Novell Access Manager 3.1 SP2 IR1
Readme
July 15, 2010
This Readme describes the Novell Access Manager 3.1 SP2 IR1 release.
Section 1, “Documentation,” on page 1
Section 2, “Installing the Access Manager 3.1 SP2 IR1 Patch,” on page 1
Section 3, “Verifying Version Numbers,” on page 3
Section 4, “Known Issues in SP2 IR1,” on page 3
Section 5, “Bugs Fixed in 3.1 SP2 IR1,” on page 4
Section 6, “Legal Notices,” on page 5
novdocx (en) 16 April 2010
Novell®
1 Documentation
The following sources provide information about Novell Access Manager:
Documentation Web Site (http://www.novell.com/documentation/novellaccessmanager31/
index.html)
Access Manager Support (http://www.novell.com/support/microsites/microsite.do). For TIDs
and Cool Solutions articles, select Access Manager for the Product and select Articles / Tips in
the Advanced Search options.
2 Installing the Access Manager 3.1 SP2 IR1
Patch
Your system must be upgraded to 3.1 SP2 or 3.1 SP1 IR3a before applying this patch release. For
installation and version information, see the Access Manager 3.2 Readme (http://www.novell.com/
documentation/novellaccessmanager31/readme/accessmanager_readme.html).
The patch updates all Access Manager components. The files for the IR1 release can be downloaded
from the Novell Downloads Web site (http://download.novell.com/index.jsp). This patch contains
the following files:
Filename Description
AM_31_SP2_IR1_IdentityServer_Linux32.tar.gz
AM_31_SP2_IR1_IdentityServer_Linux32.iso
Contains the Linux Identity Server, the Linux Administration Console, the SSL VPN Server
that is installed with an Embedded Service Provider, and the SSL VPN Server that must be
protected by an Access Gateway.
AM_31_SP2_IR1_IdentityServer_Win32.exe
Novell Access Manager 3.1 SP2 IR1 Readme 1
Filename Description
Contains the Windows Identity Server and Windows Administration Console for Windows
Server 2003.
AM_31_SP2_IR1_IdentityServer_Win64.exe
Contains the Windows Identity Server and Windows Administration Console for Windows
Server 2008.
AM_31_SP2_IR1_AccessGatewayAppliance_Linux_SLES11.iso
Contains the CD image for the SUSE Linux Enterprise Server (SLES) 11 version of the
Access Gateway Appliance and the SSL VPN Server that must be configured as a protected
resource of the Access Gateway.
Can only be used for installation.
AM_31_SP2_IR1_AccessGatewayAppliance_Linux_SLES11.tar.gz
Contains the upgrade RPMs for upgrading the SLES 11 version of the Access Gateway
Appliance to the product version.
novdocx (en) 16 April 2010
AM_31_SP2_IR1_AccessGatewayAppliance_Linux_SLES9.tar.gz
Contains the upgrade RPMs for the SLES 9 version of the Access Gateway Appliance and
the SSL VPN Server that must be configured as a protected resource of the Access
Gateway.
AM_31_SP2_ IR1_AccessGatewayService_Win64.exe
Contains the Access Gateway Service for Windows Server 2008 with a 64-bit operating
system.
AM_31_SP2_IR1_AccessGatewayService_Linux64.bin
Contains the Access Gateway Service for SLES 11 with a 64-bit operating system.
AM_31_SP2_IR1_ApplicationServerAgents_Windows.exe
Contains the J2EE Agents for Windows (JBoss, WebSphere, and WebLogic) and can only
be used for installation.
AM_31_SP2_IR1_ApplicationServerAgents_AIX.bin
Contains the J2EE Agents for AIX (WebSphere) and can only be used for installation.
AM_31_SP2_IR1_ApplicationServerAgents_Linux.bin
Contains the J2EE Agents for Linux (JBoss, WebSphere, and WebLogic) and can only be
used for installation.
