Inventu Viewer+ Software Updates

Your Source For Inventu Viewer+ Installation Downloads, Descriptions, Status, Support and Help.

Inventu Viewer+ Setups 2021H3

by

Improved Quality and Security For Both Users and Administrators

This release is a major quality update to the Inventu Viewer+ Code Base – Many internal upgrades were accomplished and then thoroughly tested across the full FVTerm Terminal Emulation and API functions.

Inventu Viewer+ Base Product and Components

(Version: 6.0.42 August 24, 2021)

FlyServer Emulation Service

  • Added support for Kerberos Single-signon for AS400/IBMi TN5250 Client sessions. When the ViewerLib API function HostConnection. SetSessionKerberosTicket has been called with a Kerberos Ticket, the service will send the ticket using the TN5250 Telnet Enhancements https://tools.ietf.org/html/rfc4777 as a Telnet Environment option IBMTICKET while performing the connection handshake.
  • Added support for TLS 1.3 for Windows Versions that support it for Client connections. This can be specified in the default/[hostname].cfg file, or if no specific protocol is specified and the host requests 1.3 it will be supported.
  • Fixed a bug with TLS handshaking that would prevent a clean connection if the cipher suites initially offered by the host did not match available suites on the Windows machine. An essential handshake action for “keep trying” was not being taken, and this is now implemented.  This should improve reliability and avoid the need to modify the cipher order on the host.
  • Added support for SSH Change Password functionality—if a user’s password has expired, an SSH host will signal to the client that a password change is required. With prior versions of Viewer this would simply display an error to the user and terminate the session.  Password changes would then need to be performed with a desktop emulator or help from an administrator. With this version, any message from the host will be displayed followed by 2 prompts for a new password (the 2 entries are compared and if equal are sent to the host in a ChangePassword call).
  • Default was for any SSH User to set the active user for identification in admin session lists. This interferes with IAM based userid or Windows Security.  A new setting in the SSH configuration file “userSetsOwner” when yes, works as it has been working—change to “no” to preserve the user identity for the session when SSH is active.
  • In ASCII terminal connections with a scrolling area defined, a clear screen and other orders that typically flush the scrolling area were not always effective. As a result, once the screen scrolled, the scrolled area would stay at the top of the terminal area in the web page.
  • In situations where a 3270 terminal characteristics RPQ request/response is rejected by the host (which terminates the session with no diagnostics or other reasons), there is now consistent messaging both in trace files and to FVTerm clients that experience the session being terminated. This should make implementing a new connection easier as the cause of the session ending is now identified—message displayed is “The host made a request for 3270 Terminal Characteristics and rejected the configured Terminal Type.”  Note that this will be translated to the active language when in an FVTerm session.
  • 3270 Device Printing was sometimes producing an extra page at the end of a report.
  • Both 3270 and 5250 Device print files were being left in the print output folder as the cleanup call was only implemented for ASCII terminal types.
  • Further fixes were made to IND$File 3270 file transfers, to avoid occasional odd errors as well as stop a cascading set of message boxes when errors occur.
  • Visual Studio Runtime Library upgraded from 110 to Version 140 (Visual Studio 2015, 2017 and 2019) and 141 Platform Toolset
  • Windows Toolkit upgraded to latest version
  • Replaced all use of the PulseEvent call, which is used to signal listeners (like the FVTerm Web Application) of updates to the host screen buffer. PulseEvent has been identified as a deprecated implementation due to a chance of lost events.
  • VT220 Protocol extended options in the datastream always caused a full screen write instead of a “changes only” update. This was corrected so that only certain settings would cause a full screen write, significantly reducing outbound packet sizes.
  • For new installations, the Admin Console will no longer display a port access error at startup.
  • Device Printing for 5250 and 3270 hosts was improved to support rapid printing of multiple print jobs. Prior to this version, multiple print jobs would sometimes print out of order as well as print more than once.
  • Device Printing in Version 6.0.29 incorrectly switched to stated columns in the report to identify landscape vs portrait orientation. Fixed in this version to use SCS page size definitions.
  • Clustered servers had a vulnerability when one or more servers was offline or on hold and other server(s) provided new session connections that utilized the “free” sessions from a server on hold or offline. When the offline or on hold server was put back into service, if more than one session was stopped within a short interval, a MUTEX semaphore managing the free sessions was over-reserved by the supervisor thread.  This caused delays and potential for exceptions.
  • VT100/VT220 Home key was redefined to match more modern implementations instead of the original VT100 keyboard mapping.
  • Wyse 60 initial connections were receiving erroneous VT220 handshake buffers during initial connection.
  • New option “LockOnTextCursor” now provides superior screen update tracking for VT220 API environments.
  • Wyse 60 Box-Drawing was impacted by implementation of the Korean, Chinese and Japanese translations for 5250 and 3270 protocols. Fixed in this release.
  • ASCII protocols that include box-drawing (VT220+, Wyse and ViewPoint) now track the number of boxes that have been displayed. This makes pop-up detection easier for server-side code involved in supporting a client user interface environment.
  • Improved support for VTLockOnTextCursor to reduce instances of a lock persisting in where the cursor remains hidden by the host.
  • Fixed an issue with SSH connections where the last keystrokes sent on a session were sent as part of an SSH logon handshake the next connection on the session. This was only occurring if the session was terminated prior to the send completing, but would break the logon for the next connection.

