Avec un peu de retard, ce hotfix est disponible pour Microsoft Identity Manager 2016 SP1.
Build : 4.4.1749.0
Téléchargement : https://support.microsoft.com/en-us/help/4050936/hotfix-rollup-package-build-4-4-1749-0-for-microsoft-identity-manager
Le correctif
Issues that are fixed or improvements that are added in this update
This update makes the following fixes and improvements that were not previously documented in the Microsoft Knowledge Base.
Service and Portal
This update fixes a security vulnerability in Microsoft Identity Manager 2016 SP1 Service and Portal. Before this update, the vulnerability could be exploited when a user visits a specially crafted object in the MIM Service through the MIM Portal by using a web browser. This situation would be relevant in environments where an attacker could cause the creation of objects in MIM or a connected directory that is synchronized to MIM. Depending on the browser settings, the vulnerability could allow for Cross-Site Scripting or Dynamic Execution of JavaScript in the user’s web browser. After installation of this update, viewing the object does not affect the web browser execution.
MIM Service
Issue 1
When you update to build 4.4.1459.0, you may experience a database upgrade failure. A foreign key constraint violation exception is recorded in the database upgrade log. This might occur if the MIM SP1 language pack has been installed.
This update adds a new logic so that you won't experience the same problem.
Issue 2
When you execute self-service password reset requests, the MIM Service randomly stops.
After you install this update, this issue no longer happens.
Issue 3
The New-PAMDomainConfiguration PowerShell cmdlet sets an incorrect value for domain trust configuration.
After you install this update, the quarantine value reflects the value from the domain trust.
For example:
Before you install this update, the New-PAMDomainConfiguration cmdlet sets quarantine=yes on the domain configuration object in the FIMService database even if the definition is defined as follows:
Netdom trust corp_domain /Quarantine:no domain priv_domain
After you install this update, the quarantine value will be set to no as expected.
Issue 4
Email notification request fails and returns a PostProcessingError status.
Example error message:
System.InvalidOperationException: This unknown request parameter cannot be processed.
at Microsoft.ResourceManagement.Utilities.ExceptionManager.ThrowException(Exception exception)
at Microsoft.ResourceManagement.WFActivities.Resolver.ConstructAllChangesActionTable(String parameters)
at Microsoft.ResourceManagement.WFActivities.Resolver.ResolveAttribute(String match, Boolean isFunctoidArg, ResolverOptions resolveOptions, String& attributeName)
at Microsoft.ResourceManagement.WFActivities.Resolver.ResolveEvaluatorWithoutAntiXSS(String match, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.WFActivities.Resolver.ResolveEvaluatorForWithAntiXSS(String match, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.WFActivities.Resolver.ReplaceMatches(String input, Boolean useAntiXssEncoding, ResolverOptions resolveOptions)
at Microsoft.ResourceManagement.Workflow.Hosting.EmailNotificationServiceImpl.ResolveMailMessage(Guid requestId, Guid targetId, Guid actorId, Dictionary`2 workflowDictionary, String toLine, String ccLine, String bccLine, Guid emailTemplateIdentifier, EmailResolutionOptions options, String& failedToResolvePrincipals)
at Microsoft.ResourceManagement.Workflow.Activities.EmailNotificationActivity.ResolveMail(Object sender, EventArgs e)
at System.Workflow.ComponentModel.Activity.RaiseEvent(DependencyProperty dependencyEvent, Object sender, EventArgs e)
at System.Workflow.Activities.CodeActivity.Execute(ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
at System.Workflow.Runtime.Scheduler.Run()
After you install this update, this problem no longer occurs.
Issue 5
Under certain circumstances, set calculations do not reflect the correct membership. This problem may occur if an attribute is used in a dynamic set or group filter, and then the binding for that attribute is deleted.
After you install this update, you can no longer delete a binding for an attribute if that is referenced in a dynamic set or group filter.
Issue 6
The MIM Service does not work for the Request Approval scenario for Exchange Online to which users can respond through the MIM Add-in for Outlook.
This update adds support for the MIM Service account to log on to Exchange Web Services for Exchange Online.
Issue 7
The msidmPhoneGatePhoneNumber attribute without a country code does not use the DefaultCountryCode value in MFASettings.xml if the first digits in the phone number match a country code.
In this update, the application is optionally forced to apply a default country code.
The DefaultCountryCode value in the MFASettings.xml file now has an option to use regex to force application of the default country code.
For example:
<DefaultCountryCode forceApplyToNumberRegex="^380[0-9]{9}">380</DefaultCountryCode>
380 - countrycode
{9} - phonenumber without countrycode length
Issue 8
Some dynamic set definitions can't be evaluated by the FIMService for set membership transition until the "FIM_TemporalEventsJob" SQL Server Agent job is run.
After you install this update, these set memberships can be updated dynamically without having to rely on "FIM_TemporalEventsJob" to process them.
Issue 9
Synchronization rules don't let you create attribute flow rules for attributes whose names include the hash mark or pound sign (#).
After you install this update, the attributes whose names include the pound sign can be successfully used in attribute flow rules.
