, 32-bit) on HP-UX 11.23 (64-bit
Itanium)


05/02/2008   6QMR5 CR017 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

67561      The "Remind me later" button on the smpwservice.fcc will now
perform a valid
           target domain check if ValidDomainTarget is enabled. This
applies to IIS 6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

67582      Closed a FCC cross site scripting attack vulnerability. This
applies to IIS 6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

68827      Closed a FCC and Java Servlet cross frame scripting attack
vulnerability.
           This applies to all SiteMinder Web Agents.

Certifications
------------------

66324      Web Agent 6QMR5 CR16 has been certified with ASF Apache2.0.61
on AIX 6.1 platform.

68972      Web Agent 6QMR5 CR16 has been certified with IBM HTTP Server
6.1 on zSeries Suse 10.


03/28/2008   6QMR5 CR016 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

64569      The web agent will correctly only send the relevant URI from
a fully qualified
           URL to the policy server for processing. This applies to IIS
6.0, re-architected
           Apache 2.0, and re-architected SunOne agents only.
65514      The SMTRYNO count can no longer be set to an inappropriate
value. This applies
           to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne agents only.

65714      The web agent logging configuration can now be changed
dynamically in both central or
           local configurations. This applies to IIS 6.0, re-architected
Apache 2.0, and
           re-architected SunOne agents only.

65767         A POST request will now be handled correctly by the web agent
when the
              LegacyCookieProvider parameter is set to yes.   This applies
to IIS 6.0,
              re-architected Apache 2.0, and re-architected SunOne agents
only.

65922            The web agent will no longer terminate abnormally when
accessing the password retry
           count in very rare circumstances. This applies to IIS 6.0,
re-architected
           Apache 2.0, and re-architected SunOne agents only.

65977      Submitting a password change with the Cert and Basic
authenication scheme will work
           correctly. This applies to IIS 6.0, re-architected Apache
2.0, and re-architected
           SunOne agents only.

66029      The idle timeout will now work correctly on 64 bit platforms.
This applies to
           IIS 6.0, re-architected Apache 2.0, and re-architected SunOne
agents only.

66054      Form authentication will now work correctly when running with
reverse proxy and
           TransientIPCheck is enabled. This applies to IIS 6.0, re-
architected Apache 2.0,
           and re-architected SunOne agents only.

66733           The ValidTargetDomain ACO parameter will now correctly
exclude targets that contain
           extra file delimiter characters.


Certifications
------------------

65597      Web agent 6QMR5 CR16 has been certified with the ASF Apache
2.0.xx (64-bit)
           web server on HP-UX 11.23 (64-bit Itanium) platform.
65604      Web agent 6QMR5 CR16 has been certified with the ASF Apache
2.2 (64-bit)
           web server on Solaris 10 (64-bit) platform.

66502      Web agent 6QMR5 CR16 has been certified with the Exchange
Server 2007 (OWA)
           on Win2K3 SP2 platform.

64846      Web agent 6QMR5 CR16 has been certified with the HP Apache
2.0.5x (64-bit)
           web server on HP-UX 11.23 (64-bit Itanium) platform.

65607      Web agent 6QMR5 CR16 has been certified with the OHS 10.1.3.0
(Apache 2.0.x)
           web server on Suse Linux 10 platform.

66323      Web agent 6QMR5 CR16 has been certified with the ASF Apache
2.2 web server on
           AIX 6.1 platform.


03/04/2008   6QMR5 CR015 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

65431      The web agent will now correctly prompt when using basic
authentication
           over SSL and an OnAuthAttempt rule with an attached response
is triggered.
           This applies to IIS 6.0, and re-architected Apache 2.0 agents
only.

65580      The web agent will now correctly handle the agent
configuration object
           AcceptTPCookie parameter when it contains a blank value. This
affects
           IIS5, Domino and Apache 1.3 agents only.

65655       The ACE authentication scheme's next token page will now
display correctly
            when the HTML Form Template Auth Scheme is used with the
smpwservices.fcc.
            This applies to IIS 6.0, re-architected Apache 2.0, and re-
architected
            SunOne agents only.

Certifications
------------------
66481      Web agent (31-bit) 6QMR5 CR15 has been certified with the IHS
6.0.2
           web server on RHEL AS 4 64-bit for System z platform.
66032        Web agent 6QMR5 CR15 has been certified with the IHS 6.1 web
server
             on AIX 6.1 platform.

02/11/2008   6QMR5 CR014 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------
62653      The web agent will now correctly recover when the web server
process
           terminates abnormally. This applies to IIS 6.0, re-
architected Apache 2.0,
           and re-architected SunOne agents only.

64369      The SMSESSION cookie path will now be set correctly when a
session has timed out.

64911      The Web Agent will no longer terminate abnormally when
processing a HEAD request
           for a fcc in a non-existent directory. This applies to IIS
6.0, and re-architected
           Apache 2.0 agents only.

65651      The web agent will now work as expected with servlet exec
engines. This applies to
           IIS 6.0 agents only.

01/07/2008   6QMR5 CR013 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

64059      Closed a FCC cross site scripting attack vulnerability. This
applies to IIS 6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

61101      Microsoft Internet Explorer will no longer cache the FCC
login page. This
           applies to IIS 6.0, and re-architected Apache 2.0 agents
only.

63025      The Web Agent will now challenge for user credentials when
directory browsing and
           the index.html has been removed. This applies to re-
architected SunOne agents only.
           This enhancement requires the ACO parameter
DisableDirectoryList ro be present
           and set to yes.

63391      Mozilla browsers will no longer replay cached credentials
when using Basic
           Authentication over SSL. This applies to IIS 6.0, re-
architected Apache 2.0,
           and re-architected SunOne agents only.

