Access Manager Appliance 4.2 Service Pack 1 Release Notes

March 2016

Access Manager Appliance 4.2 Service Pack 1 (4.2.1) supersedes Access Manager Appliance 4.2.

For the list of software fixes and enhancements in the previous release, see Access Manager Appliance 4.2 Release Notes.

1.0 What’s New?

This release includes the following platform updates and fixed issues:

1.1 Operating System Upgrade

In addition to the platforms introduced in Access Manager 4.2 release, this release adds support for the following platforms:

  • SLES 12 SP1

  • RHEL 7.2

1.2 Updates for Dependent Components

This release adds support for the following dependent components:

NOTE:Access Manager 4.2.1 by default supports Tomcat 8.0.32 and OpenSSL 1.0.1s, but Administration Console uses Tomcat version 7.0.56 due to dependency on iManager.

1.3 Fixed Issues

This release includes software fixes for the following components:

Administration Console

The following issues are fixed in Administration Console:

Administration Console Does Not List All the Trusted Roots

Issue: The trusted roots are stored in an alphabetical order in eDirectory. When reading the trusted roots, if Administration Console encounters a corrupt trusted root it throws an exception and terminates the reading. It does not list any of the trusted roots that are stored after the corrupt trusted root. [Bug 940432]

Fix: The issue is resolved now because Administration Console handles the exception and moves on to read the next trusted root.

Cross Site Scripting Vulnerability

Issue: There is a Cross Site Scripting vulnerability issue in Administration Console risk engine. In Policies > Risk Configuration > NAT Settings, the cross site scripting is disabled for the Client IP Header Parser field. [Bug 954474]

Fix: The issue is resolved. The cross site scripting is enabled for the Client IP Header Parser field.

Identity Server

The following issues are fixed in Identity Server:

SAML Tokens Are Line Wrapped

Issue: The SAML tokens that contain a signature and certificates are line wrapped. This issue happens due to old XML signature library.[Bug 954912]

Fix: The XML signature library has been upgraded. But, by default the SAML tokens are line wrapped. To disable line wrapping, set the following option in the /opt/novell/nam/idp/conf/tomcat7.conf file:


SAML Attribute Set with Constant Value Cannot be Deleted

Issue: Define an attribute set with a remote attribute name and set a constant value. Save the attribute set, assign it and update Identity server. Now, try to delete the constant value. An exception occurs. [Bug 965912]

Virtual Attribute Option is Not Listed Under Role Policy Conditions on an Upgraded Access Manager

Issue: On an upgraded Access Manager, the Virtual Attribute option is not listed under the role policy conditions. [Bug 958724]

OAuth Identity Injection Scope Works Only if Require User Permission Option is Enabled

Issue: While defining scopes and claims for a Resource Server, the OAuth identity injection scope works only if the Require user permission option is enabled. [Bug 965649]

Access Gateway

The following issues are fixed in Access Gateway:

The Policy Extension Template Does Not Work in a Clustered Environment

Issue: In a clustered environment, Access Gateway throws an exception for a policy extension template. This happens when the load balancer selects different servers for Identity Server and Access Gateway. However, when the load balancer selects the same servers for Identity Server and Access Gateway, there is no error. [Bug 876869]

Fix: This issue is resolved. The load balancer does not throw an exception and works as expected on different servers.

The URL Accessed Audit Event is Triggered Even When This Event Is Disabled

Issue: The URL Accessed audit event is triggered even when it is not enabled for auditing. [Bug 968219]

Apache Crashes on Windows Access Gateway Service When Requested URL Has Long Query String

Issue: On Windows Access Gateway Service, Apache crashes. This is because the requested URL has long query string and the stack size is insufficient. [Bug 847731]

Fix: This issue is resolved. The stack size in Windows Access Gateway Service is increased to prevent Apache from crashing.

2.0 Supported Upgrade Paths

To upgrade to Access Manager 4.2.1, you must be on any one of the following Access Manager versions:

  • 4.0 Service Pack 2

  • 4.0 Service Pack 2 HF1

  • 4.1

  • 4.1 Service Pack 1

  • 4.1 Service Pack 1 HF1

  • 4.1 Service Pack 2

  • 4.2

3.0 Installing or Upgrading Access Manager

After purchasing Access Manager Appliance 4.2.1, log in to the NetIQ Downloads page and follow the link that allows you to download the software. The following files are available:

Table 1 Files Available for Access Manager Appliance 4.2.1




Contains the Access Manager Appliance iso.


Contains the Access Manager Appliance tar file.

For more information about installing and upgrading, see the NetIQ Access Manager Appliance 4.2 Installation and Upgrade Guide.

4.0 Verifying Version Numbers After Upgrading to 4.2.1

After upgrading to Access Manager 4.2.1, verify that the version number of the component is indicated as To verify the version number, perform the following steps:

  1. In the Administration Console, click Troubleshooting > Version.

  2. Verify that the Version field lists

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.

5.1 OAuth Apps Fail After Upgrading Access Manager 4.1 to 4.2

Issue: The OAuth apps fail after you upgrade Access Manager 4.1 to 4.2. This is caused due to the expired authorization code. [Bug 966216]

Workaround: To workaround this issue, you need to upgrade both Access Gateway and Identity Provider to Access Manager 4.2 at the same time. For more information, see TID.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2016 NetIQ Corporation, a Micro Focus company. All Rights Reserved.