HP Select Audit

for the Windows, HP-UX, Linux and Solaris operating systems

Release Notes

Software version: 1.02 / 31 July 2007

This document provides an overview of the changes made to HP Select Audit (Select Audit) for the 1.02 release. It contains important information not included in the manuals or in online help.

In This Version
Documentation Updates
Installation Notes
Enhancements and Fixes
Known Problems, Limitations, and Workarounds
Documentation Errata
Local Language Support
Integration with Other HP Software Solutions
Support
Legal Notices

In This Version

HP Select Audit 1.02 is part of HP’s Identity Center. It manages the complete audit lifecycle and simplifies the fulfillment of regulatory compliance requirements. It helps organizations meet corporate governance requirements by providing a consolidated and tamper-aware identity audit trail.

This release provides platform parity between Select Audit and other IdM suite products. Select Audit 1.02 provides normalization and reporting for the following HP Select* applications by collecting, signing, normalizing and storing received data:

NOTE: Each Select application has specific configuration requirements in order to log to Select Audit. Unless the application is configured properly, it will not log to Select Audit. Refer to the relevant HP Select documentation for more information about configuring the application to log to Select Audit.

Release Contents

This release contains the following items:

It also contains the following documentation in PDF format:

Documentation Updates

The first page of this release notes document contains the following identifying information:

To check for recent updates or to verify that you are using the most recent edition, go to the following web site:
http://ovweb.external.hp.com/lpe/doc_serv/

NOTE: To view files in PDF format (*.pdf), Adobe Acrobat Reader must be installed on your system. To download Adobe Acrobat Reader, go to the following web site:
http://www.adobe.com/

Installation Notes

Installation requirements, as well as instructions for installing Select Audit, are documented in the HP Select Audit 1.02 Installation Guide provided in Adobe Acrobat (.pdf) format. The document file is included on the product's CD media as:

/docs/installation_guide.pdf

There are three installers included in this software release:

HP recommends that you install the Audit Server first and then install the Audit Connector. This is because when the Audit Connector is installed, you must already know the following server parameters:

Miscellaneous Installation Notes

Installing on a Multiple Server Cluster

When installing Select Audit on a multiple server cluster, the following requirements apply:

Enhancements and Fixes

Select Audit 1.02 includes added support for the following items:

This version also implements co-existence for Select Identity and Select Audit in the same WebLogic domain and in the same WebSphere cluster.

Fixes

The following items are fixed in the current software release. To display details about each software fix, click the title. To hide details, click again.

Audit Server is not fully uninstalled after running the Audit Server uninstaller
PROBLEM: After uninstalling the Audit Server and restarting WebLogic, there are null pointer errors when you start up WebLogic.
CAUSE: The uninstaller does not remove the Audit Path for JAS files in the WebLogic script.
FIX: Fixed.
Audit Server machines, connection pools and database are set to different time zones
PROBLEM: Data verification errors may result when the time zones of machines where the Audit Server is running (standalone or managed servers), the connection pools and the database are not all in the same time zone.
CAUSE: Time zones are out of sync, connection pool session time zones are not set or are set to incorrect time zones.
FIX: Fixed. The Connection Pool session time zones have to be set using the Init SQL field, as described in the "Setting a Default Time Zone for Database Connection Pools" section of the HP Select Audit 1.02 Installation Guide. The time zones of the machines where the Audit Server is running should be set to the same time zone as the database. The database time zone may be determined by running the SQL "SELECT DBTIMEZONE FROM DUAL" in an Oracle SQL client.
Cannot log in if there are spaces in the WebLogic password
PROBLEM: If the WebLogic password has spaces in it (it is a phrase), you cannot log in to the Audit Portal.
CAUSE:
FIX: Fixed. Do not use spaces in the WebLogic password.
Data Verification status indication stays after WebLogic restart
PROBLEM: If WebLogic is restarted in the middle of data verification, the Data Verification screen still reports the status as "Verifying" and continues to refresh the screen with the "Verifying" status. If you click Stop Verification and the verification is restarted, it works correctly.
CAUSE:
FIX: Fixed. Data verification should resume within 20 minutes of the WebLogic restart.
Delegated Administrator logins/failures are not shown properly in reports
PROBLEM: The SOX model Delegated Admin Login report does not show which Delegated Admin has logged in. In the Login Failure report, the user name is shown as "Senior Security Administrator".
CAUSE: Select Audit is not properly capturing which Delegated Admin has logged in.
FIX: Fixed.
Exception occurs when several Attestation workflows are run at the same time
PROBLEM: This issue occurs when the WebLogic instance is re-started and applies to reports scheduled through the Attestation workflow.

