IR1 for Novell Access Manager has just been released and is available at:
Here are some of the issues addressed:
* Added management IP address to HTTP IP address translation for JGroups.
* Simplified the use of JGroups JChannel by consolidating into a single Distributed Message Bus.
* Fixed SAML 2.0 signing error. Artifact responses are no longer required to be signed. See TID 3903427.
* In testing environments, you can disable OCSP/CRL checks for server certificates by setting java property com.novell.nidp.serverOCSPCRL=”false”.
* Added functionality to send a complete list of the HTTP listening IP addresses for all cluster members when sending a configuration to the ESP.
* Added prompt to specify location path of backup files. The system uses the logged-in user’s home directory as a default.
* Fixed the cause of Access Manager restore error (AM#201002001: The backup file does not exist).
* Added Update Servers prompt after adding or deleting reverse proxy servers.
* Upgrade process now provides the default Administration Console IP address.
* Added ability to restore backup without requiring the ZIP file, which contains certificates.
* Fixed 404 Roma errors when configuring rewriter Additional Strings to Replace fields.
* The system deletes the admin.xml and manager.xml files from tomcat webapps directory after installation.
* Fixed ESP proxying using virtual addresses.
* Corrected Daylight Savings Time schema.
* Fixed sslMutual certificate overwriting.
* The Published DNS Name for a Proxy Service may now defined as a single name segment, meaning, without dots.
* Added viewInfo.jsp and viewInfo.php to the /unsupported directory of the Identity Server installation file. Use these files for troubleshooting identity injection. They display all the HTTP headers and query string data that is sent from the Access Gateway to the back-end server. These files should be removed from the Web server after troubleshooting is finished.
Linux Access Gateway
* Implemented the mechanism to preserve the POST data during authentication redirection. The maximum size of POST data that can be preserved in the Linux Access Gateway during authentication redirection is 50 KB. The POST data above this limit will be lost.
* Fixed the authentication looping issue which occurred for requests sent after the session time-out.
* Updated the identity data caching policy of Linux Access Gateway to match that of the NetWare Access Gateway and iChain. The identity data caching is now valid throughout the user authentication session. This reduces the page download time.
* Fixed issues with Linux Access Gateway not serving the POST request when the identity injection is enabled and the Identity Server session soft time-out has been reached.
* The identity injection data will not be logged in ics_dyn logs and lagsoapmessages.
* Fixed the authentication issue with the server persistence cookie, which led to authentication failure.
* Updated the cookie ID setting to fix issues with Web server persistence for path based multi-homing services.
* Fixed the issue with the Linux Access Gateway not using the new certificate after applying the certificate configuration changes.
* The rollover functionality has been introduced for Linux Access Gateway log files.
* Fixed the Linux Access Gateway crash when the clock=pit configuration is enabled in bootloader on VMWare.
* Updated the prompts and syntaxes in the lagupgrade.sh script.
* Fixed the 504 Gateway timeout error which occurred while downloading large files.
NetWare Access Gateway
* Updated the daylight savings settings to work with the changes that the USA and Austrialia (Perth) governments have made. To update the NetWare Access Gateway, you need to update to the Access Manager 3.0 IR1 release. Then in the Administration Console, click Access Manager > Access Gateways > Edit > Date & Time. The page detects the old settings and updates them to the new settings. Confirm the update, then apply the changes.
* Modified NILE to support IE 7.
* Fixed issues with FTP so that it works with pure FTP and so that a failed file transfer timeouts after three minutes.
* Made minor changes to the search and replace feature of the HTML rewriter.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.