63598      The Web Agent will now log the username when X509 Client Cert
Authentication
           is used. This applies to IIS 6.0, re-architected Apache 2.0,
and re-architected
           SunOne agents only.

63681      The Web Agent will no longer incorrectly produce the error
"Error reinitializing
           event with key base ...". This applies to re-architected
Apache 2.0 agents only.

63757      The SM_AUTHTYPE is now set correctly for the anonymous
authentication scheme after
           accessing a resource protected by the basic authentication
scheme. This applies to
           IIS 6.0, re-architected Apache 2.0, and re-architected SunOne
agents only.

64808       Closed a security vulnerability where protected resources
could be circumvented. We
            recommend all customers running the IIS 6.0 agent 6 QMR4 GA
and 6 QMR5 GA to 6 QMR5
            CR12 to upgrade to this release. This applies to the IIS 6.0
agent only.

Certifications
------------------

65249      Web agent 6QMR5 CR013 has been certified in 64-bit mode with
the ASF Apache
           2.0.61 (64-bit) web server on the AIX 5.2(64-bit) and AIX
5.3(64-bit) platforms.

65250      Web agent 6QMR5 CR013 has been certified in 64-bit mode with
the ASF Apache
           2.2.6 (64 bit) web server on the AIX 5.2(64-bit) and AIX
5.3(64-bit) platforms.

63014      Web agent 6QMR5 CR013 has been certified in 64-bit mode with
ASF Apache 2.2.6
           (64-bit) web server on the SUSE Linux 10 (64-bit) platform.

64135      Web agent 6QMR5 CR013 has been certified with Domino 8 web
server on the SUSE
           Linux 10 platform.

63232      Web agent 6QMR5 CR013 has been certified with Sun Java System
7.0 (64-bit) web
           server on the Solaris 10 (64-bit) platform.
65256      Web agent 6QMR5 CR013 has been certified with IHS 6.0.2 web
server on the zSeries
           RHAS 4 platform.


11/16/2007   6QMR5 CR012 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

62470      The web agent will now update the master cookie domain
correctly when a session
           times out.

62237      The web agent will no longer terminate abnormally or freeze
when running in
           worker mode. This applies to re-architected Apache 2.0 agents
only.

61919      The web agent will now redirect correctly when authorization
schemes with
           different security levels are used on to protect a FCC
resource. This applies
           to re-architected Apache 2.0 agents only.

61946      The AgentWaitTime parameter will now work correctly on all
non windows platforms.
           This parameter specifies how long the low level agent will
wait to establish a
           connection to the Policy Server. The default is 5 seconds.

62274       URL query parameters will not longer be removed when a cookie
provider is
            configured and the web agent accesses a FCC protected
resource. This affects
            IIS5, Domino and Apache 1.3 agents only.

63389      Use of CustomIPHeaders will no longer cause an unexpected
termination of the
           web agent when web agent tracing is enabled.

63418      The Basic over SSL authentication scheme will now correctly
preserve post data.

62900      Clean up and correction of web agent LLAWP start up and
shutdown messages.

Certifications
------------------

63316      Web Agent 6QMR5 CR12 has been certified with Domino 7.x Web
Server on SuSE Linux 10
           platform.
63137      Web Agent 6QMR5 CR12 has been certified with Domino 8 Web
Server on AIX 5.3 platform.

63587      Web Agent 6QMR5 CR12 has been certified with IBM HTTP Server
6.1 on Sun Solaris 10
           (Sun Domains) platform.

61428      Web Agent 6QMR5 CR12 has been certified with 64-bit ASF
Apache 2.2 Web Server on
           64-bit Red Hat Enterprise Linux AS/ES 3.0 platform.

61902      Web Agent 6QMR5 CR12 has been certified with 64-bit ASF
Apache 2.2 Web Server on
           64-bit Red Hat Enterprise Linux AS/ES 4.0 platform.

62540      Web Agent 6QMR5 CR12 has been certified with Domino 8 Web
Server on Solaris
           8/9/10 platforms.

62681      Web Agent 6QMR5 CR12 has been certified with Domino 8 Web
Server on Windows 2000 SP4
           and Windows 2003 SP1 platforms.

62553      Web Agent 6QMR5 CR12 has been certified with ISA Server 2006
running as a web proxy.

61690      Web Agent 6QMR5 CR12 has been certified with Oracle HTTP
Server 10.1.3.0 on
           Windows 2003 SP1 platform.


09/28/2007   6QMR5 CR011 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

56217        The RequestIPAddr parameter is now correctly documented in
the
             WebAgentTrace.conf file.

59856      The web agent has been enhanced to only allow the validation
of a session
           cookie against the issuing cookie domain. This is to prevent
session
           cookie replay attacks from a domain that did not issue the
cookie.

           To enable this functionality a new agent configuration
parameter “TrackSessionDomain”
           must be added to the Agent configuration and set to “yes”.
61697      The web agent with now correctly request content from a
cookie provider
           when TargetASRelativeURI is enabled.

61915      FCC protected resources will now work correctly when the
BadFormChars
           parameter is left blank.

62012      The Web Agent installer will correctly work with Sun iPlanet
7.0 Update 1.

62050      FCC credentials will now correctly check if the target is in
any configured
           valid target domains.


Certifications
------------------

62138        Web Agent 6QMR5 CR011 in 64-bit mode has been certified with
64-bit
           Red Hat Apache 2.0.xx Web Server on 64-bit Red Hat
Application Server 4.0
           and 64-bit Red Hat Enterprise Server 4.0 platforms.


08/31/2007   6QMR5 CR010 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

61036        The smprofile.ccc file will now be processed correctly. This
applies
             to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne
             agents only

57846      The web agent will now re-challenge the user when the user's
IP address
           changes and TransientIPCheck is enabled. This applies to IIS
6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

59670        Correctly handle a very specific encryption return type.

60215        Corrected the directory directive added while configuring Web
agents on
             Oracle HTTP server for Advanced Authentication Schemes.

