22.3 enhancements and patches

Review the BMC Helix Single Sign-On 22.3 enhancements and patches for features that will benefit your organization and to understand changes that might impact your users.

Related topic

Release notes and notices

Version	SaaS	On premises	Fixed issues	Updates and enhancements
22.3.01			Known and corrected issues	patch
22.3.00			Known and corrected issues	release

BMC applies upgrades as described in the BMC Helix Upgrade policy Open link . BMC applies upgrades and patches during Maintenance windows .

(On premises only) Downloading and installing the patch

See Deploying BMC Helix common services for BMC Helix IT Service Management Open link and Deploying BMC Helix IT Operations Management .

22.3.01

Select between an Adapt-based and old-style user interface for a login page

By default, the Adapt-based login page is displayed to end users when they log in to the integrated BMC application. In the branding settings, the administrator can select the style of the earlier BMC Helix SSO versions. For more information, see Rebranding the end user login page.

Avoid session and token duplication when a tenant is changed in the realm

When you change the value of the Tenant field in the realm, all sessions and tokens of users who are logged in within this realm are invalidated, which enhances security. This feature is available in the general settings of the realm. For more information, see Configuring general settings for a realm.

22.3

Avoid BMC Helix SSO outage when the old certificate expires

Two signing and two encryption certificates are supported in SAML metadata to prevent BMC Helix SSO outage when old certificates expire. To add the additional certificate to your SAML metadata, enable multiple certificate usage and update the metadata templates. For more information, see Setting up tenants.

Hide copyright message on the login page

As a SaaS administrator, you can configure a tenant to not display copyright information on the BMC Helix SSO login page. For more information, see Login and logout experience for end users.

Extract user information for SAML IdP

Configure the SAML IdP to extract information about an authenticated user. It is available to extract such attributes as String, Number and List (presumably of Strings). Use the extracted information to provide BMC Helix SSO-protected applications with additional context about the authenticated user. For information, see Configuring advanced functions for SAML authentication

What else changed in this release

In this release, note the following significant changes in the product behavior:

Update	Product behavior in versions earlier than 22.3	Product behavior in version 22.3 and later
(Version 22.3.01 and later) Session invalidation after a password change	An end user session persists after a password change. Previous scenario: A user opens a BMC application integrated with BMC Helix SSO in browser A and browser B. The user changes the password in browser A. A session in browser B persists.	An end user session is invalidated after a password change. Updated scenario: A user opens a BMC application integrated with BMC Helix SSO in browser A and browser B. The user changes the password in browser A. A session in browser B is invalidated. For more information about sessions, see Invalidating and configuring end user sessions.
Interactive self-help	Interactive self-help is enabled by default.	Interactive self-help is disabled by default. For information about how to change the default behavior, see Configuring settings for BMC Helix SSO administrators.
(Available for on-premises container deployment only) Enhanced BMC Helix SSO AREA plug-in with an additional validation per tenant	Tenant validation is made according to the configured validation parameters.	To improve the security of a BMC Helix SSO AREA plug-in, you can specify an optional property `APP-TENANT:<tenant's name>` in the rsso.cfg file. Make sure that the provided tenant's name coincides with the tenant's value specified in the Realm.