NetIQ Access Manager 3.2 Service Pack 2 IR3 resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Access Manager forum on Qmunity, our online community that also includes product information, blogs, and links to helpful resources.
For the list of software fixes and enhancements in the previous release, see Access Manager 3.2 Service Pack 2 Readme, Access Manager 3.2 Service Pack 2 IR1 Readme, and Access Manager 3.2 Service Pack 2 IR2 Readme.
The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Access Manager NetIQ Documentation page. To download this product, see the NetIQ Access Manager Products Web site.
The following sections outline the issues resolved in this release:
The following are the fixes introduced in this release for the Identity Server:
Issue: When an Active Directory user with an expired password logs in to an authentication contract with a Password Expiration servlet configured, the user is redirected to the password management URI. If the Password Management portal is protected by Access Manager, the user is prompted again for authentication and is not permitted to login as the user password has already expired. (Bug 847898)
Fix: It is now possible for an user with an expired password to access the protected Password Management Portal.Execute the following steps:
Add the following property for the method used by contract with Password Expiration servlet:
ExpiredCheck=true
Add the following property for the method used by contract that protects the Password Management portal:
ExpiredCheck=true ExpireCheck=true
On the Identity Server, locate the /opt/novell/nam/idp/webapps/nidp/WEB-INF/classes/nidpconfig.properties file.
Add AUTHENTICATE_WITH_EXPIRED_PASSWORD property to the file.
For example:
AUTHENTICATE_WITH_EXPIRED_PASSWORD=ad/name/password/uri
Repeat Step 3 for all the Identity Server cluster members.
Restart the Identity Server for the changes to take effect.
Issue: On the Identity Server, after authenticating with the contract specified in the Intersite URL, the user is not redirected to the idpsend TARGET. (Bug 863343)
Fix: The user is now redirected to the idpsend TARGET after authentication.
Issue: If you have configured two SAML 2.0 service providers with the same Access Manager host, validation check fails for the Audience Restriction condition. (Bug 864219)
Fix: Under SAML 2.0 Service Provider properties, a new property is added to exclude audience information from an SAML 2.0 assertion.
Property Name: SAML2_AVOID_AUDIENCE_RESTRICTION
Value: True / False
If this property value is set to True, the audience information is excluded from the SAML 2.0 assertion.
Issue: If the SAML 2 assertion includes LDAP attributes with binary syntax (stream) in eDirectory, single sign-on to SAM 2 service provider fails. (Bug 864219)
Fix: With this fix, binary values /XML incompatible values can be sent with an SAML2 assertion with datatype as xs:base64Binary.
The following are the fixes introduced in this release for the Access Gateway Service and Access Gateway Appliance:
Issue: If the Identity Injection policy contains attributes that includes special characters, logging to an application fails. (Bug 865649)
Fix: Logging is successful even if the Identity Injection policy has attributes with special characters.
Issue: When the InPlaceSilentPolicyDoesSubmit global option is enabled on the Access Gateway, an extra string is added and this leads to credential check failure and an unending loop. (Bug 861631)
Fix: Fixed the issue where an extra string is added when the InPlaceSilentPolicyDoesSubmit advanced option is enabled.
Issue: The Access Gateway appends Web Server requests with an extra backslash (/) character when the requests have query strings. (Bug 860236)
Fix: Fixed the issue where the Access Gateway adds an extra backslash (/) character when the requests have query strings.
Issue: If you attempt to add more than a hundred IP addresses to the Adapter List in network settings and then restart Apache after updating Access Gateway Service, it fails with an error. (Bug 860233)
Fix: There is no limitation on the number of IP addresses that can be added to the Reverse Proxy list.
Issue: On an SSL-enabled resource, the Access Gateway Service evaluates authorization policy before redirecting to HTTPS. (Bug 843622)
Fix: The Access Gateway now redirects the URL from HTTP to HTTPS before evaluating any policies.
The following are the fixes introduced in this release for the Administration Console:
Issue: When audit configuration is changed through Administration Console, the updates remain in pending state. (Bug 863762)
Fix: The configuration changes are saved without any errors.