61189      In an environment with multiple cookie domains and a
centralized cookie
           collector the browser will no longer into a loop. This
applies to IIS 6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

61259      The web agent installation will now correctly recognize and
configure the
           Oracle HTTP Server 10G.

61299        FCC password fields can now support more than 4K of data.

61316      The web agent install will not longer change the permission
on the user's home
           directory. This applies to UNIX platforms only.


Certifications
------------------

60722        Web Agent 6QMR5 CR010 has been certified in 64-bit mode with
the ASF
             Apache 2.0.xx Web Server on the 64-bit RHAS/RHES 3.0
platforms.


61581        Web Agent 6QMR5 CR010 has been certified in 64-bit mode with
the ASF
             Apache 2.0.xx Web Server on the 64-bit RHAS/RHES 3.0
platforms.


58705      Web Agent 6QMR5 CR010 has been certified with HP Apache
2.0.5x Web Server
           on HP-UX 11.23 (32-bit Itanium) platform.

07/27/2007   6QMR5 CR009 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

59706        SSO will now work correctly for a resource protected by FCC
and with
             a legacy cookie provider enabled.

60044        Installation of the Web Agent with no longer put the password
in
             the installation log.

60060        Enabled URL rewriting will now work correctly when the web
agent is
             installed. This applies to Apache 2.0 web servers only.
60512         Invalid data in the TARGET query parameter will no longer
cause an
              unexpected termination of the web agent.

60535         The web agent will now load balanced correctly when there is
high
              latency to the policy server.

Certifications
------------------

59453         Web agent 6QMR5 CR009 has been certified in 64-bit mode with
              the ASF Apache 2.0.58 Web Server on the 64-bit SPARC based
              Solaris 8/9/10 platforms.

60116         Web agent 6QMR5 CR009 has been certified in 64-bit mode with
              the Sun Java System Web Server 6.1 on the 64-bit SPARC based
              Solaris 8/9/10 platforms.

60829         Web agent 6QMR5 CR009 has been certified with the Domino
7.0.2
              Web Server on the SPARC based Solaris 10 zones.

60561         Web agent 6QMR5 CR009 has been certified with the IBM HTTP
Server
              5.3 on the z/OS 1.8 platform.

06/29/2007    6QMR5 CR008 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

57736         The web agent will now log the resolved URL in the trace log
when
              the requested URL contains characters specified in the
BadCCSChars
              list.

58714         The default log file will not be opened when logging is
              not enabled.

59188         Cert or Basic authentication schemes will now handle invalid
or
              blank credentials correctly. This affects Domino agents only.

59943         The realm string will now correctly contain the basic prompt
time
              stamp. This affects Domino agents only.

60028         .ccc files can now be protected when this extension is
removed
              from the ignore extensions list. If this extension is removed
then
             the web agent can not be used as a cookie provider. If the
.ccc
           extension is removed, it will be treated as any other
resource and
           require policy entries etc to handle the authorization of the
cookie.
           Previously the cookie was auto authorized and this was not a
           requirement.


Certifications
------------------

60605        The Web agent 6QMR5 CR007 has been certified with the Sun
Java
             System Web Server 7.0 on the Suse Linux 10 Platform.

59487        The Web agent 6QMR5 CR006 has been certified with the Sun
Java
             System Web Server 7.0 on the HP-UX 11.11 (PA-RISC)

59482        The Web agent 6QMR5 CR007 has been certified with the Sun
Java
             System Web Server 7.0 on RHAS 4.0 Platform.

59484        The Web agent 6QMR5 CR007 has been certified with the Sun
Java
             System Web Server 7.0 on Solaris 10 (x86) Platform.


06/07/2007   6QMR5 CR007 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

59014        LoggOffURL's will now behave correcly with the Mozilla
browser
             over a SSL connection.

59105        The web agent will now correctly apply the DisableDotDotRule
             when IgnoreUrl lists are in effect. This applies to IIS 6.0,
             re-architected Apache 2.0, and re-architected SunOne agents
             only.

59227        When the cookie grace period expires an extra delimiter will
             not be left at the end of the SMSESSION cookie on the
             re-architected SunOne agent.

59228        Upon accessing a realm protected by a HTML forms based scheme
at a
             higher protection level than the current session, web agents
will
             now redirect with a query parameter of SMAUTHREASON=5
              (Sm_Api_Reason_AuthLevelTooLow). This applies to IIS 6.0,
              re-architected Apache 2.0, and re-architected SunOne agents
only.

59456         The web agent installer will no longer create a duplicate
              install_config_info file.

59338         Siteminder application data should now be stripped from the
url
              correctly when the request is forwarded back to the cookie
provider.
              This applies to IIS 6.0, re-architected Apache 2.0, and re-
architected
              SunOne agents only.

59514         Correctly handle a very specific password encryption failure
with
              "Run in Authenticated User’s Security" mode.

59544         The web agent will now pass WebAgent-OnAccept-Text responses
              assigned to OnAuthAccept rules correctly. This affects IIS5,
              Domino and Apache 1.3 agents only.

59579         The previous button will now function correctly after you
proceed
              to the Trusted HostName and Configuration Object screen.

59658         The realm string will now only contain one time stamp string
for a
              basic challenge. This affects IIS5 agents only.

59660         The WebAgent Configuration wizard will now correctly
configure
              CertOrForm and CertAndForm on the Apache 2.0.58 (ASF) web
server.

59860         Web agents will now process WebAgent-OnAccept-Text when used
              with the OnAuthAccept event correctly.This applies to IIS
6.0,
              re-architected Apache 2.0, and re-architected SunOne agents
only.