If there are workflow reports already scheduled to run on a recurring schedule when the WebLogic instance is brought down, some of these schedules may not be able to successfully run the workflow reports after WebLogic is restarted.

CAUSE:
WORKAROUND: Fixed. Remove all the recurring schedules before shutting down the WebLogic server and redefine them using the Attestation Workflow user interface after the WebLogic instance is restarted.
Out-of-memory error occurs during data verification
PROBLEM: When the log data arrival time order is not approximately the same as client time, data verification can be extremely slow and cause out of memory errors.
CAUSE: Select Audit signs data in order of arrival time but verify it in the order of client time. If a Connector batches up log files for a while before sending them all to the Receiver, the Verifier has to read a lot of data to find all the data from the specified date range. Such a condition may occur if there is a network outage, for example.
FIX: Fixed. You can lower the value of the dataSignatureCacheNodeLifetime parameter in the SACFGATTRIBUTE table to a value as low as 300.

NOTE: This parameter should not be changed from the default value unless data verification results in out of memory errors.
Select Identity integration: Empty reports in the approval page shown in My Pending Approvals screen of Audit Portal
PROBLEM: At this time the Attestation workflow may produce empty reports, when Select Identity integration is enabled. This issue will be corrected in a hotfix.
CAUSE:
FIX: Fixed.
Some warning messages in the log can be ignored
PROBLEM: When Select Audit starts in WebLogic, there are a number of "WARN" and "ERROR" messages that come up in the console window related to Select Audit.
CAUSE:
FIX: Fixed. The following messages can be ignored:

<Oct 25, 2006 3:55:30 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/hoe/build/SelectAudit/auditserver/oct16patchiter4/dist/reporting', Module: 'Report Server']: Deployment descriptor "weblogic.xml" is malformed. Check against the TD: org.xml.sax.SAXParseException: Element type "encoding" must be declared. (lne 8, column 13).>

<Oct 25, 2006 3:55:30 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/hoe/build/SelectAudit/auditserver/oct16patchiter4/dist/reporting', Module: 'Report Server']: Deployment descriptor "weblogic.xml" is malformed. Check against the TD: org.xml.sax.SAXParseException: The content of element type "jsp-descriptor" must match "(jsp-param)*". (line 21, column 22).>

<Oct 25, 2006 3:55:30 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/hoe/build/SelectAudit/auditserver/oct16patchiter4/dist/reporting', Module: 'Report Server']: Deployment descriptor "weblogic.xml" is malformed. Check against the TD: org.xml.sax.SAXParseException: The content of element type "weblogic-web-ap " must match "(description?,weblogic-version?,security-role-assignment*,run-as-ole-assignment*,reference-descriptor?, session-descriptor?,jsp-descriptor?,auth-ilter?,container-descriptor?,charset-params?,virtual-directory-mapping*,url-math-map?, preprocessor*,preprocessor-mapping*,security-permission?,context-root?,w-dispatch-policy?,servlet-descriptor*,init-as*,destroy-as*)". (line 36, column0).>

<Oct 25, 2006 3:55:33 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/home/build/SelectAudit/auditserver/oct16patchiter4/dist/auditserver.ear', Module: ' auditserver']: Deployment descriptor "web.xml" is malformed. Check against the DTD: org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'web-app'. (line 5, column 11).>

<Oct 25, 2006 3:55:33 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/home/build/SelectAudit/auditserver/oct16patchiter4/dist/auditserver.ear', Module: ' auditserverws']: Deployment descriptor "web.xml" is malformed. Check against the DTD: org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'web-app'. (line 5, column 10).>

<Oct 25, 2006 3:55:33 PM EDT> <Warning> <HTTP> <BEA-101248> <[Application: '/home/build/SelectAudit/auditserver/oct16patchiter4/dist/auditserver.ear', Module: ' auditportal']: Deployment descriptor "web.xml" is malformed. Check against the DTD: org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'web-app'. (line 5, column 10).> This message is related to the proxy not being set, so it can't properly verify the DTD.