FVTerm Web Terminal Emulation

  • Added support for the “Connect with Kerberos SSO” functionality. When a Profile has the Connect with Kerberos SSO option checked and the Web Server Security is set to Windows/Active Directory, a Kerberos Ticket will be obtained for the FVTerm user using the Kerberos Service Principal Name (SPN) value.  If the user has access and the “Kerberos Service Principal Name (SPN)” is correct, a Ticket will be set as the connection is made using HostConnection.SetSessionKerberosTicket.
  • A new option as an alternative to a Load Balancer in a clustered server environment is the FVTerm/Cluster/FVStart.html web page. This can be customized for each installation and can select the server to connect to without the need for a load balancer.  This is particularly useful when multiple servers are geographically separate but overlap in connectivity support.  The FVStart logic can be customized to select the closest server first unless it has no available sessions; something a load balancer configuration cannot provide since all connections must flow through the load balancer.
  • The hotspot javascript file used to manage clickable function key descriptions has been enhanced to include placing a link over any http:// or https:// URL that is displayed on a screen. This is in the file SCHSDefs.js and can provide additional sample code for any customer looking to implement custom hotspots of any kind, such as FedEX or UPS tracking numbers.
  • When user profile settings are stored on the server, the user’s keyboard configuration changes will now be stored on the server also. In addition, keyboard settings are now per-protocol, whereas in prior versions they applied to all protocols the user may connect to.
  • Added a new SSOMsgApi.js which is an evolution from the existing FVTermMsgApi.js which was implemented quickly to address a customer requirement. js provides similar functionality but utilizes Channels instead of the base message events, which provides for multiple iFrames hosting FVTerm sessions as well as a cleaner implementation.
  • User DeviceID settings are now more consistent in the implementation between settings in the Host Definition and the Profile definition.
  • The File Transfer Icon was not being displayed after closing a 3270 session (when IND$File feature is active). The user needed to either start a new browser window or refresh the browser in order for the icon to appear following the next connection.  Fixed in this release.
  • When an ASCII host has scroll lines set, so that the web UI can provide a scroll area, the scroll area would retain a small number of rows even after the screen was cleared. In sync with a service fix, this will no longer occur.
  • Google Signin and Azure Active Directory were both tweaked to function more reliably with the latest cloud updates.
  • The Google Sign-In TLS handshake was causing issues without upgrading the active .NET version in web.config, as Google moved to enforcing TLS 1.2 which was not the default for earlier .NET versions. Google Sign-In now specifies TLS 1.2 as well as additional handshake settings that ensure more reliable integration.
  • Both Google Sign-In and Microsoft Azure Active Directory will be upgraded to new implementations as each have deprecated the current APIs used by Inventu Viewer. Upgrades will occur well before the deadline for the deprecation.