Certifications
------------------

58703         Web agent 6QMR5 CR007 has been certified in 64-bit mode with
the
              Microsoft’s Internet Information Services (IIS) 6.0 Web
server on
              the 64-bit Windows Server 2003 SP1 and Windows Server 2003 R2
              platforms.
             For installing and running the Web Agent 6QMR5 on Windows 64
bit,
             the machine must have the re-distributable package from
Microsoft
             (Microsoft Visual C++ 2005 Redistributable package (x64))
installed
             prior to the Web Agent Installation.

             The re-distributable package from Microsoft (Microsoft Visual
C++
           2005 Redistributable package (x64)) is required as it
provides some
           of the 64bit runtime libraries which are required to run the
libraries
           created by using 64 bit windows compiler (VC8). Since the
           Web Agent 6QMR5 libraries for Windows 64 bit have been
created using
           this compiler so there is a need for installing the above
mentioned
           redistributable package. This is a 4MB download available
from the
           following link: FILENAME: vcredist_x64.exe

http://www.microsoft.com/downloads/details.aspx?familyid=90548130-4468-
4BBC-9673-D6ACABD5D13B&displaylang=en

59485        Web agent 6QMR5 CR007 has been certified with the Sun Java
System
             Web Server 7.0 on the Windows 2000 SP4 and Windows Server
2003 SP2
             platforms.

59486        Web agent 6QMR5 CR007 has been certified with the Sun Java
System
             Web Server 7.0 on the SuSE Linux 9 SP3 platform.

59483        Web agent 6QMR5 CR007 has been certified with the Sun Java
System
             Web Server 7.0 on the SPARC based Solaris 8/9/10 platforms.


04/30/2007   6QMR5 CR006 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

56308        A new agent configuration parameter is added by the name
             "UseHTTPOnlyCookies" which when set to "yes" adds the
"HttpOnly"
             flag to all the web agent cookies.

             The cookies in which the HTTP-Only attribute would be added
are
           as follows:
           SMSESSION Cookie
           SMIDENTITY Cookie
           SMUSRMSG Cookie
           SMTEXT Cookie
           SMTRYNO Cookie
           SMSAVECRED/SMDATA Cookie
           SMCHALLENGE Cookie
           SMDOMINODATA Cookie
           SMONDENIEDREDIR Cookie
           SMSAVEDSESSION Cookies
           NTLMCRED Cookie
           SSLCRED Cookie
           FORMCRED Cookie

           This applies to all web agents.


58602      Corrected the Agent Name resolution algorithm to make sure
that
           after the ACO is modified, the AgentName is resolved through
           "AgentNameMapping" instead of "DefaultAgentName". This
applies
           to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne
           agents only

58863      Ensure that installing the web agent does not change the
           permissions of '/' to 775. This applies to all web agents on
Unix
           platforms.

58921      (58753)    Ensure that modifying the TARGET URL parameter
does not defeat
           checking against the ValidTargetDomain agent configuration
option.
           This affects all web agents.

58929      Ensure that the web agent does not crash if receiving a
response
           of zero length. This applies to IIS 6.0, re-architected
Apache
           2.0, and re-architected SunOne agents only

58980      In a configuration where Run in Authenticated User’s Security
           Context is enabled, IIS 6.0 Web Agents will now correctly use
the
           user’s domain name instead of using the User Directory
object’s
           name.This applies to IIS 6.0, re-architected Apache 2.0, and
           re-architected SunOne agents only
58986         Ensure that the resource cache cannot get filled up with
invalid
              entries in some circumstances causing all IsProtected() calls
to
              go to the Policy Server. This applies to IIS 6.0, re-
architected
              Apache 2.0, and re-architected SunOne agents only

59372      With TargetAsRelativeURI=YES and FCCCompatMode=YES,
redirections
           to fully qualified URLs are now properly trapped. This
applies
           to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne
           agents only

59068         For Sun-One agents, in the agent log file, version header is
              correctly shown as "SiteMinder SUNONE WebAgent". This applies
to
              the re-architected SunOne agent only.

59152         (59108) Ensure that the web agent exits succesfully in all
              instance and does not require a web server restart in order
to
              be restarted. This affects the IIS5.0 agent only

59169         Ensure that URLS to be compared against ValidTargetDomain are
              properly checked to be legal according to RFC2396. This
applies
              to IIS 6.0, re-architected Apache 2.0, and re-architected
SunOne
              agents only


03/30/2007    6QMR5 CR005 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

57822         Client wants the ability to set the cookie path of certain
              SiteMinder web agent cookies to a specific path.

              These code changes introduce three new agent configuration
parameters.
              CookiePath
              CookiePathsSope
              MasterCookiePath

              MasterCookiePath:
              The default value of this parameter is "/" (root).
              This parameter dictates the cookie path for the Cookie
Provider
             created session cookies. If this parameter is omitted from
the
             Cookie Provider agent configuration or set to "/", the cookie
             provider will create a root path session cookies (as it does
             today). If this parameter is set to a path, i.e.
             "/siteminderagent" all cookie provider session cookies will
have
             the path of "/siteminderagent"

             CookiePath:
             The default value of this parameter is "/". This parameter
             dictates the cookie path for the following secondary agent
cookies.

             xxSESSION
             xxIDENTITY
             xxDOMINODATA
             xxCHALLENGE (including SSL_CHALLENGE_DONE)
             xxDATA
             xxSAVEDSESSION

             If this parameter is not specified or set to "/", all
secondary
             agent cookies listed above will be created with "/" (root)
path
             (as it is done today).   If this parameter is set to a path,
i.e.
             "/BasicAuth", above listed secondary agents will be created
with
             "/BasicAuth" as the path.