<Oct 25, 2006 3:55:34 PM EDT> <Warning> <EJB> <BEA-010001> <While deploying EJB 'WorkflowLog', class com.hp.ov.selectaudit.workflow.interfaces.WorkflowLogHome was loaded from the system classpath. As a result, this class cannot be reloaded while the server is running. To prevent this behavior in the future, make sure the class is not located in the server classpath.>

<Oct 25, 2006 3:55:34 PM EDT> <Warning> <EJB> <BEA-010001> <While deploying EJB 'WorkflowLog', class com.hp.ov.selectaudit.workflow.interfaces.WorkflowLog was loaded from the system classpath. As a result, this class cannot be reloaded while the server is running. To prevent this behavior in the future, make sure the class is not located in the server classpath.> This message appears because the Select Audit workflow is put on the WebLogic classpath.

<Oct 25, 2006 3:55:36 PM EDT> <Warning> <EJB> <BEA-012034> <The Remote interface method: 'public abstract java.util.Map com.hp.ovsi.wfengpersist.WfEngineBIRemote.queryDB(java.lang.String,com.trulogica.truaccess.wfengpersist.model.IDBMeta) throws com.trulogica.truaccess.wfengpersist.exceptions.WfEngineSysException,java. rmi.RemoteException' in EJB 'ejb/WfEngine' contains a parameter of type: 'com.trulogica.truaccess.wfengpersist.model.IDBMeta' which is not Serializable. Though the EJB 'ejb/WfEngine' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>

<Oct 25, 2006 3:55:36 PM EDT> <Warning> <EJB> <BEA-012034> <The Remote interface method: 'public abstract void com.hp.ovsi.wfengpersist.WfEngineBIRemote.updateDB(java.lang.String,com.trulogica.truaccess.wfengpersist.model.IDBMeta,java.lang. Object[]) throws com.trulogica.truaccess.wfengpersist.exceptions.WfEngineSysException,java.rmi.RemoteException' in EJB 'ejb/WfEngine' contains a parameter of type: 'com.trulogica.truaccess.wfengpersist.model.IDBMeta' which is not Serializable. Though the EJB 'ejb/WfEngine' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>

<Oct 25, 2006 3:55:36 PM EDT> <Warning> <EJB> <BEA-010212> <The EJB 'ejb/WfRequestExpireQueue(Application: SelectAuditWorkflow, EJBComponent: wfengCoreEjb.jar)' contains at least one method without an explicit transaction attribute setting. The default transaction attribute of NotSupported will be used for the following methods: onMessage(javax.jms.Message)>

<Oct 25, 2006 3:55:36 PM EDT> <Warning> <EJB> <BEA-010212> <The EJB 'ejb/WfMDBQu eue(Application: SelectAuditWorkflow, EJBComponent: wfengCoreEjb.jar)' contains at least one method without an explicit transaction attribute setting. The default transaction attribute of NotSupported will be used for the following methods: onMessage(javax.jms.Message)>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101195> <[ServletContext(id= 68403322,name=auditportal,context-path=/)] Could not resolve TLD from the given location "/WEB-INF/fmt.tld".>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101195> <[ServletContext(id= 68403322,name=auditportal,context-path=/)] Could not resolve TLD from the given location "/WEB-INF/sql.tld".>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101195> <[ServletContext(id= 68403322,name=auditportal,context-path=/)] Could not resolve TLD from the given location "/WEB-INF/x.tld".>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/fn.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 17).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/x.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/c.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/permittedT aglibs.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/sql.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/scriptfree.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:46 PM EDT> <Warning> <HTTP> <BEA-101248> <[ServletContext(id= 68403322,name=auditportal,context-path=/)]: Deployment descriptor "jar:file:/root/bea/user_projects/domains/IntegrationDomain/./myserver/.wlnotdelete/extract/my server_SelectAuditServer_auditportal/jarfiles/WEB-INF/lib/standard.jar!/META-INF/fmt.tld" is malformed. Check against the DTD: cvc-elt.1: Cannot find the declaration of element 'taglib'. (line 6, column 19).>