MIM Identity Management Portal
Issue 1
An exception is displayed in the main screen of the Identity Management Portal, and a Close button also appears. However, the button has no functionality.
After you install this update, the Close button is no longer displayed.
Issue 2
Buttons are displayed incorrectly in the Delete Item window. This issue occurs in Internet Explorer, Firefox, and Chrome.
After you install this update, the buttons are displayed correctly.
Issue 3
The Lookup button overlaps the Resource Picker button on an Approval activity window in the Authorization workflow. This issue occurs in Internet Explorer, Firefox, and Chrome.
After you install this update, this problem no longer occurs.
Issue 4
In the Group properties popup window, the button area overlaps the listview navigation controls on the Delete Members control. This issue occurs in Internet Explorer, Firefox, and Chrome.
After you install this update, this problem no longer occurs.
Issue 5
Multiple display problems occur, including the following:
- Up and down arrows are displayed incorrectly in some property sheets.
- An empty area is created at the bottom of some pages and dialog boxes.
- Popup overlays are missing.
After you install this update, this problem no longer occurs.
Issue 6
When you use the filter builder (such as Advanced Search) in various areas of the product, the filter builder stops responding if the OK button on a select value dialog box is clicked without an object first being selected in the add statement area.
A new logic is added to the Portal in this update to prevent you from clicking the OK button if no object is selected.
Issue 7
The New Attribute flow window in a synchronization rule edit dialog box does not work as expected in Google Chrome.
After you install this update, the New Attribute flow window is rendered as expected in Chrome.
Issue 8
In an object management screen (such as Distribution Groups), if multiple objects are selected by using the check box, and the objects have very long display names, the Selected Items dialog box at the bottom of the screen resizes by width and not height. This causes the control to be extended past the right edge of the screen. This issue occurs in Chrome.
After you install this update, the Selected Items dialog box resizes vertically so that the control does not extend past the end of the browser screen.
Issue 9
In an object management or list screen (such as Distribution Groups), the Selected Items control may move up the screen to be directly under the last object that's listed in the table list. This issue occurs in Internet Explorer after you create several new objects of that object type, and then refresh the page.
After you install this update, the Selected Items control stays at the bottom of the window as expected.
Issue 10
The filter builder (such as advanced search) in the Safari browser is nonfunctional.
After you install this update, the filter builder works in the Safari browser.
Issue 11
When there are multiple words (including at least one that’s very long) in portal dialog boxes that display attribute values, the shorter words are distributed throughout the cell with lots of white space in between instead of being left-aligned.
After you install this update, the information in the attribute display cell is left-aligned.
Issue 12
In some browser versions, the Selected Items item isn't updated when the item selection is changed.
After you install this update, the Selected Items item is updated as expected.
Issue 13
Dialog tabs and the Copy to Clipboard button on a popup window are not highlighted when you browse to them by using the Tab key.
After you install this update, the dialog tabs and Copy to Clipboard button are highlighted when you browse to them by using the Tab key.
Issue 14
In Internet Explorer 10, when you view an object grid display (such as Distribution Groups), the "Find the distribution groups you want using the search above" banner overlays part of the button ribbon instead of being displayed in the middle of the dialog box.
After you install this update, this banner is displayed in the middle of the screen as expected.
Issue 15
After you install an update to the MIM Portal, the display of the Portal in Internet Explorer fails. To resolve this issue, delete the Internet Explorer cache through the Internet Options control panel.
After you install this update, the Internet Explorer display works as expected. The correct .css files are loaded for the current Portal assembly version, and the .css files replace those in the Internet Explorer cache.
Issue 16
When you use the Advanced Search in the Firefox browser, pressing the Enter key on an attribute value field returns an error.
After you install this update, pressing the Enter key in an attribute value field does not return an error in the Firefox browser.
Certificate Management
Issue 1
A request originator (certificate manager) can't abandon a request that's duplicated somehow or just forgotten by a user who has Execution permissions.
This update introduces check boxes in all profile template policies. This enables request originators (certificate managers) to abandon requests if the policy type has no Execution permission.
Issue 2
When you try to renew the TPM Virtual Smart Card certificate from the Modern App, a forbidden exception is returned.
After you install this update, the Virtual Smart Card renewal succeeds without the forbidden exception.
Issue 3
In some smart card related activities, existing connections to the CertificateManagement database are left open unexpectedly.
After you install this update, these connections are closed.
Issue 4
When you try to install an update to MIM Certificate Management (CM) before the MIM CM Configuration Wizard is run, the update fails and generates an exception that seems to be unrelated to the problem.
Starting in this update, the Certificate Manager update installer checks against the system to verify that the Configuration Wizard has been run. If the wizard did not run, an error message is returned that states that the Configuration Wizard must be run before you install the update, and the installation is canceled.
Issue 5
The MIM CM Configuration Wizard displays incorrect product version information, and the logo isn't displayed correctly.
After you install this update, the Configuration Wizard displays the correct information.
Issue 6
The exported data for an MIM Certificate Management report differs from the report data. The column data does not always match the column headings.
After you install this update, the exported report data is correct.
Joris