Hotfix package name: SSOP480WX86007.zip
For: Single Sign-On Plug-in, Version 4.8
Replaces: All previous versions
Date: April, 2015
Languages supported: English (US), German (DE), Spanish (ES), French (FR), Japanese (JA)
Readme version: 1.00
Readme Revision History
Version | Date | Change Description |
1.00 | April, 2015 | Initial release |
This document describes the issue(s) resolved by this release and includes installation instructions. For additional product information, see Citrix Product Documentation.
This fix addresses an issue in Single Sign-On Version 4.8 that requires user interaction in terminal emulator-based applications when multiple logon forms are specified and that need to be processed before the second logon.
To enable the fix, create the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Extensions\AccessManager
Name: TELoginDelay
Type: DWORD
Value: 0x00000064
[From SSOP480WX86007][#LA2122]
If users enter their credentials for a selected application and then click "Finish," the description might not appear for the application.
[From SSOP480WX86007][#LA3013]
When SendKeys are enabled, if an "OK" string is automatically entered in the user name or ID field, a new logon window appears.
[From SSOP480WX86007][#LA3509]
After installing Hotfix SSOP480WX86006, users might not receive a prompt to enter their credentials when logging on to the terminal emulator-based applications.
[From SSOP480WX86007][#LA3698]
This fix updates an internal component.
[From SSOP480WX86007][#LC2440]
The plug-in appears to shut down unexpectedly after a system restart, a plug-in restart, or a logon.
[From SSOP480WX86001][#230884]
This fix addresses handle leaks during regular synchronization intervals.
[From SSOP480WX86001][#231253]
Upon detection, the plug-in manipulates the layout and positioning of certain Web page frames that contain user credentials text boxes. As a result, parts of those frames can become truncated or invisible to users. This fix introduces a registry key that adds scrollbars to such frames if necessary so that the entire contents of the affected frames become accessible to users. To enable this fix, must set the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Extensions\AccessManager
Name: BHO
Type: REG_DWORD
Data: 0 (off; default); 1 (on)
[From SSOP480WX86001][#231578]
The Enter Credentials dialog box does not have keyboard focus when it appears.
[From SSOP480WX86001][#231580]
This fix addresses memory leaks in SSOSHELL.exe.
[From SSOP480WX86001][#231878]
The plug-in stop synchronizing newly added credentials with the central store as a result of an Active Directory constraint violation.
[From SSOP480WX86001][#231880]
Ssoshell.exe can experience an abnormal program termination.
[From SSOP480WX86001][#232744]
When using a GPO to install the plug-in, the installer user interface appears in German. The issue applies only to the installer interface; once installed, the plug-in matches the language of the target operating system as designed.
[From SSOP480WX86001][#233655]
On occasion, the plug-in fails to submit credentials for Web applications. The issue occurs when launching Web applications via scripts, the timing of which can conflict with application detection. This fix introduces support for the following registry key. When set, the setting ensures that application detection is delayed until Web application page loads complete.
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Extensions\AccessManager
Name: UnstableWinTitleApps
Type: REG_SZ
Data: <application name 1>,<timeout 1, in ms >;<application name 2>,<timeout 2, in ms >
[From SSOP480WX86002][#233645]
This fix removes the dependencies of the console installer on the Microsoft Visual C++ 2005 and the Microsoft Visual C++ 2008 Redistributable Packages. As a result, the Microsoft Visual C++ 2005 and the Microsoft Visual C++ 2008 Redistributable Packages are no longer prerequisites to installing the console.
Note: This fix removes only the VC++ dependency of the console installer, not of the console itself. The console continues to require the presence of both packages on the target device. The packages are available on the XenApp 6 DVD and from the Microsoft Web site at http://www.microsoft.com.
[From SSOP480WX86002][#235325]
This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX123359.
[From SSOP480WX86002][#236530]
This feature enhancement allows you to suppress the message, "Citrix Password Manager is unable to access your user data and will now close" that appears when a user without a Single sign-on configuration logs into a session. To suppress the message and allow the plug-in to exit silently, you must set the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Shell\Popups
Name: SuppressMessages
Type: REG_DWORD
Data: 1 (suppress message), 0 (do not suppress message)
[From SSOP480WX86002][#236857]
If you run a query within SAP and attempt to launch an additional instance of SAP while the query is running, the plug-in fails to submit your credentials until the query is complete.