<Oct 25, 2006 3:55:53 PM EDT> <Warning> <EJB> <BEA-014006> <The message driven bean (MDB) named "ejb/WfRequestExpireQueue" has a dispatch policy "hp.ovsi.EJB" that refers to an unknown execute queue thread pool. The default execute thread pool will be used instead.>

<Oct 25, 2006 3:55:53 PM EDT> <Warning> <EJB> <BEA-014006> <The message driven bean (MDB) named "ejb/WfMDBQueue" has a dispatch policy "hp.ovsi.EJB" that refers to an unknown execute queue thread pool. The default execute thread pool will be used instead.>

Known Problems, Limitations, and Workarounds

Attestation workflow cannot create new folders in the Report Center called "user"
PROBLEM: An error occurs when an approver has the user ID called "user". Attestation workflows that are created for this ID cannot create the associated folder in the Report Center to be able to store the report.
CAUSE: The user name is restricted.
FIX: Do not create user IDs with the user name "user".
Auditors cannot schedule reports under the Select Audit Reports folder
PROBLEM: If you need to schedule a report from the Report Center, you should not store scheduled reports in the "Select Audit Reports" folder and subfolders.
CAUSE: Auditors do not have write permissions to this folder
FIX: You must create your own folder to store scheduled reports by doing the following:

  1. In the Report Center, select the parent folder and click Manage.
  2. Type in the new folder name in the Create Sub Folder field and click OK.
  3. Change the permissions for the new folder to be visible to yourself only by clicking the newly-created folder and then clicking Manage.
  4. Click Edit Permissions and remove the granted permission for '(All Users)'.
  5. Add full permissions for yourself.

All the reports under this folder will be visible to you and administrators only.

NOTE: If you have ever approved a report, you may not need to manually create your own folder. A folder with your name is created under the Select Audit Scheduled folder the first time you approved a report. The permission for this folder are set properly. You can choose this folder when scheduling reports.
Cannot delete Library subfolders with names containing special characters such as apostrophes
PROBLEM: Subfolders in the Report Library with titles containing special characters such as apostrophes, for example, "Admin's folder,", cannot be deleted using the Manage screen. An error message is shown.
CAUSE: Special characters in folder names are not supported in the Library.
FIX: Do not use the following special characters in Report Library folder names:

' / \ : * ? " < > | # & % =

Connector breaks on messages that contain "HP_audit" or "HP_selectaudit"
PROBLEM: The Connector incorrectly splits a message into two if it contains the string "HP_audit" or "HP_selectaudit", causing a parse error on each of the parts.
CAUSE: The API Connector interface uses the string "HP_selectaudit" to signal the end of a message. When the Connector stores batch files on disk, it uses the string "HP_audit" to separate the individual messages in the batch.
FIX: Do not use the strings "HP_audit" or "HP_selectaudit" in messages.

