How it Works
Sun Microsystems
Loading...
819468310
User Manual
36 pgs617.17 Kb0
Table of contents
Loading...

Sun Microsystems 819468310 User Manual

Sun Java System Access Manager
7.1 Release Notes
Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.
Part No: 819–4683–10 March 2007
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries.
U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
This distribution may include materials developed by third parties.
Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
The OPEN LOOK and Sun of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements.
Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identied on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited.
DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDINGANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED,EXCEPT TO THE EXTENT THATSUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
TM
Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering eorts
Copyright 2007 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays.
Cette distribution peut comprendre des composants développés par des tierces personnes.
Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD,licenciés par l'Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd.
Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.
L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les eorts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun.
Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations nales, ou utilisateurs naux, pour des armes nucléaires, des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités gurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spéciquement designés, sont rigoureusement interdites.
LA DOCUMENTATIONEST FOURNIE "EN L'ETAT"ET TOUTES AUTRESCONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATIONPARTICULIERE OU A L'ABSENCE DE CONTREFACON.
070301@16599
Contents
Sun JavaSystem Access Manager 7.1 Release Notes .......................................................................5
Revision History .....................................................................................................................................6
About Sun Java System Access Manager 7.1 ........................................................................................6
What’s New in This Release ...................................................................................................................6
Java ES Monitoring Framework Integration ...............................................................................6
Web Service Security ......................................................................................................................7
Single Access Manager WAR le deployment .............................................................................7
Enhancements to Core Services ....................................................................................................7
Deprecation Notication and Announcement ........................................................................ 10
Hardware and Software Requirements ............................................................................................. 10
Supported Browsers ..................................................................................................................... 12
General Compatibility Information .................................................................................................. 13
AMSDK intersystem incompatibility with Access Manager server ....................................... 13
Upgrade not supported for Access Manager HPUX version .................................................. 13
Access Manager Legacy Mode .................................................................................................... 14
Access Manager Policy Agents ................................................................................................... 15
Known Issues and Limitations ........................................................................................................... 16
Installation Issues ......................................................................................................................... 16
Upgrade Issues ............................................................................................................................. 16
Compatibility Issues .................................................................................................................... 16
Conguration Issues .................................................................................................................... 19
Access Manager Console Issues ................................................................................................. 21
Command Line Issue ................................................................................................................... 22
SDK and Client Issues .................................................................................................................. 23
Authentication Issues .................................................................................................................. 23
Session and SSO Issues ................................................................................................................ 25
Policy Issues .................................................................................................................................. 26
Server Startup Issues .................................................................................................................... 26
3
Contents
AMSDK Issues .............................................................................................................................. 27
SSL Issue ........................................................................................................................................ 28
Samples Issue ................................................................................................................................ 29
Linux OS Issues ............................................................................................................................ 29
Windows and HP-UX Issues ...................................................................................................... 30
Federation and SAML Issues ...................................................................................................... 30
Globalization (g11n) Issues ........................................................................................................ 31
Documentation Issues ................................................................................................................. 33
Documentation Updates .................................................................................................................... 34
Redistributable Files ............................................................................................................................ 34
How to Report Problems and Provide Feedback ............................................................................. 35
Sun Welcomes Your Comments ................................................................................................ 35
Additional Sun Resources .................................................................................................................. 35
Accessibility Features for People With Disabilities .................................................................. 36
Related Third-Party Web Sites .......................................................................................................... 36
Sun Java System Access Manager 7.1 Release Notes • March 20074

Sun Java System Access Manager 7.1 Release Notes

March 2007
Part Number 819-4683-10
TM
The Sun Java available for the Sun Java Enterprise System (Java ES) release, including new Access Manager features and known issues with workarounds, if available. Read this document before you install and use this release.
To view the Java ES product documentation, including the Access Manager collection, see
http://docs.sun.com/prod/entsys.05q4.
Check this site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date documentation.
These Release Notes Contain the following sections:
“Revision History” on page 6
“About Sun Java System Access Manager 7.1” on page 6
“What’s New in This Release” on page 6
“Hardware and Software Requirements” on page 10
“General Compatibility Information” on page 13
“Known Issues and Limitations” on page 16
“Documentation Updates” on page 34
“Redistributable Files” on page 34
“How to Report Problems and Provide Feedback” on page 35
“Additional Sun Resources” on page 35
“Related Third-Party Web Sites” on page 36
System Access Manager 7.1 Release Notes contain important information
5

Revision History

Revision History
The following table shows the Access Manager 7.1 Release Notes revision history.
TABLE 1 Revision History
Date Description of Changes
July 2006 Beta release.
March 2007 Java Enterprise System 5 release

About Sun Java System Access Manager 7.1

Sun Java System Access Manager is part of the Sun Identity Management infrastructure that allows an organization to manage secure access to Web applications and other resources both within an enterprise and across business-to-business (B2B) value chains.
Access Manager provides these main functions:
Centralized authentication and authorization services using both role-based and rule-based access control
Single sign-on (SSO) for access to an organization's Web-based applications
Federated identity support with the Liberty Alliance Project and Security Assertions Markup Language (SAML)
Logging of critical information including administrator and user activities by Access Manager components for subsequent analysis, reporting, and auditing.

What’sNew in This Release

This release includes the following new features:
“Java ES Monitoring Framework Integration” on page 6
“Web Service Security ” on page 7
“Single Access Manager WAR le deployment” on page 7
“Enhancements to Core Services” on page 7
“Deprecation Notication and Announcement” on page 10

Java ES Monitoring Framework Integration

Access Manager 7.1 integrates with the Java Enterprise System monitoring framework through Java Management Extensions (JMX). JMX technology provides the tools for building distributed, Web-based, modular, and dynamic solutions for managing and monitoring
Sun Java System Access Manager 7.1 Release Notes • March 20076
What’sNew in This Release
devices, applications, and service-driven networks. Typical uses of the JMX technology include: consulting and changing application conguration, accumulating statistics about application behavior, notication of state changes and erroneous behaviors. Data is delivered to centralized monitoring console.
Access Manager 7.1 uses the Java ES Monitoring Framework to capture statistics and service-related data such as the following:
Number of attempted, successful, and failed authentications
Policy caching statistics
Policy evaluation transaction times

WebService Security

Access Manager 7.1 extends authentication capabilities to web services in the following ways:
Inserts tokens to outgoing messages
Evaluates incoming messages for security tokens
Enables point-and-click selection of Authentication providers for new applications
Single Access Manager WAR le deployment
Access Manager includes a single WAR le you can use to deploy Access Manager services consistently to any supported container on any supported platform. The Access Manager WAR le coexists with the Java Enterprise System installer which deploys multiple JAR, XML, JSP, HTML, GIF, and various properties les.

Enhancements to Core Services

Web Containers supported
Sun Java System Web Server 7.0
Sun Java System Application Server 8.2
BEA WL 8.1 SP4
IBM WebSphere 5.1.1.6
Monitoring Framework Integration
Access Manager can use the JES Monitoring Framework to monitor the following:
1. Authentication
Number of authentications attempted
Number of remote authentications attempted (optional)
Sun Java System Access Manager 7.1 Release Notes 7
What’sNew in This Release
Number of successful authentications
Number of failed authentications
Number of successful logout operations
Number of failed logout operations
Transaction time for each module if possible (running and waiting states)
2. Sessions
Size of the session table (hence maximum number of sessions)
Number of active sessions (incremental counter)
3. Prole Service
Maximum cache size
Transaction time for operations (running and waiting)
4. Policy
Policy evaluation in and out requests
Policy connection pool statistics for the subject's plug-in's LDAP server
Authentication module
Distributed Authentication service not required to stick to one server for load-balanced deployments
Authentication service and server not required to stick to one server for load—balanced deployments
Composite advices support among Authentication service, Policy Agents, and Policy service. Includes AuthenticateToRealm condition, AuthenticateToService condition, and realm qualication to all conditions.
Advising organization (realm qualied Authentication conditions)
Authentication congurations / authentication chains (AuthServiceCondition)
Module-based authentication can now be disallowed if Authentication chaining is enforced
Distributed Authentication service supports Certicate authentication module
Added CertAuth to Distributed Authentication UI to make it a full featured credential extractor presentation
New Datastore authentication module as an out-of-box module which authenticates against the congured datastore for a given realm
Account lockout conguration now persistent across multiple AM server instances
Chaining of post-processing SPI classes
Policy module
A new policy condition AuthenticateToServiceCondition added, to enforce the user is authenticated to specifc authentication service chain.
Sun Java System Access Manager 7.1 Release Notes • March 20078
What’sNew in This Release
A new policy condition AuthenticateToRealmCondition added, to enforce the user is authenticated to a specic realm.
A new policy condition LDAPFilterCondition is added, to enforce the user matches the specied ldap lter.
Support for one level wild card compare to facilitate protecting the contents of the directory without protecting sub-directory.
Policies can be created in subrealms without explicit referral policies from parent realm if organization alias referral is enabled in global policy conguration.
AuthLevelCondition can specify the realm name in addition to authentication level.
AuthSchemeCondition can specify the realm name in addition to authentication module name .
Service Management module
Support for storing Service Management/Policyconguration in Active Directory
Access Manager SDK
Support APIs for authenticating users to a default Identity Repository framework database
Web Services support
Liberty ID-WSF SOAP provider: Authentication provider that encapsulates the Liberty ID-WSF SOAP binding as implemented by Access Manager. This consists of a client and service provider.
HTTP layer SSO provider: HttpServlet layer authentication provider that encapsulates server-side Access Manager-based SSO
Installation module
Repackaging Access Manager as J2EE Application resulting in a single WAR le to become web deployable
Support for 64-bit SJS Web Server 7.0 - to support the 64-bit JVM
Delegation module
Support for grouping of delegation privileges
Upgrade
Supports upgrade to Access Manager 7.1 from the following versions: Access Manager 7.0 2005Q4, Access Manager 6.3 2005Q1, and Identity Server 6.2 2004Q2.
Logging
Support for delegation in logging module - controlling which Identities are authorized to write to or read from the log les.
Sun Java System Access Manager 7.1 Release Notes 9

