Release Notes Windows Password Listener

General

This Readme file contains important information about changes and enhancements of the Windows Password Listener for DirX Identity that are not described in the DirX Identity user documentation. Familiarity with the DirX Identity user documentation will make this Readme file easier to understand.

The Windows Password Listener is not a separate product. It belongs to DirX Identity V8.10 (SP2). Windows Password Listener version 8.10 (SP2) can only exchange messages with DirX Identity version 8.10 and 8.9.

Licenses

The End User License Agreement must be accepted to use the DirX Identity software products. Please refer to the file license.txt.

Windows Password Listener Highlights

General Features

The Windows Password Listener (WPL) comprises these features:

  • A DLL is installed on a Windows domain controller that catches all password changes in the Windows domain. It writes the password in encrypted format into the file system.

  • A service component takes the encrypted password information and sends it to the message server DirX Identity is using.

  • If the message server is not available, the service logs the situation in the Windows event log and waits until the message server is available again.

  • The service component retrieves the latest certificate for password encryption from the DirX Identity Java-Server by sending the related request to the message server.

  • The DLL encrypts passwords with a default certificate if the certificate from the message server could not be retrieved.

  • The service component does not send passwords with default encryption. If a certificate could be retrieved from the message server, it decrypts passwords that were encrypted with the default certificate and encrypts it with the correct certificate before sending it.

  • The Windows Password Listener supports client-side SSL connections to the message server.

DirX Identity V8.10 SP2 Windows Password Listener

This section lists changes compared to DirX Identity V8.10 SP1 Windows Password Listener.

New Features

  • None.

Bug Fixes

  • OpenSSL: Update to OpenSSL 3.1.0 due to various OpenSSL vulnerabilities.

Information About Discontinued Features

DirX Identity V8.10 SP2 does no longer support these features:

  • None.

DirX Identity V8.10 SP1 Windows Password Listener

This section lists changes compared to DirX Identity V8.10 Windows Password Listener.

New Features

  • Windows Password Listener now supports Microsoft Windows Server 2022 (Tickets DXI-10289, DXI-10330, DXI-10415).

Bug Fixes

  • The installation of Windows Password Listener has been extended to offer an input field to put in the domain name that has to be used in messaging if the flag “Include domain into topic” is enabled for the Identity domain.
    Note that the domain name must be the technical domain name. See the section "Domain Configuration" in the chapter "Configuring DirX Identity" in the DirX Identity Installation Guide for details on technical domain names (Ticket DXI-10415).

  • An internal certificate used by the Windows Password Listener Plug-in has been updated. This internal certificate is only used if no customer specific one is available on the system where WPL is installed.
    (see Support Note DirX-19).

Information About Discontinued Features

DirX Identity V8.10 SP1 does no longer support these features:

  • None.

DirX Identity V8.10 Windows Password Listener

This section lists changes compared to DirX Identity V8.9 Windows Password Listener.

New Features

  • Installation requires a valid Java environment (Java SE 11) on the system PATH.

Bug Fixes

  • Windows Password Listener (WPL) documentation has been updated regarding the topic that WPL needs an encrypted password in the password.properties file (Ticket DXI-9685).

Information About Discontinued Features

DirX Identity V8.10 does no longer support these features:

  • Platform Microsoft Windows Server 2012 R2 (x86-64 Intel architecture).

  • Installation with Java environment Java JRE 8.

DirX Identity V8.9 Windows Password Listener

This section lists changes compared to DirX Identity V8.7 Windows Password Listener.

New Features

  • Windows Password Listener now supports Microsoft Windows Server 2019.

  • Installation requires a valid Java environment (Java JRE 8, Java SE 11) on the system PATH.

Bug Fixes

  • In DirX Identity: UserPasswordEventManager controller uses a configurable attribute (samAccountNameAttribute) to retrieve the account (default is still "dxrName"). Extension required in XML section of controller:
    <property name="samAccountNameAttribute" value="<your attribute name>"/> (Ticket DXI-8200).

  • OpenSSL: Update to OpenSSL 1.0.2p due to various OpenSSL vulnerabilities.

Information About Discontinued Features

DirX Identity V8.9 does no longer support these features:

  • None.

DirX Identity V8.7 Windows Password Listener

This section lists changes compared to DirX Identity V8.6 Windows Password Listener.

New Features

  • Windows Password Listener now supports Microsoft Windows Server 2016.

Bug Fixes

  • OpenSSL: Update to OpenSSL 1.0.2l due to various OpenSSL vulnerabilities.

Information About Discontinued Features

DirX Identity V8.7 does no longer support these features:

  • None.

Supported Platforms

The Windows Password Listener is available on the following platforms:

  • Microsoft Windows Server 2016 (Long-Term Service Channel - LTSC, x86-64 Intel architecture)

  • Microsoft Windows Server 2019 (x86-64 Intel architecture; with Desktop Experience)

  • Microsoft Windows Server 2022 (x86-64 Intel architecture; with Desktop Experience)

Supported JMS Messaging Servers

DirX Identity supports the following JMS messaging servers:

  • Apache ActiveMQ message broker.

Delivery Packages

This section provides information about delivery packages on the supported platforms.

For Windows platforms a single installation package is provided that allows to selectively install the Windows Password Listener. The installation package is available

  • as part of the actual DirX Identity version on the DVD

  • for updates as separate installation package

For a detailed description of the installation prerequisite and procedure see the relevant installation guide according to the section “User Documentation” in this document.

Restrictions

No IPv6 Address support

There is no IPv6 address support for DirX Identity Windows Password Listener. Instead, DirX Identity Windows Password Listener supports IPv4 only. There are these pre-requisites:

  • Enabled IPV4 stack for each host of an installation of DirX Identity Windows Password Listener.

  • Enabled IPV4 configuration for the JMS Messaging Server used by DirX Identity Windows Password Listener. This includes an enabled IPv4 stack on the related host.

User Documentation

If the Windows Password Listener is separately distributed, a separate installation guide is provided:

identwplinstall.pdf

If the Windows Password listener is distributed as part of a DirX Identity version, the identical information is delivered as chapter in the DirX Identity installation guide.

You need Adobe Acrobat Reader to view PDF files. For a free copy of Adobe Acrobat Reader please refer to

http://www.adobe.com/prodindex/acrobat/readstep.html

or to

http://www.adobe.com

Installation

The installation procedure for the Windows Password Listener is described in the installation guide.

Installation Procedure on Windows Platforms

The base directory for installation is under administrator control on Windows platforms. The administrator can choose a pathname (the Windows system variable ProgramFiles contains the fully qualified name of the directory defined by Windows to store applications).

The default pathname on Windows platforms is:

%ProgramFiles%\DirX\WindowsPasswordListener

Notes:

  • The default pathname has changed starting with 8.10 SP2.

  • With an update or upgrade installation the folder INST_PATH\security will be deleted because the files are of no use anymore.

  • Installation requires a valid Java environment (Java SE 11) on the system PATH.

Initial Installation

Read the installation guide and perform the necessary steps.

Update Installation

You can perform an Update Installation at any time. Create a back-up of the installation folder. Read the installation guide and perform the necessary steps.

Upgrade Installation

Upgrade installations are supported from all Windows Password Listener versions.

Allowed combinations of DirX Identity and Windows Password Listener versions are described in chapter 1 in this document.

Known Problems

None.