NOTE: These strings should not be used in places where they may appear in audit messages, such as SI Services.
Internal error occurs when trying to access Attestation Approval page for different user IDs at approximately the same time, using the same IP address (WebLogic only)
PROBLEM: When Attestation workflows are run for different approvers using the same client machine, multiple emails are received with approval links. If the user logs into the server as one user ID, he can see the Approval page for the corresponding link. If the user goes back to his Inbox and clicks on another approval link trying to login as a different user, an Error 500 page is shown instead of the Approval page. This defect is encountered on WebLogic only.
CAUSE: The user session has not expired yet and you are trying to log as another user.
FIX: Logout from the Approval page before you access another user's Approval page from an email link.
Issue with log4j rollover feature on Windows when multiple processes are trying to write to the same file
PROBLEM: The log4j rollover feature does not work on Windows when multiple processes are trying to write to the same file.
CAUSE: RollingFileAppender may delete files during rollover: http://www.nabble.com/DO- NOT-REPLY--Bug-41735---New:----RollingFileAppender-may-delete-files-during-rollover-t3321611.html.
FIX: On a Windows machine, modify the log4j.properties setting to MaxBackupIndex=0 and MaxFileSize=10MB or higher depending on the logging level and how much logging output needs to be kept before it is overwritten.
I18N: CSV reports are garbled in the Excel
PROBLEM: Japanese characters are garbled when CSV reports are opened using Excel.
CAUSE: When Select Audit Reports containing Japanese characters are exported to Comma Separated Value (CSV) format, some of the characters are incorrectly displayed when this CSV file is loaded into Microsoft Excel. This is due to the type of character encoding applied to the CSV file when it is saved from Select Audit.
FIX: Open the CSV report using Notepad and saving it with the ANSI format. The Japanese characters will be properly displayed when the report is opened in Excel.
I18N: Date formats are not standard in Printer Friendly View and Schedules
PROBLEM: The date format is incorrect if you open a Select Audit Report and click Printer Friendly View or if you select a Select Audit Report and click Schedule in the Report Library. The format is also incorrect under the Report Generator Monitoring section on the Admin Dashboard.
CAUSE: The date formats in the Printer Friendly View of Select Audit Reports and the Report Center scheduling screens can be inconsistent. This is caused by different parts of these pages and reports sourcing their date and date formatting information from different sources.
FIX:
I18N: Japanese characters do not display properly in PDF reports
PROBLEM: There is a conflict setting fonts which causes Japanese characters to appear garbled in PDF reports. When viewing Select Audit built-in reports in PDF format, the international characters are displayed as "#". This issue doesn't affect reports in HTML format.
CAUSE: The Select Audit built-in reports have been predefined to use the Arial font on every text field in the report. The font family name has to be set to the same font as the font embeded in the PDF report file to display Japanese characters or any other international characters.
FIX: Use the following workaround:
  1. Log in to the Report Center as a Select Audit Administrator.
  2. Select the report to be modified and click Properties.
  3. Click Edit Content in the report es page.
  4. Search for each occurrence of string "font-family:Arial;" in the Report Content page and delete the string.
  5. Click Submit.
  6. Make sure that you have completed the Post-Installation step, "Configuring UTF-8 Fonts in PDF Channel Reports", in the HP Select Audit 1.02 Installation Guide.
Navigation to the Report server becomes very slow when a large number of reports are uploaded in the Report Library
PROBLEM: The Report server may be very slow and unresponsive due to the large number of new reports added to the Report Library when the models run.
CAUSE: The Audit Server runs the Operations and SOX models on a scheduled basis. The Operations model is run four times a day and the SOX analysis model is run once a day, overnight. When a new Operations model is run, several new reports corresponding to each Operations model analysis node are uploaded into the Report Library. With each overnight SOX analysis, approximately 200 new reports are created and uploaded into the Report Library, providing an individual and specific report for each analysis node.

Consequently, each day there will be a significant number of new reports added to the Report Library and the navigation to the Library page can become slow, requiring a few minutes to render the Report Library page when accessed by a user, either directly or through the Select Audit Portal.