             CookiePathScope:
             The default parameter of this value is 0. This parameter
             dictates the cookie path scope for the above listed secondary
             agent cookies. Setting this parameter to a value greater
then
           0 will override the CookiePath parameter setting.
Administrators
           should define either CookiePath or CookiePathScope. For
example,
           if CookiePathScope is set to 1, agent will extract the first
           path section from the requested resource and set the above
           secondary agent cookies to that path.

             Table shows the behavior of CookiePath and CookiePathScope
parameter.

             Request:   /Path1/Path2/Path3/Path4/Index.html

             CookiePath:     CookiePathScope: Actual Cookie Path:
             /BasicA     0     /BasicA
             /BasicA     1     /Path1
             /BasicA     2     /Path1/Path2
             /BasicA     3     /Path1/Path2/Path3
           /BasicA    4       /Path1/Path2/Path3/Path4
           /BasicA    5       /Path1/Path2/Path3/Path4
           /BasicA    99      /Path1/Path2/Path3/Path4
           "/" or undefined   0     /
           "/" or undefined   1     /Path1
           "/" or undefined   2     /Path1/Path2
           "/" or undefined   3     /Path1/Path2/Path3
           "/" or undefined   4     /Path1/Path2/Path3/Path4
           "/" or undefined   5     /Path1/Path2/Path3/Path4
           "/" or undefined   99    /Path1/Path2/Path3/Path4

           Cred cookies such as SSLCRED, FORMCRED and NTLMCRED will
always
           maintain "/" root path for backwards compatibility reasons.

           xxONDENIEDREDIR cookie will maintain "/" root path since,
           ONDENIEDREDIR cookie gets created by the rejected resource
but
           gets used by the redirected resource.    Having a path other
then
           root will break the ONDENIEDREDIR functionality.

           xxTRYNO cookie will maintain "/" root path since it only gets
           accessed by forms authentication scheme and forms
authentication
           scheme will not be able access it since if TRYNO contained
the
           resource path.

           These changes will affect simple SSO.
           For example, with "CookiePathScope" set to 1 or higher, the
           users will get challenged for credentials for both
           /BasicA/Index.html and /BasicB/Index.html since the SESSION
           cookie with a path /BasicA will not be valid for
           /BasicB/Index.html request.

           This change applies to all web agents except IBM HTTP Server
           v5.3 (Domino Go)

58672      Domino Web Agents now send human readable error messages to
the
           browser for 403 and 500 errors. This applies to the Domino
web
           agent only.

58694      Traditional SiteMinder Web Agents (IIS 5, Domino, and Apache
1.x)
           handle POST preservation data in an incompatible fashion from
           SiteMinder Agent Framework Web Agents (IIS 6, Apache 2.x, Sun
ONE).

           Two new POST preservation template files are introduced to
address
              this incompatibility. On Framework Agents which host
resources
           protected by FCCs hosted on Traditional Agents, configure the
           PostPreservationFile parameter to use fw2tr.pptemplate. For
           example, if the product were installed in
/app/netegrity/webagent:
PostPreservsationFile="/app/netegrity/webagent/samples/forms/fw2tr.pptemp
late"

           On Traditional Agents which host resources protected by FCCs
           hosted on Framework Agents, configure the
PostPreservationFile
           parameter to use tr2fw.pptemplate. For example:
PostPreservsationFile="/app/netegrity/webagent/samples/forms/tr2fw.pptemp
late"


03/09/2007    6QMR5 CR004 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

52269         (52265)Ensuring Requests are Not Rejected Due to URL
              Normalization

              The process of URL normalization modifies URLs from a Domino
              representation to a URL format used by a typical web browser.
              The Domino Web Agent relies on the Domino Web server APIs to
              normalize a Domino URL.

              During the normalization process, the Domino Server APIs
              periodically return a URL with a carriage return (0x0D in
hex)
              and/or a line feed character (0x0A in hex) added to the
              normalized URL. The addition of these characters appears to
be
              related to specific Notes database (.nsf) files and access
              patterns within these files.

              To ensure that URLs with Domino resource IDs are not
normalized,
              turn off normalization using the DominoNormalizeUrls
parameter.

              By default, the DominoNormalizeUrls parameter is set to Yes
so
           that Web Agent will normalize URLs. To turn off normalization
           and ensure that URLs are not altered, set the
DominoNormalizeUrls
           parameter to No.

              Important: If you set the DominoNormalizeUrls parameter to
No,
            you cannot protect individual documents within a Notes
database;
            you can only protect the entire database or subdirectories of
            the Domino web server.

54002       CQ 54002 has been re-introduced into CR04, with some
performance
            enhancements to reduce the load on the Policy Server. See the
            entry in CR02 for the functional write up of CR04.

57505       Create a local SMSESSION cookie when an SMSESSION cookie from
a
            cookie provider is present, even if that cookies session
grace
            period has not already expired. This applies to IIS 6.0,
            re-architected Apache 2.0, and re-architected SunOne agents
only

57574       Issues with the installation, configuration and uninstall of
the
            Web agent on the SuSE Linux 10 have been fixed. This affects
the
            IBM HTTP Server V6.1 on SuSE Linux 10 only.

57680       Ensure that the localconfig.conf file is properly copied to
the
            config directory during installation. This applies to the
            re-architected SunOne agent only

57947       Ensure that the Domino Web Agent does not normalize all URLs
            made with short hostnames if DominoMapUrlforRedirect is set
to No.
            This applies to the Domino web agent only

57974      Ensure that when upgrading a pre-6QMR5 web agent
installation, that
           that only the 6QMR5 version of the web agent is displayed in
the
           "Add/Remove Programs" dialogue box. This affects all
supported web
           agents runing under Windows.