Issue: A random, connecting to the datastore message error is displayed while accessing the Access Gateway or the Policy tab. (Bug 855844)
Fix: No errors are displayed while accessing the Access Gateway or the Policy tab.
Issue: The CPU utilization graph in the Administration Console shows a zero value for multi-core CPU Access Gateway devices. (Bug 862772)
Fix: The CPU utilization graph displays correct CPU utilization statistics
NOTE:Ensure that you are currently on one of these following version before upgrading to Access Manager 3.2 Service Pack 2 IR3:
Access Manager 3.2 Service Pack 2
Access Manager 3.2 Service Pack 2 Hotfix 1
Access Manager 3.2 Service Pack 2 Hotfix 2
For installation details, see the NetIQ Access Manager 3.2 SP2 Installation Guide.
To upgrade Access Manager 3.2 Service Pack 2 IR2, download the AM_32_SP2_IR3.zip, that contains the Access Manager Patch Tool and the patch file using the following steps:
Go to NetIQ Downloads page.
Under Patches, click Search Patches.
Specify AM_32_SP2_IR3.zip in the search box and download the Hotfix file.
Upgrade using the procedure described in Upgrading Access Manager Using the Patch Process for Linux and Upgrading Access Manager 3.2 SP2 Using the Patch Process for Windows.
It is important to verify the version number of existing Access Manager components before you upgrade to 3.2 Service Pack 2 IR3. This ensures that you have the correct version of files on your system.
Refer the following table to determine if you have the correct version installed:
Access Manager Version |
Value in the Version field(Access Manager > Auditing > Troubleshooting> Version) |
---|---|
Access Manager 3.2 Service Pack 2 |
3.2.2-77 |
Access Manager 3.2 Service Pack 2 IR1 |
3.2.2-77 + IR1-107 |
Access Manager 3.2 Service Pack 2 IR2 |
3.2.2-77 + IR2-117 |
It is important to verify the version number of existing Access Manager components after upgrading to 3.2 Service Pack 2 IR3. This ensures that you have the correct version of files on your system.
Refer the following table to determine if you have the correct version installed:
Access Manager Version |
Value in the Version field(Access Manager > Auditing > Troubleshooting> Version) |
---|---|
Access Manager 3.2 Service Pack 2 and then upgrade to IR3 |
3.2.2-77 + IR3+122 |
Access Manager 3.2 Service Pack 2 IR1and then upgrade to IR3 |
3.2.2-77 + IR1-107, IR3-122 |
Access Manager 3.2 Service Pack 2 IR2 and then upgrade to IR3 |
3.2.2-77 + IR1-107, IR2-117, IR3-122 |
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support
Issue: Logging into Access Manager using Kerberos authentication with a username that has extended characters, (For example: Irish Fada or Umlauts) throws an error. (Bug 859487)
Issue: Adding a host name to the Access Gateway Rewriter Profile leads to an IP Address or DNS is invalid error. (Bug 868388)
Issue: The Access Gateway statistics page indicate a large count for the Current connections are to origin server field during high load.(Bug 873699)
Issue: If you have configured a form fill policy to autosubmit a form that was developed using Dojo code, autosubmit does not work.(Bug 874965)
Issue: If the Access Manager Identity Server proxies the SAML2 AuthnRequest to a remote SAML2 Identity Server, authentication fails. (Bug 869990)
Issue: When Access Gateway protects a SAP application server, and a POST request is issued it corrupts the application cookie resulting in a HTTP 500 error.(Bug 872117)
Issue: If the user has logged into an Active Directory domain and is attempting to access an application using Internet Explorer 10, there are rapid redirections between the ESP and the application. (Bug 874568)
Workaround: To workaround this issue, you an either add the domain to Internet Explorer Trusted Site list Or, use a Mozilla Firefox or Chrome browser to access the application.
Issue: When Access Gateway is configured with the Behind Third-Party SSL Terminator option enabled, users are not authenticated due to configuration errors in NAGCookieBroker. (Bug 857620)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.