Management and Security Server (MSS) version 12.7 released December 2020.
Management and Security Server 12.7 released with Host Access for the Cloud version 2.6.
All MSS releases are cumulative, and contain the features introduced in earlier releases. See what’s new since 12.6 SP1. For previous versions, see MSS Documentation.
Assigned Sessions list. Users of Host Access for the Cloud, Reflection Desktop, InfoConnect Desktop, and Reflection for the Web can launch their sessions from an HTML-based portal (no Java required). (Introduced in 12.6.11; improved in 12.7)
The Assigned Sessions portal replaces the Java-based links list. For more information, including the product version requirements, see Providing Access to Sessions in the MSS Administrative Console help.
Added ability to adjust SAML Service Provider settings: session timeout and assertion signing. (12.7)
Added support for accessing the MSS Administrative Console usingauthentication. (12.6.12)
Applied multiple bug fixes and security updates.
SAML. Beginning in MSS 12.6 SP1 Update 2 (12.6.12), the SAML callback address URL has been simplified to use only path parameters rather than query string parameters. This change provides greater compatibility with SAML providers going forward.
When upgrading to MSS 12.6.12 or higher:
Existing deployments using SAML must re-import the service provider metadata file to update the callback address; otherwise SAML authentication will stop working.
Alternatively, the following property can be set in the MSS saml.path.parameter.callback.url.enabled=falsefile to maintain the current URL syntax:
Be sure to restart the server.
Java-based Links List. (12.6.12)
The Java-based links list applet is disabled and has been replaced by the Assigned Sessions list.
Direct session links copied from the Java applet links list or Administrative Console from previous versions of MSS are re-directed to the new Assigned Sessions list.
Settings in the Administrative Console that uniquely pertained to the Java applet links list and Reflection for the Web have been removed.
Legacy emulators. (12.6.12) Support for managing Extra!, InfoConnect, Reflection 14, and Verastream sessions has been removed. If you need assistance, please contact Customer Support.
NTLM. Customers using Single Sign-on through Windows Authentication (NTLMv2) as their authentication method are subject to the “Netlogon Elevation of Privilege Vulnerability” (CVE 2020-1472).
To mitigate this vulnerability use a different authentication method, such as LDAP, SAML, Single Sign-on through IIS, X.509, or SiteMinder. For more information see Knowledge Base Article 7024851.
If you encounter issues with Management and Security Server 12.7, contact Micro Focus Support.
Check these online resources.
For specific product issues, contact Micro Focus Support.
© Copyright 2020 Micro Focus or one of its affiliates
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.