58149             Ensure that the installer adds the appropriate
directives in the
           httpd.conf file of the IBM HTTP Server v5.3 (Domino Go) for
z/OS
           during the configuration of this web-server with the Web
agent.
           This affects the IBM HTTP Server v5.3 (Domino Go) for z/OS
only

58181       The Policy Server installer now provides the option of
selecting
            Apache as the Web Server for configuring the Admin UI.
58252         A defect was found in the managment of compound replies from
the
              policy server when authenticating against a SafeWord server.
              A new version of the safeword.fcc form corrects this. This
              applies to all web agents using Safeword Authentication.

58276         Correctly identify the presence of the placeholder cookies
and
              do not try to use them to access protected resources. This
              applies to IIS 6.0, re-architected Apache 2.0, and
              re-architected SunOne agents only

58357         Eliminate the cosmetic error message "Failed to retrieve
SESSION
              data for GUID" when the Domino web agent is configured with a
              cookie provider and storesessioninserver = YES. This applies
to
              the Domino web agent only.

58448              Web agent 6QMR5 CR004 for z/OS has been enhanced to
support the
              SSO Security Zones feature. This affects the IBM HTTP Server
              v5.3 (Domino Go) for z/OS only

58540         This fix addresses runtime symbol resolution failures which
              were identified on several plugins on several OS platforms.
              The issues identified included:

              Affiliate 1.0 Plugin failed to load on HP-UX 11.11 and AIX
5.2

              SAML Affiliate Plugin failed to load on HP-UX 11.11 and AIX
5.2

              Transactionminder Plugin failed to load on AIX 5.2

              eTSSO Plugin failed to load on Solaris 8,9,10



02/16/2007    6QMR5 CR003 contains fixes for the following tracking
numbers:

NOTE: CQ54002 was removed from CR03 due to performance concerns. It is
re-
introduced in CR04

Tracking # Problem description
---------- -------------------

51545         Web Agents that use the ServerErrorFile configuration
parameter
            to redirect back to themselves no longer cause an infinite
loop
            of HTTP redirects if no agent name or default agent name has
            been specified in the ACO. This affects all web agents

56091       When agent configuration object of framework agent is
modified,
            agent logs are updated dynamically irrespective of whether
            trace logs are enabled or not. This applies to IIS 6.0,
            re-architected Apache 2.0, and re-architected SunOne
            agents only

56290       Do not incorrectly print the message "HLA_MGR: Unable to
process
            - data missing" if there is no error condition. This applies
to
            IIS 6.0, re-architected Apache 2.0, and re-architected SunOne
            agents only

57121       The configuration wizard successfully adds LoadPlugin for
            libIntroscopePlugin.so/sl or IntroscopePlugin.dll to
            WebAgent.conf.

57538       If traditional agent is configured to be a cookie provider,
            it now properly enforces idle time out and max time out when
            an smsession cookie is received from a new framework agent.
            This affects IIS5, Domino and Apache 1.3 agents only.

57549       Cookie Provider functionality now works properly in the
scenario
            where both agents have SecureUrls enabled. This applies to
            IIS 6.0, re-architected Apache 2.0, and re-architected SunOne
            agents only when they are acting as the cookie provider.

57581       Under certain conditions, Apache 1x web agent configured as a
            secondary agent fails to recognize and process the cookie
sent
            by the cookie provider. This causes the Apache 1x agent
            unnecessarily redirect back to the cookie provider.
            This has been addressed. This affect the Apache 1.3
            agent only


57608       (56748)    Ensure that the Apache web agent properly handles
            chunk-encoded POST data. This applies to the re-architected
            Apache 2.0 agent only.

57798       Make sure that an @ in a custom .fcc file is only taken as a
            directive at the start of a line. This is to allow email
            addresses in these forms. This affects all web agents.

57843       Ensure the Domino web agent displays the proper error message
            when TransientIpCheck is enabled and a violation has been
            detected. This applies to the Domino web agent only
57917         Ensure that GUID values are suppressed in agent trace logs.
              This applies to all web agents

Certifications
------------------

57847         Web Agent 6QMR5 CR003 has been certified with ASF Apache
2.2.3
              web-server on x86 based Solaris 10 platform.

54938         Web Agent 6QMR5 CR003 has been certified with IBM HTTP Server
              v5.3 (Domino Go) web-server on the z/OS 1.7 platform. A
document
           named siteminder_zOS_install_enu.pdf containing the
installation
           and configuration instructions has been provided with the
kit.

57566         Web Agent 6QMR5 CR003 has been certified with IBM HTTP Server
              v6.1 on the SuSE Linux 10 platform. There is a known issue
              while installing, configuring and uninstalling this product
on
           SuSE Linux 10. Novell provides a shell script
           (Document 3505148; SLES10-install.sh) to resolve this issue.
           The Script can be downloaded from:
           https://secure-
support.novell.com/KanisaPlatform/Publishing/834/3505148_f.SAL_Public.htm
l

              Follow the steps shown below after obtaining the script in
              order to start the installation of the Web-Agent. For console
              mode installation, modify the last line in the script to
              "sh ./$1 $2 $3"

              (1) Installing the webagent: Execute this shell script along
              with the name of the Web Agent installer using the following
              syntax:

              sh SLES10-install.sh nete-wa-6qmr5-<CR>-<Platform>.bin
              This will rename the existing installer binary to that of a
              backup file (.bak) and create a new install binary with the
              same name. The Web Agent installation process is then
launched.

              (2) Configuring the webagent: For configuration of the Web
Agent
              with the Web Server, execute the file named 'nete-wa-
config.bin'
              located inside the <web_agent_home>/install_config_info
directory
              using the following syntax:

              sh SLES10-install.sh nete-wa-config.bin
             This will rename the existing configuration binary to that of
a
             backup file (.bak) and create a new install binary with same
             name. The Web Agent configuration process is then launched.
             Ensure that you use the file named 'nete-wa-config.bin'
located
             in the correct directory and not the script named
             'nete-wa-config.sh' located in the <web_agent_home>
directory.


