22.3 enhancements and patches
Version | SaaS | On premises | Fixed issues | Updates and enhancements |
|---|---|---|---|---|
22.3.01 | ✅️ | ✅️ | ||
22.3.00 | ✅️ |
BMC applies upgrades as described in the BMC Helix Upgrade policy. BMC applies upgrades and patches during Maintenance windows.
(On premises only) Downloading and installing the patch
See Deploying BMC Helix common services for BMC Helix IT Service Management and Deploying BMC Helix IT Operations Management.
22.3.01
Select between an Adapt-based and old-style user interface for a login page
By default, the Adapt-based login page is displayed to end users when they log in to the integrated BMC application. In the branding settings, the administrator can select the style of the earlier BMC Helix SSO versions. For more information, see Rebranding-the-end-user-login-page.
Avoid session and token duplication when a tenant is changed in the realm
When you change the value of the Tenant field in the realm, all sessions and tokens of users who are logged in within this realm are invalidated, which enhances security. This feature is available in the general settings of the realm. For more information, see Configuring-general-settings-for-a-realm.
22.3
Avoid BMC Helix SSO outage when the old certificate expires
Two signing and two encryption certificates are supported in SAML metadata to prevent BMC Helix SSO outage when old certificates expire. To add the additional certificate to your SAML metadata, enable multiple certificate usage and update the metadata templates. For more information, see Setting-up-tenants.
Hide copyright message on the login page
As a SaaS administrator, you can configure a tenant to not display copyright information on the BMC Helix SSO login page. For more information, see Login-and-logout-experience-for-end-users.
Extract user information for SAML IdP
Configure the SAML IdP to extract information about an authenticated user. It is available to extract such attributes as String, Number and List (presumably of Strings). Use the extracted information to provide BMC Helix SSO-protected applications with additional context about the authenticated user. For information, see Configuring-advanced-functions-for-SAML-authentication
What else changed in this release
In this release, note the following significant changes in the product behavior:
Update | Product behavior in versions earlier than 22.3 | Product behavior in version 22.3 and later |
|---|---|---|
(Version 22.3.01 and later) Session invalidation after a password change | An end user session persists after a password change. Previous scenario:
| An end user session is invalidated after a password change. Updated scenario:
For more information about sessions, see Invalidating-and-configuring-end-user-sessions. |
Interactive self-help | Interactive self-help is enabled by default. | Interactive self-help is disabled by default. For information about how to change the default behavior, see Configuring-settings-for-BMC-Helix-SSO-administrators. |
(Available for on-premises container deployment only) Enhanced BMC Helix SSO AREA plug-in with an additional validation per tenant | Tenant validation is made according to the configured validation parameters. | To improve the security of a BMC Helix SSO AREA plug-in, you can specify an optional property APP-TENANT:<tenant's name> in the rsso.cfg file. Make sure that the provided tenant's name coincides with the tenant's value specified in the Realm. |