Access Manager Appliance 4.2 Service Pack 5 Release Notes

1.0 What’s New?

This release includes the following:

1.1 Updates for Dependent Components

This release adds support for the following dependent components:

NOTE:This release of Access Manager by default supports Tomcat 8.0.47 and OpenSSL 1.0.2k, but Administration Console uses Tomcat version 7.0.81 due to dependency on iManager.

1.2 Fixed Issues

This release includes software fixes for the following components:

Administration Console

The following issues are fixed in Administration Console:

Administration Console Randomly Deletes Certificate Trust Store Objects

The Identity Server cluster is not displayed in Administration Console because the certificates get deleted from the trust store. Hence, you must re-configure the Identity Server cluster. (Bug 1061807)

Cross Site Scripting in iManager

One of the iManager URL parameters has XSS issue. Access Manager uses the latest iManager version where this issue is fixed. (Bug 1063466)

Identity Server

The following issues are fixed in Identity Server:

User Is Not Provisioned Correctly When User Store Contains Multiple Replicas

LDAP replica stickiness is not used during SAML 2.0 user provisioning. The create user requests reach different replicas during provisioning, attribute modification and authenticated principal search. (Bug 1061801)

Kerberos Fall Back Mechanism Does Not Redirect to the Password Reset Page

Kerberos fall back mechanism does not redirect to the password reset page when an expired password or expiring password is detected. (Bug 1050964)

Passive Mode Authentication Fails When Accessing Office 365 with WS-Fed

After upgrading Access Manager, when you access Office 365 using Passive Mode Authentication method, the authentication fails. (Bug 1058411)

Access Gateway

The following issues are fixed in Access Gateway:

The Syslog Server Communication Failure Reduces the Performance of Access Gateway Server

Issue: When Syslog is enabled and Access Gateway Server cannot access Syslog Server, the audit events are not sent to Access Gateway. It reduces the Access Gateway performance. (Bug 1060781)

Fix: This issue is fixed in this release.

NOTE:If you are upgrading from a previous version of Access Manager, you must update the IP address and port number of the Syslog server to receive the system and server alerts in Administration Console.

When you upgrade Access Manager to this release, you can update the IP address and port number of the Syslog server by using any of the following methods:

  • Modify the SERVERIP and SERVERPORT values of Syslog server at /etc/Auditlogging.cfg. Perform this step for all the devices, then restart the devices.

  • In Administration Console, navigate to the Auditing Administrative task and update the IP address and port number of the Syslog server. For more information, see Specifying the Logging Server and Console Events.

The Global Advanced Option FlushUserCache Causes Looping

When FlushUserCache advanced option is enabled and multiple resources with different contracts are accessed in the same browser session, looping occurs. (Bug 993619)

Injecting a Script Using Browser Plugin Causes XSS Vulnerability

When a script is injected using browser plugin, referrer link on NAGError page causes XSS vulnerability (CVE-2017-5191). For more information about this issue, see TID 7018793. (Bug 1036222)

Requests Sent from ESP can Cause XSS Vulnerability

With this release of Access Manager, this issue is fixed. For more information about this issue, see TID 7022126. (Bug 1061799)

2.0 Supported Upgrade Paths

To upgrade to Access Manager 4.2.5, you must be on any one of the following Access Manager versions:

  • 4.2 Service Pack 4

  • 4.2 Service Pack 3 Hotfix 1

  • 4.2 Service Pack 3

  • 4.2 Service Pack 2

3.0 Installing or Upgrading Access Manager

After purchasing Access Manager Appliance 4.2.5, log in to the NetIQ Downloads page and follow the link that allows you to download the software. The following files are available:

Table 1 Files Available for Access Manager Appliance 4.2.45




Contains Access Manager Appliance iso.


Contains Access Manager Appliance tar file.

For more information about installing and upgrading, see the NetIQ Access Manager Appliance 4.2 Installation and Upgrade Guide.

4.0 Verifying Version Numbers After Upgrading to 4.2.5

After upgrading to Access Manager 4.2.5, verify that the version number of the component is indicated as To verify the version number, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version field displays

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the previous release. If you need further assistance with any issue, please contact Technical Support.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2017 NetIQ Corporation, a Micro Focus company. All Rights Reserved.