  • Added a new URL for use by the FVStart page, which provides active session availability by server- FVTerm/Cluster/BalanceInfo.aspx
  • Toolbar Icon control was improved so that more icons are inactive when not connected to a session. Many icons also would not stay hidden if hidden using the configurator and this has been fixed so that all icons can be hidden reliably.
  • Added support for Anonymous users in an SAML 2.0 Security environment. This is activated with the new Web Server configuration setting “SAML 2.0 Allow Anonymous Connections”.  When active, a user is only checked when the FVTerm URL includes “saml=required” as a Query string.  Intended for existing environments that are transitioning to a SAML 2.0 Identity framework but need to still support users not on-boarded to the identity provider.  An anonymous user will be identified by IP address in the Administration Console active sessions.
  • Support added for pasting text including tabs such as from an Excel spreadsheet—each tab will clear the current field and advance to the next field on the screen
  • Checkbox added to the Settings form to allow a user to turn the tabs clipboard paste setting off/on.
  • VT Delete key changed to a more compatible sequence
  • Switching between a web page iFrame and FVTerm iFrame was improved so that responsiveness and speed of the switching is consistent when WebSocket connections are active.
  • Added additional support in the connection URL for specifying a Profile instead of a Host definition when loading the FVTerm in a child iFrame of a web application.
  • Added a new Logging Extension static method LogPreEnter – this has the same parameters as LogEnter with the difference being that the call is made before the entries are entered in the screen. This enables the call to inspect each field entry and make any changes.  This was implemented to enable masking of data such as credit card numbers or social security numbers while being able to detect a masked entry and restore the full number.
  • Fixed an issue with user-set DeviceID – if the web.config didn’t have this configured, the Profile configuration was not working correctly.
  • For IND$File transfers, fixed an infrequent bug affecting the transfer when no options are selected for the transfer.
  • For pages hosting an FVTerm iFrame and using the FVTermParent.js API, the message displayed when a connection isn’t completed is now customizable. The default message is “Could not connect to FVTerm!” – this can be changed by passing a property named “noConnectMsg” in the options object for the ConnectFVTerm function.
  • Added new recognition options in web.config for managing alternative recognition from the core Inventu XML definitions. A .NET assembly can be referenced and if a screen is not recognized by the active Application’s definition XML file, the new settings will be used to identify a screen name and whether it should be treated as enhanced or emulator.  The new settings are:
    • RecogExtension: Full path and DLL name of the external assembly
    • RecogFolder: Full path to a folder containing files used by the external recognition in managing rapid identification of the active screen.
    • RecogClass: The Class name in the extension that contains the public static methods LoadServerJson() and ExtGetActiveScreen();

