Releasenote for Buypass Access Manager - LRA v3.4 

 This information is written in English only

New features:

1. Support for registration of Users with and without SSN or temporary SSN (DNR) in AD. This makes it possible to register Users who shall have qualified certificates with SSN and Users who shall have local certificates only without. Check of mapping of SSN in AD as configured in Master file is moved to PreRegistration function only.
   
   
2. Normal search and lookup in AD when Usercard present is now configurable:
1. Map prefix UPN from Subject Alternative Name in certificate to samAccountName field in AD (samAccountName =value). This is current implementation and will be default value
2. Map full UPN from Subject Alternative Name in certificate to UPN field in AD (userPrincipalName =value)
3. Map value from Subject.CN field from certificate to samAccountName field in AD (samAccountName =value) Requires that value in Subject.CN = samAccountName
4. Map value from Subject field from certificate to DistinguishedName field in AD (distinguishedName =value) DistinguishedName from certificate is used as user’s “absolute path” in AD at the time of certificate issuance
5. IF chosen search does not return User LRA will automatically do another search mapping whole certificate itself to userCertificate field in AD (userCertificate=\30\82\...)
   
   
3. Search connected to remote functions when request is put on common file area will not be changes from current implementation. Buypass Access usees UserName stored in the card as part of remote filename and this will be used as search criteria and mapped to AD as samAccountName.
   
   
4. Search connected to reports is changed to use configuration in order to be consistent. Searches in reports can use one of 4 first options (a-d). If option e (whole certificate) is set up in configuration report search will automatically switch to use option a (upn prefix = samAccountName) as in current implementation. CA report entry includes certificate metadata (SubjectName, NotBefore, NotAfter, UPN, DistinguishedName, etc) but not certificate itself. It is possible to get whole certificate in reports, but then the time of searching will significantly increase. LDAP filter for search using list of certificates will be huge and search in AD much slower even for moderate number of CA report entries.
   
   
5. Support of filtering reports using the AD-hierarcy starting from defined SearchBase. For QC get department from user in AD by correspondent IssuerKey .....
   
   
6. Improvements in Configuration Application:
   1. Supports different mapping for search when Usercard present (see 2 a-e)

   2. Reads netBios name from AD instead of XmlConfig when setting up domain

   3. Checks trusted AD single signon accessibility

   4. Configuration structure is updated to support several ADs (just preperation - not fully support yet)
   5. Gets automatically CA-information
   6. Gets certificate templates from CA
   7. Introduced watermark hints - that is suggestion of value in field
   8. Possible to browse for merchant certificate
   9. ......
      
      
7. ....
   
   
8. Bug fixing / improvements
1. Additional checks in Enable Operator and Disable Operator for better support of different scenarios with and without Usercard present
2. Additional checks and messages in issuing scenarios when local or qualified certificates allready on card - existing certificates can have been issued from organization or other Issuer
3. Changes in guidelines to improve communication and make scenarios more clear
4. Changes in Setup program to improve communication and make scenarios more clear
5. Better and more error messages to improve quality
6. .....