NetIQ Self Service Password Reset (SSPR) is a Web-based password management solution. It eliminates the users’ dependency on administrators to change their passwords. It reduces the workload of the helpdesk and in turn reduces the cost incurred by the company. Users can change their password and reset forgotten password based on the configured challenge-responses or the one time passwords. SSPR also allows administrators to ensure that all passwords in the organization comply with the established policies. For detailed information about NetIQ Self Service Password Reset, visit the NetIQ Self Service Password Reset Documentation Web site.
This hotfix resolves specific previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs.
This document outlines why you should install this hotfix. For the list of new features, enhancements, and software fixes in the previous release, see NetIQ Self Service Password Reset 3.3 Release Notes.
The following outlines the issues resolved in this release:
Section 1.1, The Reference Document Displays the Details Partially
Section 1.2, SSPR Uses Proxy User Permissions Instead of LDAP User Permission
Section 1.5, The LDAP User Photo Does Not Align Properly in the Organization Chart
Section 1.7, Event is Not Generated When User Sets Up One-Time Password
Section 1.8, SSPR Does Not Properly Encode the Subject of SMTP E-Mail
Issue: The reference document at /sspr/public/reference/referencedoc.jsp displays the details partially. (Bug 943080)
Fix: With this hotfix the reference document displays all the details.
Issue: When using SSPR with eDirectory, SSPR uses the proxy user permission instead of using the permission of the authenticated LDAP user. (Bug 943181)
Fix: With this hotfix, SSPR will use the authenticated LDAP user permission instead of proxy user permission.
Issue: In the configuration guide, the administrators can import the certificate only after specifying the LDAP proxy user. (Bug 941649)
Fix: With this hotfix, the configuration guide includes a new page and the administrators can import the certificate first and then specify the LDAP proxy user details.
Issue: In the change password page, SSPR does not display the password rules that you have specified in the Password Rule Text setting. This happens when you have selected merge as the password policy source at Password Settings > Password Policy Source > merge. (Bug 937298)
Fix: With this hotfix, even if you select password policy source as merge, the password rule text gets displayed on the change password page.
Issue: The LDAP user photos are not aligned properly in the organization chart because of difference in the dimensions of the photo. (Bug 942045)
Fix: With this hotfix, even when the photos are in variable dimension, the photos are displayed appropriately.
Issue: When a helpdesk user resets the LDAP user password, the password is not sent through SMS. This happens even when the setting, Forgotten Password > profile name > New Password Send Method is set to use SMS. Where, profile name is the name of the required profile. (Bug 942138)
Fix: With this hotfix, the password that a helpdesk user resets, is sent to the user through SMS.
Issue: SSPR does not create an event when a user authenticates the mobile number by setting a one-time password. (Bug 939329)
Fix: With this hotfix, the SET_OTP_SECRET event is generated when the user sets up the one-time password.
Issue: SSPR does not encode the subject of an SMTP e-mail in a correct format because the default encoder used in SSPR does not match with the e-mail client encoder. (Bug 936999)
Fix: With this hotfix, SSPR uses the UTF-8 encoding by default and it matches with the e-mail client encoder.
Issue: When a helpdesk operator changes a user’s password, the EventLog_helpdeskSetPassword event is generated and it gets added to the pwmEventlog attribute of the helpdesk operator instead of the pwmEventlog attribute of the user. (Bug 942653)
Fix: With this hotfix, the EventLog_helpdeskSetPassword event is added to the pwmEventlog attribute of the user.
Issue: For any new user registration process, the user has to select a new user registration profile from the list of available profiles from /sspr/public/NewUser. There is no separate URL for each profile. (Bug 942275)
Fix: With this hotfix, users can access a direct URL for the required profile. Now users can start the new user registration from the URL, /sspr/public/NewUser/profile/<profile name>. Where, the profile name should be the name of the profile that was used during the profile creation. You should not specify the display name of the profile that is set in the LDAP Profile Display Name setting.
For detailed information about hardware and software requirements, see Installation Requirements
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
SSPR hotfix can be installed either as an update or as a fresh install. The install files are available for download in the following two formats:
sspr_3.3.0.1.msi: An executable file that contains SSPR Web archive and tools.
sspr_3.3.0.1.zip: A compressed zip file that contains SSPR Web archive and tools.
For more information about how to install SSPR, see Installing SSPR
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
For information about how to upgrade SSPR, see Upgrading SSPR
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: When you select User cannot change password in the Active Directory settings page, a user is restricted to change password. But when the user attempts to change the password by using the Forgotten password link, SSPR allows the user to change the password instead of restricting the user.
Workaround: When you restrict a user from changing the password, you must ensure that you disable the Use Proxy When Password Forgotten setting from the Active Directory template by using configuration editor.
Issue: When using secured (https) connection to launch the SSPR web console, Internet Explorer 11 does not display the SSPR page.
Workaround: To workaround this issue, install kb3042058 from https://support.microsoft.com/en-us/kb/3042058.
NOTE:For Windows 2008 R2 server, first upgrade it to SP1, then apply kb3042058.
Issue: When a user starts the password change process by clicking Forgotten password, a random password is generated and if the user cancels the process without completing it then, user cannot use the old password. This happens because SSPR recognizes the random password is generated when the user clicks on Forgotten password.
Workaround: Perform the following for different directories:
For Active Directory, you can enable the Use Proxy When Password Forgotten setting from the Configuration Editor.
For eDirectory, you can enable the Allow admin to retrieve passwords option from the eDirectory settings page.
For Oracle Directory Server, the user needs to complete the forgotten password process and then use the new password to login.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2015 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.