[From SSOP480WX86002][#237017]
This is an enhancement to the Application Definition and the Password Change wizards. The enhancement introduces support for the following registry key that, if set, allows you to mask user input in the Username/ID, Other 1, and Other 2 text input fields. These fields are located on the New Logon Page (Application Definition wizard) and on the Logon Properties (Password Change wizard) screens. You can mask any one of the fields as well as any combination thereof as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Extensions\AccessManager
Name: CredProtectMask
Type: REG_DWORD
Data:
0x0000 - default/do not mask any additional fields
0x0001 - mask field Username/ID
0x0004 - mask field Other 1
0x0008 - mask field Other 2
[From SSOP480WX86002][#237214]
After applying Hotfix SSOP480WX64001 or SSOP480WX86001, the single sign-on plug-in fails to sync with the central store.
[From SSOP480WX86003][#239458]
With the option "Automatically detect applications and prompt user to store credentials" disabled in the user configuration, clicking Submit credentials from the notification area icon fails to submit the user credentials.
[From SSOP480WX86003][#240912]
With the option "Detect client-side application definitions" disabled in the user configuration, the option to enter a URL when specifying a new Web logon is continues to be present.
[From SSOP480WX86003][#244173]
When using the Account Self-Service feature with the 10:1 concurrent user license model, the 11th and subsequent users receive the following, unnecessary internal license error message even though the software is fully functional:
"Unable to acquire a CPM_ENT_RC license. All the licenses are in use. The Citrix Password Manager Agent is disabled."
This fix introduces support for the following registry key that allows you to mask the error messages:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ MetaFrame Password Manager\Shell\Popups
Name: SuppressMessages
Type: REG_DWORD
Data: 0x00000010 (to mask internal license errors); 0x00000020 (to mask grace period license messages); 0x00000030 (to mask both types of messages)
[From SSOP480WX86003][#255430]
The CPU consumption of the Ssoshell.exe process on the server can spike unexpectedly. The issue occurs when configuration information is refreshed when there are large number of users connected to the server and the plug-in handles a large number of application windows.
To enable this fix, you must set the following registry key so that the configuration information is not refreshed:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Metaframe Password Manager\Shell\AppListReloadDelay
Name: AppListReloadDelay
Type: REG_DWORD
Data: 5 (seconds)
[From SSOP480WX86003][#255809]
Version 4.8 of the Single sign-on plug-in fails to start if the list of revoked users (Question-based authentication > Other Tasks > Revoke Security question registration for a user) exceeds a certain number of characters.
[From SSOP480WX86003][#260567]
Windows Logon (Winlogon.exe) can exit unexpectedly when using a smart card to unlock a workstation with Versions 4.6 and 4.8 of the Single sign-on plug-in.
[From SSOP480WX86003][#LA0016]
A timing issue can cause users to be prompted for their previous password. The problem occurs because the automatic recovery key is not properly stored to the central store in cases where an administrator resets a user's password immediately following that user’s first-time logon.
[From SSOP480WX86004][#LA0280]
This fix addresses an issue in Version 4.8 of Single sign-on that requires user interaction in the case of a terminal emulator-based application for which multiple logon forms are specified and that need to be processed in quick succession.
[From SSOP480WX86004][#LA0723]
When using the domain password sharing group for Version 6 of WebNow, the logon screen prompting users for credentials might fail to populate correctly.
[From SSOP480WX86005][#LA1034]
This fix addresses an issue that requires user interaction in the case of a terminal emulator-based application for which multiple logon forms are specified and that need to be processed in quick succession (within one second), even after applying Fix #LA0723.
[From SSOP480WX86005][#LA1474]
While creating a new logon that has not been saved yet, entering a password and then selecting Reveal Password causes the following error message to appear:
"There was an error acquiring the group password."
[From SSOP480WX86006][#LA2271]
This feature enhancement allows you to suppress the following offline notification message that appears when the user removes a device from the network:
"Citrix Single Sign-On is working offline. Changes to user data will be stored on the server when the connection is reestablished."
To suppress the message, set the following registry key:
This fix suppresses the Offline notification dialog box. However, the same message will be logged in the Agent log.
[From SSOP480WX86006][#LA2512]
When using the domain password sharing group for Version 6 of WebNow, the logon screen prompting users for credentials might fail to populate correctly.
[From SSOP480WX86006][#LA2762]
When using the Account Self-Service feature with the 10:1 concurrent user license model, the 11th and subsequent users receive the following, unnecessary internal license error message even though the software is fully functional:
"Unable to acquire a CPM_ENT_RC license. All the licenses are in use. The Citrix Password Manager Agent is disabled."
This fix introduces support for the following registry key that allows you to mask the error messages:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MetaFrame Password Manager\Shell\Popups
Name: SuppressMessages
Type: REG_DWORD
Data: 0x00000010 (to mask internal license errors); 0x00000020 (to mask grace period license messages); 0x00000030 (to mask both types of messages)
[From SSOP480WX86006][#LA2929]
Notes:
To install this hotfix:
To uninstall this hotfix: