Access Manager 4.1 Service Pack 2 (4.1.2) supersedes Access Manager 4.1 Service Pack 1 Hotfix 1 (4.1.1 HF1).



Similar documents
2 Downloading Access Manager 3.1 SP4 IR1

Setup Guide Access Manager 3.2 SP3

Setup Guide Access Manager Appliance 3.2 SP3

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Novell Access Manager

How To Use Netiq Access Manager (Netiq) On A Pc Or Mac Or Macbook Or Macode (For Pc Or Ipad) On Your Computer Or Ipa (For Mac) On An Ip

EMC Documentum Connector for Microsoft SharePoint

Policy Guide Access Manager 3.1 SP5 January 2013

Novell Access Manager

Access Gateway Guide Access Manager 4.0 SP1

CA Nimsoft Service Desk

OIOSAML 2.0 Toolkits Test results May 2009

Jobs Guide Identity Manager February 10, 2012

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Upgrade and Migration Guide

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Upgrading VMware Identity Manager Connector

NetIQ Identity Manager Setup Guide

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

Receiver Updater for Windows 4.0 and 3.x

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

SAM Context-Based Authentication Using Juniper SA Integration Guide

Symantec LiveUpdate Administrator. Getting Started Guide

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

PHP Integration Kit. Version User Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Server based signature service. Overview

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Using SAML for Single Sign-On in the SOA Software Platform

RSA SecurID Software Token 1.0 for Android Administrator s Guide

CA SiteMinder. SAML Affiliate Agent Guide. 6.x QMR 6

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

User Management Tool 1.6

Security Assertion Markup Language (SAML) Site Manager Setup

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Agenda. How to configure

TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS

Identity Server Guide Access Manager 4.0

PingFederate. IWA Integration Kit. User Guide. Version 2.6

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

VMware Identity Manager Integration with Active Directory Federation Services 2.0

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

PingFederate. IWA Integration Kit. User Guide. Version 3.0

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

SOA Software: Troubleshooting Guide for Agents

How to Configure Certificate Based Authentication for WorxMail and XenMobile 10

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

Accops HyWorks v2.5. Quick Start Guide. Last Update: 4/18/2016

HP Software as a Service

NetIQ SecureLogin includes new features, improves usability, and resolves several previous issues.

DameWare Server. Administrator Guide

CA SiteMinder Secure Proxy Server

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Apache Directory Studio. User's Guide

Tableau Server Trusted Authentication

NetIQ Access Manager. Developer Kit 3.2. May 2012

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

OpenLDAP Oracle Enterprise Gateway Integration Guide

Driver for Delimited Text Implementation Guide. Identity Manager 4.0.2

Enabling Single Sign- On for Common Identity using F5

TROUBLESHOOTING GUIDE

Reconfiguring VMware vsphere Update Manager

Internet Information Services Integration Kit. Version 2.4. User Guide

Kofax Export Connector for Microsoft SharePoint

Novell Access Manager

Driver for Sentinel. Implementation Guide. June 2013

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Altiris Monitor Pack for Servers 7.1 SP2 from Symantec Release Notes

PingFederate. OpenID Cloud Identity Connector. User Guide. Version 1.1

Practice Fusion API Client Installation Guide for Windows

Administration Console Guide Access Manager 3.2 SP3

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Driver for Salesforce.com Implementation Guide

Gateway Apps - Security Summary SECURITY SUMMARY

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

vcenter Chargeback User s Guide vcenter Chargeback 1.0 EN

VMware Identity Manager Connector Installation and Configuration

ZENworks 11 Support Pack 4 HTTP Proxy Reference. May 2016

Manage Licenses and Updates

Google Drive. Administrator's Guide

Administration Quick Start

IUCLID 5 Guidance and Support

Snare System Version Release Notes

Setting Up Resources in VMware Identity Manager

Login with Amazon. Getting Started Guide for Websites. Version 1.0

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

CORISECIO. Quick Installation Guide Open XML Gateway

CA SOA Security Manager

Salesforce Files Connect Implementation Guide


Novell Distributed File Services Administration Guide

Transcription:

Access Manager 4.1 Service Pack 2 Release Notes February 2016 Access Manager 4.1 Service Pack 2 (4.1.2) supersedes Access Manager 4.1 Service Pack 1 Hotfix 1 (4.1.1 HF1). For the list of software fixes and enhancements in the previous release, see Access Manager 4.1 SP1 HF1 Release Notes. Section 1, What s New?, on page 1 Section 2, Supported Upgrade Paths, on page 4 Section 3, Installing or Upgrading Access Manager, on page 4 Section 4, Verifying Version Numbers After Upgrading to 4.1.2, on page 5 Section 5, Known Issues, on page 5 Section 6, Contact Information, on page 6 Section 7, Legal Notice, on page 6 1 What s New? This release includes the following platform updates and fixed issues: Section 1.1, Operating System Upgrade, on page 1 Section 1.2, Updates for Dependent Components, on page 1 Section 1.3, Fixed Issues, on page 2 1.1 Operating System Upgrade In this release, the embedded SLES 11 SP3 is upgraded to SLES 11 SP4 for the Access Gateway Appliance. 1.2 Updates for Dependent Components This release adds support for the following dependent components: edirectory 8.8.8.6 Java 1.8.0_66 Apache 2.2.27 (This release includes fixes for CVE-2014-0231, CVE-2014-0226, CVE-2013-5704,and CVE-2015-3183) OpenSSL 1.0.1p Tomcat 8.0.24 imanager 2.7.7.5 Access Manager 4.1 Service Pack 2 Release Notes 1

NOTE: On Windows, Administration Console and Identity Server use Tomcat version 7.0.56. The Tomcat version is not upgraded to version 8.0.24 due to dependency on imanager. Access Manager 4.1.2 by default supports Tomcat 8.0.24 and OpenSSL 1.0.1p, but the Administration Console uses Tomcat version 7.0.56 due to dependency on imanager. 1.3 Fixed Issues This release includes software fixes for the following components: Section 1.3.1, Identity Server, on page 2 Section 1.3.2, Access Gateway, on page 3 1.3.1 Identity Server The following issues are fixed in the Identity Server: Section 1.3.1.1, Authorization Policy Fails after Upgrading from 4.0.1 to 4.1.x, on page 2 Section 1.3.1.2, SAML Tokens Are Line Wrapped, on page 2 Section 1.3.1.3, The Post Authentication Method Configured for a SAML Identity Provider Does Not Work, on page 2 Section 1.3.1.4, Re-authentication Is Required During a spsend Request When a Contract Contains the Equal or higher level Flag, on page 3 Section 1.3.1.5, Issue in Message Digest Generation of Metadata, on page 3 Section 1.3.1.6, The External Attribute Policy Does Not Return Multi-Valued Responses, on page 3 Section 1.3.1.7, Authentication Fails When Multiple Methods Defined in a Contract and x509 Is First Contract, on page 3 1.3.1.1 Authorization Policy Fails after Upgrading from 4.0.1 to 4.1.x Issue: When acting as a service provider, Access Manager does not pass the role information received in the assertion from the external identity provider to the policy. The configured authorization policy searches for a specific attribute or value pair. If the value is unavailable, the policy fails. [Bug 952298] 1.3.1.2 SAML Tokens Are Line Wrapped Issue: The SAML tokens that contain a signature and certificates are line wrapped. This issue happens due to old XML signature library.[bug 918552] Fix: The XML signature library has been upgraded. But, by default the SAML tokens are line wrapped. To disable line wrapping, set the following option in the /opt/novell/nam/idp/conf/ tomcat7.conf file: JAVA_OPTS="${JAVA_OPTS} -Dorg.apache.xml.security.ignoreLineBreaks= true 1.3.1.3 The Post Authentication Method Configured for a SAML Identity Provider Does Not Work Issue: If a user is not federated and logs first time in to an external identity provider, the post authentication method is not executed. However, on subsequent attempts, the post authentication executes successfully. [Bug 938287] 2 Access Manager 4.1 Service Pack 2 Release Notes

1.3.1.4 Re-authentication Is Required During a spsend Request When a Contract Contains the Equal or higher level Flag Issue: When a user is authenticated with same level contract and the Equal or higher level option is enabled in the spsend step up contract, the Identity Server prompts for re-authentication. [Bug 937642] 1.3.1.5 Issue in Message Digest Generation of Metadata Issue: The message digest generation of metadata fails when AuthnRequestsSigned is set to true. This causes a signature validation failure and hence fails to import the provider. [Bug 922019] 1.3.1.6 The External Attribute Policy Does Not Return Multi-Valued Responses Issue: The external attribute policy does not return multi-valued responses. [Bug 924013] 1.3.1.7 Authentication Fails When Multiple Methods Defined in a Contract and x509 Is First Contract Issue: Authentication fails when multiple methods are defined in a contract with x509 being the first method. [Bug 908949] 1.3.2 Access Gateway The following issues are fixed in the Access Gateway: Section 1.3.2.1, Rewriter Automatically Rewrites the URL in the Location Header for the Query, on page 3 Section 1.3.2.2, CORS Enabled Web Servers Wrongly Recognizes the Request, on page 3 Section 1.3.2.3, Access Gateway Sets Wrong Values for the X-Forwarded-Host Header, on page 3 Section 1.3.2.4, Host HTTP Header Attack, on page 4 Section 1.3.2.5, No Option to Disable the X-Forwarded-Host Header, on page 4 Section 1.3.2.6, Issue in Rewriting Location Header, on page 4 Section 1.3.2.7, The Access Gateway Runs Out of Memory When the Extended Logging Is Enabled, on page 4 1.3.2.1 Rewriter Automatically Rewrites the URL in the Location Header for the Query Issue: The Rewriter rewrites the location header with the URL in the query string automatically. There is no option to enable or disable rewriting the location header. [Bug 945684] Fix: This issue is now resolved and the Rewriter rewrites the location header with the URL in the query string only when you enable the RWOutboundHeaderQueryString advance option. For more information about this option, see Advanced Access Gateway Options in the NetIQ Access Manager 4.1 Administration Guide. 1.3.2.2 CORS Enabled Web Servers Wrongly Recognizes the Request Issue: The CORS enabled web servers wrongly recognizes the request as cross-origin request. This is due to the Access Gateway failing to rewrite the origin header. [Bug 941674] 1.3.2.3 Access Gateway Sets Wrong Values for the X-Forwarded-Host Header Issue: The Access Gateway sets wrong values for the X-Forwarded-Host header when sending the request to a web server. [Bug 945683] Access Manager 4.1 Service Pack 2 Release Notes 3

1.3.2.4 Host HTTP Header Attack Issue: A Host HTTP Header attack exists in the Access Gateway. An additional HTTP header is added with the original header. This header redirects you to a malicious URL. [Bug 926063] 1.3.2.5 No Option to Disable the X-Forwarded-Host Header Issue: The Access Gateway does not support disabling the X-Forwarded-Host header. [Bug 949368] Fix: This issue is fixed now. An advanced option NAGAddProxyHeader is introduced to disable the X- Forwarded-Host header. For more information about this option, see Advanced Access Gateway Options in the NetIQ Access Manager 4.1 Administration Guide. 1.3.2.6 Issue in Rewriting Location Header Issue: When multiple path-based proxy services are configured and the Remove Path on Fill option is enabled, the Rewriter either does not rewrite or rewrites to a wrong path-based proxy service when setting 302 Location Header for a path-based proxy service. [Bug 931748] 1.3.2.7 The Access Gateway Runs Out of Memory When the Extended Logging Is Enabled Issue: This happens because of a memory leak in the /opt/novell/apache2/sbin/rotatelogs process. [Bug 941796] 2 Supported Upgrade Paths To upgrade to Access Manager 4.1.2, you must be on any one of the following Access Manager versions: 4.0 Service Pack 2 4.0 Service Pack 2 HF1 4.1 4.1 Service Pack 1 4.1 Service Pack 1 HF1 3 Installing or Upgrading Access Manager After purchasing Access Manager 4.1.2, log in to the NetIQ Downloads page and follow the link that allows you to download the software. The following files are available: Table 1 Files Available for Access Manager 4.1.2 Filename AM_41_SP2_AccessManagerService_Linux64.tar.gz AM_41_SP2_AccessManagerService_Win64.exe AM_41_SP2_AccessGatewayAppliance.iso AM_41_SP2_AccessGatewayAppliance.tar.gz Description Contains Identity Server and Administration Console for Linux. Contains Identity Server and Administration Console for Windows Server. Contains the Access Gateway Appliance iso. Contains the Access Gateway Appliance tar file. 4 Access Manager 4.1 Service Pack 2 Release Notes

Filename AM_41_SP2_AccessGatewayService_Win64.exe AM_41_SP2_AccessGatewayService_Linux64.tar.gz Description Contains Access Gateway Service for Windows Server. Contains the Access Gateway Service tar file. For information about supported upgrade paths, see Section 2, Supported Upgrade Paths, on page 4. For more information about installing and upgrading, see the NetIQ Access Manager 4.1 Installation and Upgrade Guide. 4 Verifying Version Numbers After Upgrading to 4.1.2 After upgrading to Access Manager 4.1.2, verify that the version number of the component is indicated as 4.1.2.0-23. To verify the version number, perform the following steps: 1 In the Administration Console, click Troubleshooting > Version. 2 Verify that the Version field lists 4.1.2.0-23. 5 Known Issues NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support. Section 5.1, The Rewriter Does Not Exclude DNS Names Specified in the Exclude DNS Name List, on page 5 Section 5.2, Upgrading Access Manager from 4.1.2 to 4.2 Terminates Abruptly, on page 5 Section 5.3, The Facebook Social Auth Class Displays an Error, on page 6 5.1 The Rewriter Does Not Exclude DNS Names Specified in the Exclude DNS Name List Issue: The URL references containing excluded DNS names are rewritten even when the DNS names are specified in the Exclude DNS Name List option. [Bug 927855] Workaround: Not available. 5.2 Upgrading Access Manager from 4.1.2 to 4.2 Terminates Abruptly Issue: If you attempt to upgrade from 4.1.2 to 4.2, the upgrade process terminates abruptly. [Bug 967757] Workaround: If you are planning an upgrade from 4.1.2 to 4.2, perform the following steps: 1 Extract the 4.1 installer files and locate upgrade_utility_functions.sh file. 2 Locate the section that includes the following line: supportedversions=" 3.2.3\ 4.0.0\ 4.0.2\ 4.1.0.0\ 4.1.1.0\ 4.1.1.1\ 4.2.0.0" Access Manager 4.1 Service Pack 2 Release Notes 5

3 Modify the supportedversion section by adding 4.1.2 as the supported upgrade platform in the following manner: supportedversions=" 3.2.3\ 4.0.0\ 4.0.2\ 4.1.0.0\ 4.1.1.0\ 4.1.1.1\ 4.2.0.0\ 4.1.2.0" 4 Upgrade the components using the information in Upgrading Access Manager. 5.3 The Facebook Social Auth Class Displays an Error Issue: When you setup a new app in Facebook on 2.5 API and configure the social auth class, the following error message is displayed: Invalid Scopes: read_stream. Workaround: To workaround this issue, upgrade the social auth library to the latest version (4.10). For more information, see TID. 6 Contact Information Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com (mailto:documentation- Feedback@netiq.com). We value your input and look forward to hearing from you. For detailed contact information, see the Support Contact Information website. For general corporate and product information, see the NetIQ Corporate website. For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels. 7 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/ company/legal/. Copyright 2016 NetIQ Corporation, a Micro Focus company. All Rights Reserved. 6 Access Manager 4.1 Service Pack 2 Release Notes

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information