The following sources provide information about Novell® Access Manager:
Access Manager Support For TIDs and Cool Solution articles, select for the and select in the options.
Your system must be upgraded to 3.1 SP1 before applying this patch release. For installation and version information for 3.1 SP1, see the Access Manager 3.1 Readme.
The patch updates the Identity Server, the Administration Console, and the Linux Access Gateway. The patch contains all the fixes from the 3.1 SP1 IR1 release, so if you are upgrading from 3.1 SP1 rather than 3.1 SP1 IR1, these files also contain updates for the SSL VPN server.
The files for the IR2 release can be downloaded from Novell Downloads Web site. This patch contains the following files:
Table 1 Access Manager 3.1 SP1 IR2 Patch Files
For upgrade instructions, see the following:
After you upgrade to 3.1 SP1 IR2, the version number for the components is 3.1.1.247, except for the SSL VPN server. Its version number is 3.1.1.235.
Fixed a certificate issue that allowed the alias in an imported private keypair from a Java keystore to contain invalid characters. If the alias contains periods, they are now replaced with an underscores.
Fixed an issue that allow session failover to keep expired X.509 sessions active.
Fixed an assertion issue that prevented the Identity Server from sending defined LDAP attributes in the assertion at authentication.
Fixed a federation issue that prevented an Identity Server that was acting as a SAML 2.0 identity provider from prompting the user for authentication credentials. The user had to select the authentication card before being prompted.
Fixed an issue that prevented custom login pages from displaying correctly when the contract contained two methods.
Fixed an issue that caused LDAP sessions to stick with one LDAP server when multiple servers were available.
Fixed an issue that caused upgrades to fail when an engineering build had been installed prior to the official release.
Fixed an issue that caused Identity Servers to randomly lose their connections to other Identity Servers in the cluster.
Fixed an issue that corrupted the session failover table when cluster was under heavy load.
Fixed an issue that prevented the user from being prompted to log in again when the user enter invalid credentials.
Fixed an issue that allowed an expired X.509 session to access resources when the request was sent to the user’s secondary Identity Server rather than the user’s primary Identity Server.
Fixed an issue that was causing Linux Access Gateway to dump core when an idle client connection timed out.
Fixed an issue with logout when the Web server sets cookie named as JSESSIONID.
Fixed performance issues in systems with more than 4GB memory.
Fixed a rewriter issue that resulted in failure to rewrite some login pages on load.
Fixed an issue that cause the Linux Access Gateway to stop responding to clients and the Administration Console.
Fixed a rewriter issue with the character profile.
Fixed an issue that caused the embedded service providers to run out of threads after one Linux Access Gateway Appliance in the cluster crashed.
Fixed an issue that prevented the administrator from modifying the parent proxy service with it had 55 path-based children.
Fixed an issue that allowed an empty attribute value to be written to the configuration datastore.
Fixed an issue that cause the CPU of the Administration Console to reach 100%.
Fixed an issue that prevented users from being redirected to the password expiration service.
Fixed an authentication issue so that the Identity Server forces a reauthentication when the IP address of the client changes.
Fixed an issue with Kerberos* authentication that prevented the Identity Server from prompting for basic authentication when the users failed the Kerberos authentication check.
Linux Access Gateway now supports integration with Novell Teaming 2.0.
Fixed an issue with tunneling that caused the download of files larger than 100 MB to fail.
Fixed an issue with using exclusive locks to handle VCC requests, which caused the Linux Access Gateway to core dump.
Fixed an issue that cause the Identity Server to return an resource error (300101010) when Internet Explorer* is called from a URL stored in a Microsoft* Word document.
Fixed an issue with DNS names that have a two-letter top-level domain, such as www.novell.de.
Fixed a security issue with the Client Integrity Check policies.
You can now import and export the Client Integrity Check policies.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.