Releasenote for Buypass Access Manager - LRA v3.4 

 This information is written in English only

New features 

1. Search and lookup in AD when Usercard present is now configurable:
1. Map prefix UPN from Subject Alternative Name in certificate to samAccountName field in AD (samAccountName =value). This is current implementation and will be default value
2. Map full UPN from Subject Alternative Name in certificate to UPN field in AD (userPrincipalName =value)
3. Map value from Subject.CN field from certificate to samAccountName field in AD (samAccountName =value) Requires that value in Subject.CN = samAccountName
4. Map value from Subject field from certificate to DistinguishedName field in AD (distinguishedName =value) DistinguishedName from certificate is used as user’s “absolute path” in AD at the time of certificate issuance
5. IF chosen search (one of the above) does not return User the LRA will automatically do another search mapping whole certificate itself to userCertificate field in AD (userCertificate=\30\82\...)
   
   Search connected to remote functions will not be changes from current implementation. Buypass Access uses UserName stored in the card as part of remote filename and this will be used as search criteria and mapped to AD as samAccountName.
   
   Search connected to reports is changed. It is now using the configuration in order to be consistent. Searches in reports can use one of the four first options (a-d). If option e) whole certificate, is set up in configuration the search will automatically switch to use option a) upn prefix = samAccountName, as in current implementation. CA report entry includes certificate metadata (SubjectName, NotBefore, NotAfter, UPN, DistinguishedName, etc.), but not certificate itself. It is possible to search with certificate in reports as well, but then the time of searching will significantly increase. LDAP filter for search using list of certificates will be huge and search in AD much slower even for moderate number of CA report entries.
   
   
2. Support of filtering in reports using the AD-hierarchy starting from defined Search Base. Running reports which includes certificates belonging to Users located on different sub levels in AD gives the possibility to filter out and get search results for all, one or more sub levels depending on your chose of filter. This first introduction of filters gives a result of chosen level with all connected sublevels – not possible to get one level only. Exporting report to Excel gives possibility to show wanted level only.
   
   For Users who have moved from one department to another in the organization, where he/she is moved in AD to corresponding level in AD-hierarchy, will have certificate presentation in the reports for the different departments/sublevels of AD. Reports will show certificates connected to the sublevel location in which the User where located on issuance. Active/valid certificates will be shown issued from the present sub level location.
   
   For the same Users also having qualified certificates (QC) the same change of department is not shown. There is no link between local AD and Buypass other than FNR/DNR and IssuersKey identifying the User. Because of this all QC for this User will be shown/presented in the reports as “issued” from the present sub level location.
   
   
3. Support for registration of Users with and without SSN or temporary SSN (DNR) in AD. This makes it possible to register Users who shall have qualified certificates with SSN and Users who shall have local certificates only without. Check of mapping of SSN in AD as configured in Master configuration file is moved to Preregistration function only.
   
   
4. Improvements in Configuration Application:
1. Supports different mapping for search when Usercard present (see 1 a-e)
2. Reads netBios name from AD instead of XmlConfig when setting up domain
3. Checks trusted AD single sign on accessibility
4. Configuration structure is updated automatically to support several ADs (just preparation - not fully support yet)
5. Gets automatically CA-information
6. Gets certificate templates from CA
7. Introduced watermark hints - that is suggestion of value in field
8. Possible to browse for merchant certificate
   
   
5. Bug fixing / improvements
1. Additional checks in Enable Operator and Disable Operator for better support of different scenarios with and without Usercard present
2. Additional checks and messages in issuing scenarios when local or qualified certificates already on card - existing certificates can have been issued from organization or other Issuer
3. Changes in guidelines to improve communication and make scenarios more clear
4. Changes in Setup program to improve communication and make scenarios more clear
5. Better and more error messages to improve quality
   
   
6. Name of client has changed from LRA to Buypass Access Manager, so the file catalogue has also change name. From version 3.4 it will change from:

Windows x32 – Program Files\Buypass\Lra Client

Windows x64 – Program Files (x86)\Buypass\Lra Client

To:

Windows x32 – Program Files\Buypass\Buypass Access Manager

Windows x64 – Program Files (x86)\Buypass\Buypass Access Manager

Known Issues

We have seen that some of the Temporary cards for use in remote location have missed the mark telling Buypass Access that this is a Temporary card and shows the challenge code on logon so the User will be able to get a temporary certificate on card in communication with LRA Operator. This mark is set when preparing Temporary card for use at remote location (Remote functions/ Preproduce a Temporary card).

When preparing Temporary cards for remote location these cards should be checked using a computer not logged on. If challenge code is coming up the card is ok. If the ordinary logon GUI is coming up the marks is not set, and you should run the function preproduce temporary card one more time.