             (3) Uninstalling the webagent: For un-installation of the Web
             Agent, execute the file named 'uninstall' located inside the
             <web_agent_home>/install_config_info/nete-wa-uninstall
directory
             using the following syntax:

             sh SLES10-install.sh uninstall

             This will rename the existing un-installation file to that of
a
             backup file (.bak) and create a new install file with same
name.
             The Web Agent un-installation process is then launched.
Ensure
             that you use the file named 'uninstall' located in the
correct
             directory and not the script named 'nete-wa-uninstall.sh'.

             Note: The script only needs to be executed once in order to
             create new binary versions of the files used to perform
             installation, configuration and un-installation of the Web
Agent.
             The fixed binary files can be used without the script for all
             future installation, configuration and un-installation tasks.




01/05/2007   6QMR5 CR002 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

51675        Ensure that build numbers of web agent components in
             webagent\bin directory are consistent. This affects all web
             agents.

54002        For persistent realms where the ValidationPeriod is >0, allow
             the Policy Server to determine session idletimeout rather
than
             using the idle timeout value in an existing session cookie.
            Note: To utilize these changes you must upgrade your Policy
            Server to the 6.0 SP5 CR02 release.

55350       ValidTargetDomain has been extended to FCC redirects similar
to
            CCC redirects. These changes may introduce backwards
            compatibility issues to existing customers that use the
concept
            of validate target domain list for CCC only because the same
            ValidTargeDomain parameter list will now be used for CCC and
FCC
            domain validation.

            So if the customers have different list of valid CCC domains
and
            FCC domains, then they have to add the FCC valid domains to
the
            ValidTargetDomain list to make their FCC redirects work.

55432       IIS5 web agent will now properly honor the MaxURLSize
            ACO parameter. This affects the IIS5 web agent only.

56215       IIS6 web agent now properly displays the contents of the
server
            error file configured in the ServerErrorFile ACO in all
            circumstances if the policy server is not running. This
affects
            the IIS6 web agent only.

56271       Web agent tracing data now contains proper file and line
number
            information. This applies to IIS 6.0, re-architected Apache
2.0,
            and re-architected SunOne agents only

56841       Do not display extraneous characters is the web agent log
when
            SecureUrls = YES. This applies to the IIS5 and Apache 1.3
            agents only.

56901       Cleanup format of and ensure thread safety of IPC layer error
            and informational messages. This applies to IIS 6.0,
            re-architected Apache 2.0, and re-architected SunOne agents
only

56937       If AllowLocalConfig is set to a single parameter name, ensure
            that only that parameter is taken from the local config file.
            This applies to IIS 6.0, re-architected Apache 2.0,
            and re-architected SunOne agents only

57298       Prevent a seg fault when requesting an FCC whose TARGET
parameter
            cannot be resolved such as when the DefaultAgentName ACO has
             not been defined. This applies to IIS 6.0, re-architected
Apache
             2.0, and re-architected SunOne agents only

Certifications
------------------

57179        Web-Agent 6QMR5 CR002 certified with Sun Java System Web-
Server
             6.1 on the x86 based Solaris 10 platform.

57444        Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3 web-
server
             on the SPARC based Solaris 8/9/10 platforms.

57593        Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3 web-
server
             on the RHAS 3.0 platform.

57442             Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3
web-server
             on the RHAS 4.0 platform.

57445        Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3 web-
server
             on the Windows 2000 SP4 platform.

57594        Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3 web-
server
             on the Windows 2003 SP1 and Windows 2003 R2 platforms.

57443        Web-Agent 6QMR5 CR002 certified with ASF Apache 2.2.3 web-
server
             on the AIX 5.2 and AIX 5.3 platforms.




11/29/2006   6QMR5 CR001 contains fixes for the following tracking
numbers:

Tracking # Problem description
---------- -------------------

55898        Ensure that when an individual users cache is flushed that
             the user data is correctly re-read from the user store. This
             affects the Apache 1.3 agent on Unix only. This issue no
longer
             exists in the re-architected SunOne agent.

56186        Ensure the web agent will not hang when accessing fccs where
             smencode() is called with blank argument values. This affects
             all web agents.
56552       Ensure that when using the PostPreservationFile ACO
parameter,
            the web agent will not hang. This affects IIS5, Domino and
Apache
            1.3 agents only. This issue no longer exists in the re-
architected
            SunOne agent.

56633      (56338)Ensure that the web agent does not leak memory when
           redirecting to the cookie provider. This applies to IIS 6.0,
           re-architected Apache 2.0, and re-architected SunOne agents
only.

56698      Properly log date and time in the web agent log. This affects
           all agents running on AIX.

56783      Make the IgnoreExt ACO parameter case insensitive. This
affects
           IIS6, rearchitected SunOne, and rearchitected Apache agents.

56840      Honor TransientIP restriction in Domino web agent. This
affects
           the Domino web agent only.

56910      Change misleading error message "URL Resolution Error - Too
Long"
           to "URL Resolution Error" in Trace Logs in situations where
the
           failure was for other reasons, such as trying to access a non
           existant .nsf file. This applies to the Domino web agent
only.

57314      A new IntroscopePlugin binary has been added to the web agent
kit
           for use with 6QMR5 CR001 and later Apache 2.x, IIS6, and Sun
ONE
           web agents. This plug-in will not work with earlier versions
of
           6.x web agents, nor will it work with 5.x web agents.
           This web agent plug-in, when used in conjunction with the
           "Introscope Manager for SiteMinder", allows SiteMinder
           administrators to better monitor and maintain the performance
and
           stability of their Web Agent protected web servers.

           To configure the IntoscopePlugin for a Windows web agent,
please
           add the following line to the agent's WebAgent.conf file
AFTER
           the entry for the HTTPPlugin.

