Access Manager Appliance 4.3 Service Pack 3 (4.3.3) includes enhancements, improves usability, and resolves several previous issues.
Many of these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Access Manager forum on our community website that also includes product notifications, blogs, and product user groups.
For information about the previous release, see Access Manager Appliance 4.3 Service Pack 2 Release Notes.
The general support for Access Manager 4.3 ends on 31st May 2018. For more information, see the Product Support Lifecycle page.
Access Manager Appliance 4.3.3 provides the following enhancement and fixes:
This release introduces the following enhancement:
A new Identity Server global option, LOGIN CSRF CHECK is added to enable Cross-Site Request Forgery (CSRF) check. For more information about CSRF token, see LOGIN CSRF CHECK in the NetIQ Access Manager Appliance 4.3 Administration Guide.
This release adds support for the following dependent components:
NOTE:Access Manager 4.3.3 by default supports Tomcat 8.0.47 and OpenSSL 1.0.2m, but Administration Console uses Tomcat version 7.0.81 due to dependency on iManager.
This release includes software fixes for the following components:
The following issues are fixed in Administration Console:
Reflected Cross Site Scripting Issue in /roma URL Parameter (CVE-2017-14800). For More Information about This Issue, See TID 7022356.
Reflected Cross Site Scripting Issue When Listing Identity Server Cluster (CVE-2017-14801). For More Information about This Issue, See TID 7022357.
Reflected Cross Site Scripting Issue in /nps URL Parameter (CVE-2017-9276). For More Information about This Issue, See TID 7022359.
If the cluster object is not found when a trusted root certificate is added, Administration Console might delete certificate trust store objects. (Bug 1034215)
Added a check to prevent redirection if the URL does not belong to /nps (CVE-2017-14802). For more information about this issue, see TID 7022360.
The following issues are fixed in Identity Server:
When you enable signing certificate per SAML service provider, expired certificates cannot be replaced. (Bug 1060784)
Kerberos fall back mechanism does not redirect to the password reset page when an expired password or expiring password is detected. (Bug 1053242)
Issue: The fallback login page is not rendered properly after a Kerberos method authentication failure. (Bug 1059514)
Fix: The fallback login page now renders properly and retains customization as well. You no longer need to follow the configuration steps mentioned in TID 7015049.
After upgrading Access Manager, when you access Office 365 using Passive Mode Authentication method, the authentication fails. (Bug 1048641)
The following issues are fixed in Access Gateway:
When the Script Is Injected Using Browser Plugin, Referrer Link on NAGError Page Causes XSS Vulnerability (CVE-2017-5191). For More Information about This Issue, See TID 7018793.
Requests Sent from ESP can Cause XSS Vulnerability (CVE-2017-14799). For More Information about This Issue, See TID 7022358.
Mangled Cookie Becomes Invalid When a User Accesses a Protected Resource. For More Information about This Issue, See TID 7022368. (Bug 1051390)
In an Access Gateway cluster, if the data is parked in one of the Access Gateways and ESP requests are sent on another Access Gateway, then after authentication data is not restored. (Bug 1058334)
After purchasing Access Manager Appliance 4.3.3, log in to the Customer Centre page to download the software. The following files are available:
Table 1 Files Available for Access Manager Appliance 4.3.3
Contains Access Manager Appliance .iso file.
Contains Access Manager Appliance .tar file.
Contains Analytics Server Appliance .iso file.
Contains Analytics Server Appliance .tar file.
For information about the upgrade paths, see Section 3.0, Supported Upgrade Paths. For more information about installing and upgrading, see the NetIQ Access Manager Appliance 4.3 Installation and Upgrade Guide.
To upgrade to Access Manager 4.3.3, you need to be on one of the following versions of Access Manager:
4.2 Service Pack 5
4.3 Service Pack 1
4.3 Service Pack 1 Hotfix 1
4.3 Service Pack 2
For more information about upgrading Access Manager Appliance, see NetIQ Access Manager Appliance 4.3 Installation and Upgrade Guide.
After upgrading to Access Manager 4.3.3, verify that the version number of the component is indicated as 126.96.36.199-24. To verify the version number, perform the following steps:
In Administration Console Dashboard, click> .
Verify that the 188.8.131.52-24.field lists
See TID 7004764 to view the list of Access Manager release versions.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in Access Manager Appliance 4.3 Service Pack 2 Release Notes. If you need further assistance with any issue, please contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2017 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see https://www.netiq.com/company/legal/. All third-party trademarks are the property of their respective owners.