FIX: HP recommends that you are diligent about exporting your model reports to PDF or other format for archiving and removing them from the Report Library. It is also possible to reduce the frequency of the model runs, which can reduce the load on the Report Library. Details on how to change this setting can be found in the section "Changing the Model Report Execution Time" in the chapter About the Sarbanes-Oxley Model in the HP Select Audit 1.02 Sarbanes-Oxley Model Guide.
Out-of-memory error occurs when running the Audit Server on a WebLogic cluster
PROBLEM: Out-of-memory errors thrown by the WebLogic application server may be encountered when running the Audit Server on a cluster.
CAUSE:
FIX: These errors are not encountered when the Audit Server is deployed on a cluster using the Jrockit JVM, on non-HPUX machines. On HPUX machines, WebLogic cluster configuration is not supported.
Out-of-memory error occurs when running Select Audit Reports on large data volumes
PROBLEM: An out-of-memory error may occur with the MSSQL database when the Select Audit Reports are run on large data volumes that could trigger a result set containing more than 500,000 records.
CAUSE: The result set returned is too large.
FIX: Minimize the result set by setting up filters before running the report that causes the problem or decrease the time interval for which the report is run.
Potential database deadlocks when using Audit Server with MSSQL on a WebSphere cluster
PROBLEM: When running the Audit Server with a SQL Server 2000 database on a WebSphere cluster, database deadlocks may be encountered when the Normalizer is configured to run two threads on each cluster member.
CAUSE: The Audit Server may not correctly lock resources inside database transactions when a large number of threads are executing normalization at the same time.
FIX: The Audit Server has to be configured to use one Normalizer thread for each cluster member.

  1. Unpack auditserver.ear from the installation directory under the /dist folder.
  2. Unpack auditservercommon.jar from the resulting APP-INF/lib folder.
  3. Edit the NormalizerScheduler.xml file under the com/hp/ov/selectaudit/auditserver/common/normalizer folder.
  4. Make the following changes to the NormalizerScheduler.xml file.

    5. Replace the following section:

    <list>
    <ref bean="NormalizerTask"/>
    <ref bean="NormalizerTask2"/>
    <!--
    <ref bean="NormalizerTask3"/>
    <ref bean="NormalizerTask4"/>
    -->
    </list>

    with this section:

    <list>
    <ref bean="NormalizerTask"/>
    <!--
    <ref bean="NormalizerTask2"/>
    <ref bean="NormalizerTask3"/>
    <ref bean="NormalizerTask4"/>
    -->
    </list>
  5. Repack auditservercommon.jar.
  6. Repack auditserver.ear.
  7. Redeploy auditserver.ear and restart the application server.
Report server running under WebSphere needs to be restarted if the LDAP server is restarted
PROBLEM: When Select Audit is deployed on a WebSphere application server and the LDAP server used for user provisioning is restarted, the users will no longer be able to log into the Report server.
CAUSE: The Report server is not able to re-establish the connection to the LDAP server once it is lost.
FIX: Restart the Report server.
Rollover log files are slow to empty
PROBLEM: Sometimes, the rollover of log files takes longer than the configured rollover time.
CAUSE: When the Audit Connector rolls over the active log file, it is not immediately sent to the Audit Server, but rather queued until the next rollover time period, at which point all rolled over log files are sent to the Audit Server. This is a function of the process hierarchy of the Audit Connector rollover and send mechanisms. There is also a case where there is data in a log file that has been rolled over, but not yet sent to the Audit Server. If no new messages have been logged, the rollover will not occur and the send mechanism will not be initiated.
FIX: To have the Audit Connector send log messages to the Audit Server within a specified time period, set the Audit Connector rollover time to one-half of the time you wish to set for the log message arrival time. Note that, due to polling, this arrival time will not be effective when set to less than 5 minutes.
Select Identity integration: Permissions not returned if Select Identity password expired
PROBLEM: When Select Audit is integrated with Select Identity, there is a problem when the Select Identity user's password is expired. If an Select Identity user logs into the Select Audit Portal, Select Audit contacts Select Identity a web services to get the user's permissions. If the Select Identity user's password is expired in Select Identity, no permissions are returned. This results in the user being unable to access the full complement of reports, tasks and actions that they are normally permitted to access within Select Audit.
CAUSE: The user's password in Select Identity is expired, so the Select Identity permissions for that user are not returned by the web service.
FIX: The user’s password should be reset in Select Identity to allow the correct permissions to be returned and applied to Select Audit.
Select Identity integration: Reports not shown in Attestation Workflow screen of Audit Portal
PROBLEM: When Select Identity integration is enabled using the Audit Portal and you try to set up a schedule on the Attestation Workflow screen, sometimes no reports are visible. This means that you cannot set up a workflow. This issue is experienced sometimes on WebLogic deployments.
CAUSE: The user's password in Select Identity is expired.
FIX: Log out of the Audit Portal and log back in again. The reports are now visible on the Attestation Workflow screen.
Users on WebSphere with multiple UID entries are not authenticated by the Report server
PROBLEM: The Report server does not support multiple UID entries.
CAUSE: Select Audit is not currently able to authenticate users who have multiple UID entries in their LDAP profile.
FIX: At present, Select Audit users may only have one UID attribute in their LDAP profile.
Wrong error message is shown in the WebLogic installer when the WebLogic administrator is invalid
PROBLEM: When an invalid WebLogic administrator is entered on the WebLogic Authentication screen in the installer, the error message shown is 'Unable to locate IPlanetAuthenticator'.
CAUSE: The IPlanetAuthenticator uses a different attribute than the default 'uid' as the user filter attribute.
FIX: Check that your WebLogic Administrator credentials are correct and provide the proper credentials.
You cannot update the Operations model until you induce an error
PROBLEM: Updates to the Operations model do not occur when you update the model using the Model Loader screen in the Audit Portal, using the normal procedure.
CAUSE: There is a bug in the Update function in the Model Loader when updating the Operations model.
FIX: The Operations model can be updated from the Model Loader after explicitly triggering an error message through deliberate misconfiguration. The workaround steps are listed below:
  1. Click Update on the Model Loader screen without specifying the path to the operations_model.zip file. As a result, an error message is shown because the zip file is not specified.
  2. Click Browse and set the path to the zip file.
  3. Click Update. The message "Operations model successfully updated" is shown.
  4. Export the model and examine the saved operations_model.zip file. The changes to complete.xml file are present.