           LoadPlugin="C:\Program Files\CA\SiteMinder Web Agent\Bin\
           IntroscopePlugin.dll"
             Note that "C:\Program Files\CA\SiteMinder Web Agent\Bin"
             represents the installation path to the web agent binaries
and
           will need to be modified to match the actual agent
installation
           where the 6QMR5 CR001 has been applied.

             For Unix installations please modify the above command to
match
             the appropriate UNIX install path and IntroscopePlugin binary
             name (ie. IntroscopePlugin.so, IntroscopePlugin.sl, etc.).



Certifications
------------------

56891      This CR certifies Web-agent 6QMR5 to work with ASF Apache
2.0.59 web
           server on the Solaris 10 x86 platform. A separate kit is
available in
           the distrubtion for this platform, “nete-wa-6qmr5-cr001-sol-
x86.bin”.



Installation Instructions
-------------------------
All CR's may be installed on top of an existing SiteMinder 6QMRX Web
Agent
installation or the CR installation kit can be used to perform a new
installation. Always install or upgrade the web agent followed by the
option pack (if applicable).

When installing a CR for a given SiteMinder 6QMRx Web Agent and Option
Pack,
it is recommended that both kits be installed at the same CR level
to insure maximum coverage of the available fixes as well as maintain
binary
compatibility.


Windows 2000
---------------
1. Stop the Webserver and follow any other documented shutdown
procedures.

2.    Copy the cumulative release .zip files into the SiteMinder directory
or
    any other directory of your choice. The .zip files are named as
follows:

      smwa-6qmrX-crYYY-win32.zip
     smwa-opack-6qmrX-crYYY-win32.zip

     where X represents the service pack/QMR number and YYY represents the
     cumulative release number.

3.   Using zip archive software such as WinZip, extract the zip archive(s)
     making sure to preserve the archive's directory structure. Extract
     the web agent archive followed by the option pack archive.

4.   Use the unzipped executables to perform a full install or an upgrade
as
     per the installation guide. The executables are named as follows:

     nete-wa-6qmrX-crYYY-win32.exe

     nete-wa-opack-6qmrX-crYYY-win32.exe

5. Restart the webserver and follow any other documented startup
procedures.


Solaris
-------
1. Stop the Webserver and follow any other documented shutdown
procedures.

2.   Copy the cumulative release .zip files into the SiteMinder directory
or
    any other directory of your choice. The .zip files are named as
follows:

     smwa-6qmrX-crYYY-sol.zip

     smwa-opack-6qmrX-crYYY-sol.zip

     where X represents the service pack/QMR number and YYY represents the
     cumulative release number.

3.   Using zip archive software such as WinZip, extract the zip archive(s)
     making sure to preserve the archive's directory structure. Extract
     the web agent archive followed by the option pack archive.

4.   Use the unzipped executables to perform a full install or an upgrade
as
     per the installation guide. The executables are named as follows:

     nete-wa-6qmrX-crYYY-sol.bin

     nete-wa-opack-6qmrX-crYYY-sol.bin

5. Restart the webserver and follow any other documented startup
procedures.
Linux (RedHat Advanced Server 2.1, 3.0 and other supported Linux
platforms)
-------
1. Stop the Webserver and follow any other documented shutdown
procedures.

2.   Copy the cumulative release .zip files into the SiteMinder directory
or
    any other directory of your choice. The .zip files are named as
follows:

     smwa-6qmrX-crYYY-linux.zip

     smwa-opack-6qmrX-crYYY-linux.zip

     where X represents the service pack/QMR number and YYY represents the
     cumulative release number.

3.   Using zip archive software such as WinZip, extract the zip archive(s)
     making sure to preserve the archive's directory structure. Extract
     the web agent archive followed by the option pack archive.

4.   Use the unzipped executables to perform a full install or an upgrade
as
     per the installation guide. The executables are named as follows:

     nete-wa-6qmrX-crYYY-linux.bin

     nete-wa-opack-6qmrX-crYYY-linux.bin

5. Restart the webserver and follow any other documented startup
procedures.


HP
-------
1. Stop the Webserver and follow any other documented shutdown
procedures.

2.   Copy the cumulative release .zip files into the SiteMinder directory
or
    any other directory of your choice. The .zip files are named as
follows:

     smwa-6qmrX-crYYY-hp.zip

     smwa-opack-6qmrX-crYYY-hp.zip

     where X represents the service pack/QMR number and YYY represents the
     cumulative release number.

3.   Using zip archive software such as WinZip, extract the zip archive(s)
     making sure to preserve the archive's directory structure. Extract
     the web agent archive followed by the option pack archive.
4.   Use the unzipped executables to perform a full install or an upgrade
as
     per the installation guide. The executables are named as follows:

     nete-wa-6qmrX-crYYY-hp.bin

     nete-wa-opack-6qmrX-crYYY-hp.bin

5. Restart the webserver and follow any other documented startup
procedures.


AIX
-------
1. Stop the Webserver and follow any other documented shutdown
procedures.

2.   Copy the cumulative release .zip files into the SiteMinder directory
or
    any other directory of your choice. The .zip files are named as
follows:

     smwa-6qmrX-crYYY-aix.zip

     smwa-opack-6qmrX-crYYY-aix.zip

     where X represents the service pack/QMR number and YYY represents the
     cumulative release number.

3.   Using zip archive software such as WinZip, extract the zip archive(s)
     making sure to preserve the archive's directory structure. Extract
     the web agent archive followed by the option pack archive.

4.   Use the unzipped executables to perform a full install or an upgrade
as
     per the installation guide. The executables are named as follows:

     nete-wa-6qmrX-crYYY-aix.bin

     nete-wa-opack-6qmrX-crYYY-aix.bin

5. Restart the webserver and follow any other documented startup
procedures.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:345
posted:12/2/2011
language:English
pages:47