Access Manager 4.2 Service Pack 3 Release Notes

1.0 What’s New?

This release includes the following:

1.1 Operating System Upgrade

In addition to the platforms supported in Access Manager 4.2.2 release, this release adds support for the following platforms:

  • SLES 12 SP2

  • RHEL 6.8 and 7.3

1.2 Updates for Dependent Components

This release adds support for the following dependent components:

  • eDirectory 8.8.8.9

  • Java 1.8.0_121

  • OpenSSL 1.0.2k

  • Tomcat 8.0.39

  • iManager 2.7.7.8

NOTE:This release of Access Manager by default supports Tomcat 8.0.39 and OpenSSL 1.0.2k, but Administration Console uses Tomcat version 7.0.68 due to dependency on iManager.

1.3 Fixed Issues

This release includes software fixes for the following:

Administration Console

The following issues are fixed in Administration Console:

  • On ports 9000 and 9001, there is a reverse shell connection to Administration Console. This leads to security vulnerabilities. (TID 7018159)

  • Kerberos fallback to name/password method loses custom branding after upgrading to Access Manager 4.2. (TID 7018538)

  • Office 365 SSO with SAML triggers nidsIdentity object to be removed and re-added with every login. (TID 7018539)

  • Potential Security Issue where Access Manager Administrator can download system files to Administration Console host via Code Promotion URL. (TID 7018541)

  • SAML2 Federation failing when "Encrypt name identifiers" or "Encrypt Assertion" option is enabled. (TID 7018553)

Identity Server

The following issue is fixed in Identity Server:

Unable to Map Persistent NameIdentifier to a non-LDAP Attribute

Issue: Access Manager does not allow mapping of a persistent NameIdentifier to a non LDAP attribute. [Bug 1020623]

Fix: To resolve this issue, refer the section Configuring Specific Attributes as ImmutableID in the NetIQ Access Manager 4.2 Administration Guide . You can also refer to TID.

2.0 Supported Upgrade Paths

To upgrade to Access Manager 4.2.3, you must be on any one of the following Access Manager versions:

  • 4.2 Service Pack 2

  • 4.2

3.0 Installing or Upgrading Access Manager

After purchasing Access Manager 4.2.3, log in to the NetIQ Downloads page and follow the link that allows you to download the software. The following files are available:

Table 1 Files Available for Access Manager 4.2.3

Filename

Description

AM_42_SP3_AccessManagerService_Linux64.tar.gz

Contains Identity Server and Administration Console for Linux.

AM_42_SP3_AccessManagerService_Win64.exe

Contains Identity Server and Administration Console for Windows Server.

AM_42_SP3_AccessGatewayAppliance.iso

Contains Access Gateway Appliance iso.

AM_42_SP3_AccessGatewayAppliance.tar.gz

Contains Access Gateway Appliance tar file.

AM_42_SP3_AccessGatewayService_Win64.exe

Contains Access Gateway Service for Windows Server.

AM_42_SP3_AccessGatewayService_Linux64.tar.gz

Contains Access Gateway Service tar file.

For more information about installing and upgrading, see the NetIQ Access Manager 4.2 Installation and Upgrade Guide.

4.0 Verifying Version Numbers After Upgrading to 4.2.3

After upgrading to Access Manager 4.2.3, verify that the version number of the component is indicated as 4.2.3.0-31. To verify the version number, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version field displays 4.2.3.0-31.

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.

5.1 Upgrading Access Manager 4.2.3 to 4.3 Is Not Supported

Issue: Upgrading Access Manager from 4.2.3 to 4.3 is currently not supported. [Bug 1020662]

Workaround: Currently, there is no workaround for this issue.

5.2 Upgrading Operating System from SLES 12.1 to 12.2 Generates Error

Issue: On Administration Console, after you upgrade the operating system from SLES 12.1 to 12.2, the ambkup.sh and amrestore.sh commands fail to execute. There is an error in their respective log files. [Bug 1021617]

Workaround: To workaround this issue, run the following commands on Administration Console in the following order:

  1. ldconfig

  2. ambkup.sh

  3. amrestore.sh

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2017 NetIQ Corporation, a Micro Focus company. All Rights Reserved.