ViewerLib API

  • Visual Studio Runtime Library upgraded from 110 to Version 141 (Visual Studio 2015, 2017 and 2019)
  • Original C++ .NET implementation upgraded to CLI
  • If a DBCS entry field was defined on the screen following a datastream “shortcut” for stopping/starting DBCS data, the entry field was not the correct length. Fixed in this release.
  • Windows Toolkit upgraded to latest version
  • Added new property – VTKeepDeltas to avoid the active delta list from being cleared when a new buffer is received from the host. This can improve the ability to identify deltas in situations where two or more buffers make-up a host response.
  • Added new HostConnection property “ClusterAvailability” which provides an easily parsed text string containing active cluster server names and the number of available sessions on each.
  • Added new HostConnection method SetSessionKerberosTicket which accepts a byte array that must be filled by appropriate SSPI or .NET functions prior to the call. This call sets-up the necessary flags and integration so the Emulation Service will utilize the ticket when connecting the user.The following sample code may be used to obtain a ticket in a .NET application for a user signed-in using Windows Authentication with an Active Directory setup for Kerberos sign-ins: 
          using (var domainContext = new PrincipalContext(ContextType.Domain))
      {
           KerberosSecurityTokenProvider tokenProvider = new KerberosSecurityTokenProvider({kerberosSPN},
           System.Security.Principal.TokenImpersonationLevel.Impersonation,
           CredentialCache.DefaultNetworkCredentials);
           KerberosRequestorSecurityToken securityToken = 
           tokenProvider.GetToken(TimeSpan.FromMinutes(1)) as KerberosRequestorSecurityToken;
           byte[] ticket = securityToken.GetRequest();
      }
  • Added new ScreenDelta and ScreenData classes which are returned as List<ScreenDelta> and List<ScreenData> from the new HostScreen.getData and HostScreen.getScreenDeltas calls. These enable powerful dynamic parsing and rendering of ASCII protocol screens.
  • Added new HostScreen Boolean property VTLockOnTextCursor when set true will use the VT text cursor state to manage when the keyboard is unlocked and methods like putCommand return. This enables far better synchronization and screen recognition when the host uses the TextCursor state to indicate a complete or incomplete update.
  • Added new method getRectangle(row, column, width, height) or HostScreen.getRectangle(offset, width, height) which is like HostScreen.getTextFull but with a height parameter as well as support for “box drawing” character translation. For ASCII protocols with box drawing, typically used for describing the borders of a pop-up, with standard calls the box characters are read as text, like x,l,m and so on.  The HostScreen.getRectangle will return the Unicode values for the correct characters making-up the box.
  • Added new popup box-tracking Boolean read-only property, NewBoxWritten which will be true following a HostScreen.putCommand if the updates to the screen include the upper-left corner of a box.
  • Added new read-only integer property HostScreen.BoxCount which will provide the number of popup boxes currently on the screen. This is updated following each putCommand.
  • Added a new methods getBoxOffset() and HostScreen.getBoxOffset(boxNumber) that returns the offset in the screen of the upper-left corner of a popup box. Generally should only be used for the top-most box, indicated with the HostScreen.BoxCount property.
  • Added the readonly property ScreenFlags which returns an integer with up to 32 bits set indicating the active protocol state. Can be used to read active states such as the VT TextCursor state.

InventuSSO Connection Framework

  • Added support for Splunk event generation, either to a folder on the server or via an HTTP call to a configured Splunk server.
  • The LogEvent Action is now available for Splunk logging
  • The Recog keyword now can set * as the Row for ASCII environments where a specific prompt can appear on any row in the screen.
  • The Enter action now supports an expression, so that variables can be embedded in {{format}} as with other expressions. This was needed for ASCII protocols as these cannot use SetScreen to set screen data with a variable value.
  • Unrelated to Kerberos, some tweaks were made to enable flexibility in excluding certain connections from running in the screen-based InventuSSO framework.
    • The SetState action now can take an expression so that the ? switch expression can be used to apply some simple logic to what the next state should be.
    • The global setting IgnoreAnonymousUsers was added to exclude non-identified users. For example, if a SAML 2.0 security configuration in an implementation phase allows anonymous connections, this setting will exclude those connections from the SSO logic.
    • If the first screen has a WhenState LogonInit section, this can now set the state to Exit using a conditional SetState ? expression. If LogonInit sets the state to exit, no processing will occur for the user.

