NetIQ Access Manager 4.1 Administration Guide
- NetIQ Access Manager 4.1 Administration Guide
- Overview
- How Access Manager Solves Business Challenges
- How Access Manager Works
- Access Manager Components and Their Features
- Language Support
- Configuring Access Manager
- Configuring the Administration Console
- Configuring the Default View
- Managing the Administration Console Session Timeout
- Managing Administrators
- Changing the IP Address of Access Manager Devices
- Mapping the Private IP Address to Public IP Address
- Setting Up a Basic Access Manager Configuration
- Understanding Access Manager Process Flow
- Prerequisites for Setup
- Configuring an Identity Server
- Identity Servers Cluster
- Configuring the Identity Server Shared Settings
- Configuring the Access Gateway
- Access Gateways Clusters
- Protecting Web Resources Through the Access Gateway
- Configuring Trusted Providers for Single Sign-On
- Configuring Single Sign-On to Specific Applications
- Configuring a Protected Identity Server Through Access Gateways
- Sample Configuration for Protecting an Application Through Access Manager
- Setting Up an Advanced Access Manager Configuration
- Identity Server Advance Configuration
- Access Gateway Server Advance Configuration
- Access Gateway Content Settings
- Advanced Access Gateway Options
- Modifying Configuration Files
- Configuring Authentication
- Configuring Local Authentication
- Configuring Federated Authentication
- Access Manager Policies
- Understanding Policies
- Role Policies
- Authorization Policies
- Identity Injection Policies
- Form Fill Policies
- External Attribute Source Policies
- Risk Configuration Policies
- High Availability and Fault Tolerance
- Installing Secondary Versions of the Administration Console
- Configuration Tips for the L4 Switch
- Setting up L4 Switch for IPv6 Support
- Using a Software Load Balancer
- Security and Certificate Management
- Securing Access Manager
- Securing the Administration Console
- Protecting the Configuration Store
- Security Considerations for Certificates
- Configuring Secure Communication on the Identity Server
- Security Considerations for Identity Server
- Enabling Secure Cookies
- Preventing Cross-site Scripting Attacks
- Understanding Access Manager Certificates
- Process Flow
- Access Manager Trust Stores
- Access Manager Keystores
- Creating Certificates
- Creating a Locally Signed Certificate
- Editing the Subject Name
- Assigning Alternate Subject Names
- Generating a Certificate Signing Request
- Importing a Signed Certificate
- Managing Certificates and Keystores
- Viewing Certificate Details
- Adding a Certificate to a Keystore
- Renewing a Certificate
- Exporting a Private/Public Key Pair
- Exporting a Public Certificate
- Importing a Private/Public Key Pair
- Managing Certificates in a Keystore
- Assigning Certificates to Access Manager Devices
- Importing a Trusted Root to the LDAP User Store
- Managing Identity Server Certificates
- Assigning Certificates to an Access Gateway
- Changing a Non-Secure (HTTP) Environment to a Secure (HTTPS) Environment
- Managing Trusted Roots and Trust Stores
- Managing Trusted Roots and Trust Stores
- Viewing External Trusted Roots
- Enabling SSL Communication
- Enabling SSL Communication
- Using SSL on the Access Gateway Communication Channels
- Configuring SSL for Authentication between the Identity Server and Access Manager Components
- Prerequisites for SSL
- Configuring SSL Communication with Browsers and the Identity Server
- Configuring SSL between the Proxy Service and the Web Servers
- Configuring the SSL Communication
- Maintaining Access Manager
- Auditing
- Enabling Auditing
- Enabling Identity Server Audit Events
- Enabling Access Gateway Audit Events
- Reporting
- Overview
- Prerequisites
- Deploying Access Manager Reporting Solution Pack
- Enabling Reporting
- Generating Reports
- Logging
- Understanding the Types of Logging
- Understanding the Log Format
- Identity Server Logging
- Access Gateway Logging
- Downloading Log Files
- Turning on Logging for Policy Evaluation
- Using Log Files for Troubleshooting
- Component Statistics
- Identity Server Statistics
- Access Gateway Statistics
- Component Statistics Through REST APIs
- Monitoring API for the Identity Server Statistics
- Monitoring API for the Access Gateway Statistics
- Monitoring Server Health
- Health States
- Monitoring Health by Using the Hardware IP Address
- Monitoring Health of Identity Servers
- Monitoring the Health of Access Gateways
- Monitoring Component Command Status
- Viewing the Command Status of the Identity Server
- Viewing the Command Status of the Access Gateway
- Reviewing the Command Status for Certificates
- Monitoring Alerts
- Monitoring Identity Server Alerts
- Monitoring Access Gateway Alerts
- Monitoring Access Manager By Using Simple Network Management Protocol
- SNMP Architecture in Access Manager
- Features of Monitoring in Access Manager
- Using the Default MIB File with External SNMP Systems
- Querying For SNMP Attributes
- Installing and Enabling Monitoring for Access Manager Components
- Back Up and Restore
- How The Backup and Restore Process Works
- Backing Up the Access Manager Configuration
- Restoring the Access Manager Configuration
- Restoring an Identity Server
- Restoring an Access Gateway
- Code Promotion
- How Code Promotion Helps
- Sequence of Promoting the Configuration Data
- Prerequisites
- Limitations
- Configuring Custom File Paths
- Exporting the Configuration Data
- Importing the Configuration Data
- Troubleshooting Code Promotion
- Troubleshooting
- Troubleshooting Installation
- Troubleshooting Upgrade
- Troubleshooting the Administration Console
- Troubleshooting the Access Gateway
- Troubleshooting Identity Server and Authentication
- Troubleshooting Certificate Issues
- Troubleshooting Access Manager Policies
- Troubleshooting Code Promotion
- Troubleshooting XML Validation Errors on the Access Gateway Appliance
- Troubleshooting OAuth and OpenID Connect
- Access Manager Audit Events and Data
- Event Codes
- Appendix
- Certificates Terminology
- Data Model Extension XML
- Elements
- Writing Data Model Extension XML
- SOAP versus REST API
- OAuth versus Other Protocols
- Access Manager Reports Samples
- Application Access Summary Report
- User Application Access Summary Report
- Application Specific User Access Report
- Federation Summary Report
- User Login Contract Summary Report
- User Login Failure Report
- Legal Notice