Hardware and Software Requirements

Support JCE Based SecureLogHelper - making it possible to use JCE (in addition to JSS) as
a security provider for Secure Logging implementation
Deprecation Notication and Announcement
Sun Java(TM) System Access Manager 7.1 identity management APIs and XML templates enable system administrators to create, delete, and manage identity entries in Sun Java System Directory Server. Access Manager also provides APIs for identity management. Developers use the public interfaces and classes dened in the com.iplanet.am.sdk package to integrate management functions into external applications or services to be managed by Access Manager. Access Manager APIs provide the means to create or delete identity-related objects as well as to get, modify, add, or delete the objects' attributes from Directory Server.
The Access Manager com.iplanet.am.sdk package, commonly known as AMSDK, will not be included in a future Access Manager release. This includes all related APIs and XML templates. No migration options are available now, and no migration options are expected to be available in the future. The user provisioning solutions provided by Sun Java System Identity Manager are compatible replacements that you can start to use now. For more information about Sun Java System Identity Manager, see
http://www.sun.com/software/products/identity_mgr/index.xml.
Hardware and Software Requirements
The following table shows the hardware and software that are required for this release.
Sun Java System Access Manager 7.1 Release Notes • March 200710
TABLE 2 Hardware and Software Requirements
Component Requirement
Hardware and Software Requirements
Operating system (OS)
SolarisTM10 on SPARC, x86, and x64 based systems, including support for whole root local and sparse root zones.
Solaris 9 on SPARC and x86 based systems.
Red HatTMEnterprise Linux 3 and 4, all updates Advanced Server (32 and 64–bit versions) and Enterprise Server (32 and 64–bit versions)
Windows Windows 2000 Advanced Server, Data Center Server version SP4 on x86 Windows 2003 Standard (32 and 64–bit versions), Enterprise (32 and 64–bit versions), Data Center Server (32–bit version) on x86 and x64 based systems Windows XP Professional SP2 on x86 based systems HP-UX 11i v1 (11.11 from uname), 64–bit on PA-RISC 2.0
For the most updated list of supported operating systems, see “Platform Requirements and Issues” in Sun Java Enterprise System 5 Release Notes for UNIX in the Sun Java Enterprise System 5 Release Notes for UNIX, or “Hardware and Software Platform Information” in Sun Java Enterprise System 5 Release
Notes for Microsoft Windows in the Sun Java Enterprise System 5 Release Notes for Windows.
Java 2 Standard Edition (J2SE) J2SE platform 6.0, 5.0 Update 9 (HP-UX: 1.5.0.03),
and 1.4.2 Update 11
Directory Server Access Manager information tree: Sun Java System
Directory Server 6.0 or Sun Java System Directory Server 5.2 2005Q4
Access Manager identity repository: Sun Java System Directory Server 6.0 or Microsoft Active Directory
Sun Java System Access Manager 7.1 Release Notes 11
Loading...
+ 25 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use