Profiles Emulation Configurator

  • Added two new options in the Profile for TN5250 Protocol connections- “Connect with Kerberos SSO” and “Kerberos Service Principal Name (SPN)”. These enable connecting to a properly configured AS400/IBMi without the need for the user to enter a userID and password.  If Active Directory is synchronized with your AS400, this is a preferable option to the InventuSSO framework, which is for hosts that are not in the same Active Directory as your FVTerm Server.
  • Added the Web Server Security setting “SAML 2.0 Allow Anonymous Connections” to enable support for anonymous users in a SAML 2.0 environment.
  • New setting in Web Server security for the FVTerm Cookies SameSite setting. As modern browsers are restricting how cookies are stored, the “Lax” default setting for the SameSite cookie property can cause problems with the Session Connection Security Cookie and other FVTerm cookies.  This is if the FVTerm session is inside an iFrame hosted in a page that has no domain relationship with the FVTerm server.  Normally this is OK as the iFrame runs in its own space, but if a cookie’s SameSite property is not set to “None” the session key cookie fails and a session will not properly connect.
  • AzureAD now has a new Web Server setting in the configuration user interface to help identify a user. Prior versions were only identifying a user as the FVTerm application pool.   Connection Identity now offers “Claims Principal” as a new option…when set, the new setting, Claim Identity is visible and defaults to the user’s email address but can also use the user’s Mobile Phone Number or Display Name for identification purposes when viewed in an administrator’s session list.
  • When adding a new Host in the Config/Admin.html page, any blank in the host name will now be replaced with an underscore during the Apply of the change.
  • When adding a new profile, blanks and other special characters will be converted to the underscore character
  • Added new setting in Profile / User Interface: “Use Tabs in Clipboard Paste” – the paste operation will now recognize a tab character in the clipboard when pasting text into simple fields (not fields that are part of a multi-row editor block with lines 50 characters or greater). Each tab will terminate the current field’s entry and clear to the right prior to tabbing to the next field on the screen. For ASCII hosts, the keystrokes sent will include and embedded [tab]. While this setting defaults to checked, by unchecking it you can reset the default for paste operations to work like it did with prior releases. Note that functionality involving note pasting, with word-wrapping as well as column-based pasting is unaffected by this setting and works as it did before (in vertically aligned fields of 50 characters or more).

Installer IVSetup64.exe

  • Security settings were tweaked to avoid a problem with the Admin Console displaying a registry access error at startup. This affected new installations only, not installations of the prior product “Flynet Viewer”.
  • .NET Version required bumped from 4.6.1 to 4.7.2 to enable control of the SameSite Cookie property in FVTerm
  • Added a Message Box if the IISApi executable could not be loaded, which can be caused by the user running the installer from a network drive.
  • The Inventu Viewer Emulation Service and the Controller Service were both still being installed with an “Interactive Process” flag, which caused an event log warning each time they were installed and/or started. This flag has been removed from the installer.
  • WebSockets were not set as default for new setups due to a coding error in the Profiles configuration code (fixed in this release).
  • Updates were creating invalid URL strings when the FVTerm application was set as default for the IIS web server, instead of at the /fvterm/ folder.
  • Google API assemblies and the NewtonSoft JSON assemblies had version issues that have been fixed in this setup.
  • Added updater to web.config to bump the Google API versions used when Google Signin is the active IAM provider.
  • The ViewerLib4.dll version has been updated to 4.1.0.14 from 4.1.0.12 – this can cause some issues with existing code that references ViewerLib4.dll using a specific build number.

Notification Tray Service Control Icons

  • If a second copy of SCControl.exe ran, any interaction would set the “hourglass” and only killing with the Task Manager would fix the issue. When a second copy of SCControl runs, it will now display a message box (“Inventu Viewer Task Service Control Pipe not Available–Check if there is another Task Control Tray Icon active!  This instance of the Task Control Client will now Exit… “) The same message will occur if, for some reason, the Inventu Service Controller service isn’t running.
  • AutoStart was not being set correctly, so in many situations, the service icons would not be auto started and would need to be manually started, even when “Autostart” was checked, following a system restart/reboot/power up.

Viewer Studio

  • When running the new Task Wizard for Web Service during the design phase, if many screens were in the active list, as “Add New Data” types were set, the display of the screen with the fieldmap for filtering would slow to intolerable levels. This made the use of the Task Wizard intolerable for long complex processes.
  • The recording reader was incorrectly setting the codepage of the recording. This would cause recordings from non-English systems to include incorrect characters and sometimes corrupted the layout of a screen.
  • Connection code is now generated to support Profile-based connections so that in a UI environment the emulator iFrame will use a Profiles settings appropriately.

Visual Studio Extension

  • Additional support for startup and Task integration to fix compatibility with newer versions of VS2019

Copyright Inventu Corporation 2003-2024