AM_31_SP2_IR1_ApplicationServerAgents_Solaris.bin
Contains the J2EE Agents for Solaris (WebLogic) and can only be used for installation.
For instructions on upgrading from 3.1 SP2 to 3.1 SP2 IR1, see the following sections in the
Installation Guide (http://www.novell.com/documentation/novellaccessmanager31/installation/data/
bookinfo.html):
“Upgrading the Administration Console” (http://www.novell.com/documentation/
novellaccessmanager31/installation/data/bh7s2b8.html)
2 Novell Access Manager 3.1 SP2 IR1 Readme
“Upgrading the Identity Server (http://www.novell.com/documentation/
novellaccessmanager31/installation/data/bh7s9jb.html)
“Upgrading the Linux Access Gateway Appliance” (http://www.novell.com/documentation/
novellaccessmanager31/installation/data/bbycmhz.html)
“Upgrading the Access Gateway Service” (http://www.novell.com/documentation/
novellaccessmanager31/installation/data/bl13nj2.html)
“Upgrading SSL VPN Servers” (http://www.novell.com/documentation/
novellaccessmanager31/sslvpn_serverguide/data/bhxr4ea.html)
“Installing the J2EE Agents” (http://www.novell.com/documentation/novellaccessmanager31/
j2eeagents/data/b6vazq1.html)
For instructions on upgrading from 3.1 SP1 IR3a, see “Upgrading from Access Manager 3.1 SP1 to
3.1 SP2 (http://www.novell.com/documentation/novellaccessmanager31/installation/data/
bn6ajpt.html) in the Installation Guide (http://www.novell.com/documentation/
novellaccessmanager31/installation/data/bookinfo.html).
3 Verifying Version Numbers
novdocx (en) 16 April 2010
The components of Access Manager 3.1 SP2 and its interim releases have the following version
numbers:
Component 3.1 SP2 3.1 SP2 IR1
Administration Console 3.1.2.281 3.1.2.310
Identity Server 3.1.2.281 3.1.2.310
Linux Access Gateway 3.1.2.281 3.1.2.310
Access Gateway Services 3.1.2.281 3.1.2.310
J2EE Agents (all versions, all platforms) 3.1.2.281 3.1.2.310
SSL VPN 3.1.2.281 3.1.2.310
4 Known Issues in SP2 IR1
For a list of issues that exist in both SP2 and SP2 IR1, see the “Access Manager 3.1 SP2 Readme”
(http://www.novell.com/documentation/novellaccessmanager31/readme/
accessmanager_readme.html). For the SP2 issues that were fixed in IR1, see Section 5, “Bugs Fixed
in 3.1 SP2 IR1,” on page 4.
The following issue was introduced in SP2 IR1:
On Windows Server 2008, You Cannot Uninstall the Administration Console
When you install the Administration Console and the Identity Server on a Windows Server 2008
machine, you cannot cleanly uninstall the components with the uninstall program. The uninstall
program hangs before it cleans up all the files and the registry entries.
To uninstall all Access Manager files and registry entries:
1 Run the uninstall program.
Novell Access Manager 3.1 SP2 IR1 Readme 3
The program removes most of the files.
2 When the program hangs, exit the program.
3 Delete the following directories:
C:\Novell
C:\Program Files (x86)\Novell
C:\Program Files (x86)\Nsure Audit
novdocx (en) 16 April 2010
4 Run
regedit
\HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\AccessManager
\HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\NDS
\HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\nici_x64
and remove the following entries:
5 Reboot the machine.
5 Bugs Fixed in 3.1 SP2 IR1
Section 5.1, “Administration Console,” on page 4
Section 5.2, “Identity Server,” on page 4
Section 5.3, “Linux Access Gateway Appliance,” on page 5
Section 5.4, “Access Gateway Service,” on page 5
Section 5.5, “Policies,” on page 5
5.1 Administration Console
Fixed an upgrade issue that caused the Administration Console on a Windows Server 2008 to
become inaccessible after upgrading from the evaluation version to the licensed version.