Documentation Errata

The following items are listed incorrectly in the documentation and could not be fixed prior to the software release. To display details about each documentation error, click the error summary. To hide details, click again.

Additional steps missing from Administrator Password Tool instructions in Administrator online help
LOCATION: Administrator online help under To run the Administrator Password Tool
ERROR: Two steps were added.
CORRECTION: After step 4 in To run the Administrator Password Tool, perform the following steps:

5. After using the Administrator Password Tool to change the Administrator password in the Select Audit configuration files, change the Administrator password in the application server's LDAP user store (embedded or external).

6. Restart the all the servers to which Select Audit is deployed.

Caution about Keystore locations missing from Administrator online help
LOCATION: Administrator online help under To configure data integrity for Java and PKCS12 keystores
ERROR: Caution about the Keystore location in clustered environments is missing.
CORRECTION: For a cluster installation, the Keystore location has to be accessible to all nodes in the cluster. It should be located on the shared folder, as specified in Installing in a Clustered Environment on WebLogic in the HP Select Audit 1.02 Installation Guide.

Local Language Support

The current version of Select Audit contains support for international characters and the capability to localize the Audit Portal and the Report framework. The predefined set of reports that are shipped with Select Audit 1.02 are provided in English only. These reports will display international character content, but will not show strings like report names and comments in non-English characters or languages.

Do not use non-English characters as input on the installer screens. This feature it is not supported at this time.

Integration with Other HP Software Solutions

Select Audit collects audit data from the following HP Identity Management applications:

NOTE:

Support

You can visit the HP Software Support web site at:
http://www.hp.com/go/hpsoftwaresupport

This web site provides contact information and details about the products, services, and support that HP offers.

HP Software online software support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valued support customer, you can benefit by being able to do the following:

NOTE: Most of the support areas require that you register as an HP Passport user and sign in. Many also require an active support contract. To find more information about support access levels, go to the following URL:
http://www.hp.com/managementsoftware/access_level

To register for an HP Passport ID, go to the following URL:
http://www.managementsoftware.hp.com/passport-registration.html

Legal Notices

© Copyright 2007 Hewlett-Packard Development Company, L.P.

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

The information contained herein is subject to change without notice.