5.2 Identity Server
Fixed an issue that caused logout to randomly fail when the Identity Servers were in a cluster.
Fixed an issue that caused the Identity Server to send a request-denied response to users who
were already logged in via a SAML 2 trusted relationship.
You can now use 64-bit eDirectory with SecretStore as a remote SecretStore because the 64-bit
SAML NMAS method is now available.
If your eDirectory user store is running on SLES 11 64-bit operating system on x86-64
hardware, the eDirectory server is missing some support libraries that this SAML method
requires. For information on installing these libraries, see TID 7006437 (http://
www.novell.com/support/viewContent.do?externalId=7006437&sliceId=1).
Fixed an upgrade issue so that users can change their passwords after you have upgraded from
iChain to Novell Access Manager.
Fixed a login looping issue when users access protected resources.
Fixed an issue that prevented users who were accessing protected resources from receiving the
error code with the
Fixed an issue that cause the Credential Profile to store an incorrect value for the cn field when
unable to authenticate
Active Directory was used for the user store.
4 Novell Access Manager 3.1 SP2 IR1 Readme
message.
5.3 Linux Access Gateway Appliance
Fixed an issue with the SLES 11 version of the Access Gateway Appliance that prevented
users from downloading files when Gzip is enabled and the file is chunked and encoded.
Fixed an issue that caused the Linux Access Gateway Appliance to crash after restarting the
Access Gateway or the operating system after an upgrade.
novdocx (en) 16 April 2010
Fixed an issue that caused a
to SLES 11.
Fixed an issue that caused the round robin option for load balancing to unevenly distribute
requests to Web servers, which can cause a Web server to become overloaded.
In an Access Gateway cluster, a specific IP address can now be configured for SOAP channel
communication.
Fixed an issue that caused an Identity Injection policy on a public resource to fail after a soft
timeout because the Linux Access Gateway Appliance was not filling the authorization header.
keystore missing
error message after migrating from SLES 9
5.4 Access Gateway Service
Fixed an issue that prevented the rewriter from correctly rewriting URLs in a domain-based
multi-homing service.
Fixed an issue that caused segmentation errors when malformed requests were received.
Fixed an issue with the Form Fill policy so that the hostname is included when the action
element is empty.
Fixed the format of Form Fill log event files for the Linux and Windows Access Gateway
Service to be identical.
Corrected the tooltip and the documentation for creating a log profile (click Devices > Access
Gateways > Edit > Logging > [Profile Name]). When you set a value for the Maximum Backup
Files option, a 0 (zero) value indicates that you do not want any backup files created and a
blank value indicates that you want one backup file created.
5.5 Policies
Fixed an issue with the Day of Week and the Current Date conditions of an Authorization
policy that caused policy creation to fail.
Fixed an issue that caused an Identity Injection policy with custom headers to incorrectly
prepend cn to multi-valued attributes.
When you create an Access Gateway Authorization policy with the Current Date condition,
you need to specify the format of the Value field. Fixed an issue that prevented you from
creating a policy with a format that used letters to specify the month.
6 Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this
documentation, and specifically disclaims any express or implied warranties of merchantability or
fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication
and to make changes to its content, at any time, without obligation to notify any person or entity of
such revisions or changes.
Novell Access Manager 3.1 SP2 IR1 Readme 5
Further, Novell, Inc., makes no representations or warranties with respect to any software, and
specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of
Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export
controls and the trade laws of other countries. You agree to comply with all export control
regulations and to obtain any required licenses or classification to export, re-export or import
deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion
lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not
use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more
information on exporting Novell software. Novell assumes no responsibility for your failure to
obtain any necessary export approvals.
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the
publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/
company/legal/trademarks/tmlist.html).
novdocx (en) 16 April 2010
All third-party trademarks are the property of their respective owners.
6 Novell Access Manager 3.1 SP2 IR1 Readme
Loading...