Access Manager 4.4 Service Pack 4 Hotfix 2 Release Notes

1.0 What’s New?

This release provides support for Access Manager on Google Chrome browser version 80.

Chrome 80 introduces a change of how cookies are handled in web browser.

To support this Chrome version, configure following options in Access Manager after applying this patch update.

For Identity Server:

  1. Uncomment the ResponseCookieProcessor filter configuration to set the <param-name>.

    You must change the value from Active to True in the web.xml file.

    The web.xml file is located in the following path:

    Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF

    Windows: /opt/novell/nam/idp/webapps/nidp/WEB-INF

     <filter>
           <filter-name>ResponseCookieProcessor</filter-name>
           <filter-class>com.novell.nidp.servlets.filters.cookie.ResponseCookieProcessor</filter-class>
           <description>This filter is used to edit Response cookies before delivering to the client.</description>
           <init-param>
                   <param-name>Active</param-name>
                   <param-value>False</param-value>
           </init-param>
           <init-param>
                   <param-name>SameSiteLevel</param-name>
                   <param-value>None</param-value>
           </init-param>     
        </filter>
        <filter-mapping>
            <filter-name>ResponseCookieProcessor</filter-name>
            <url-pattern>/*</url-pattern>
     </filter-mapping>
  2. Restart the servers.

    NOTE:Perform the above steps on each node of the Identity Server.

For Access Gateway:

  1. Click Devices > Access Gateways > Edit > Advanced Options.

  2. Add the Access Gateways Global Advanced Option:

    NAGGlobalOptions SameSiteCookie=<on/off>. The default value is off. This sets SameSite=None to every Set-Cookie header coming from Access Gateway.

  3. Add SameSite value other than the default value of None, like Lax or Strict, by using

    • NAGGlobalOptions SameSiteOption <input-string>

      Example:

      • NAGGlobalOptions SameSiteCookie=on

      • NAGGlobalOptions SameSiteOption "SameSite=Lax"

  4. Add the below two options at proxy service level:

    • Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options

      Example:

      • NAGHostOptions SameSiteCookie=on

      • NAGHostOptions SameSiteOption "SameSite=lax"

2.0 Verifying Version Numbers Before Upgrading to 4.4.4.2

To ensure that you have the Access Manager 4.4.4 files before upgrading to Access Manager 4.4.4.2, verify the existing Access Manager version by clicking Troubleshooting > Version.

3.0 Upgrading to Access Manager 4.4.4 Hotfix 2

IMPORTANT:In a cluster setup, ensure that you install the hotfix on each node of the Access Manager setup.

3.1 Downloading the Hotfix

The hotfix helps in upgrading to the latest Access Manager with ease.

If you have multiple components installed on the same system, the hotfix installation process will take care of updating all the binaries of these components. For example, if you have both Identity Server and Administration Console installed on a system, installing the hotfix takes care of updating the binaries of Identity Server and Administration Console.

IMPORTANT:Ensure that you are currently on Access Manager 4.4.4 before upgrading to Access Manager 4.4.4.2.

To download Access Manager 4.4.4.2, perform the following steps:

  1. Go to NetIQ Downloads Page.

  2. Under Patches, click Search Patches.

  3. Specify AM_4442.zip in the search box and download the file.

  4. Save the hotfix file to the server running Access Manager. If you have multiple servers in your set up, ensure that you copy this zip file to all the servers.

    NOTE:This hotfix is not required for Analytics Server.

3.2 Upgrading to Access Manager 4.4.4 Hotfix 2

You can upgrade to Access Manager 4.4.4 Hotfix 2 by using the proceeding steps. This requires few manual interventions to continue the upgrade process. If you do not require any manual intervention while upgrading to the hotfix, see Silent Hotfix Upgrade.

NOTE:This installation is not applicable for Analytics Server.

  1. Extract the hotfix file by using the unzip AM_4442.zip command.

    After extraction, the following files and folders are created in the AM_4442 folder:

    Table 1 Files and folders created in the AM_4442 folder after extracting the hotfix installer ZIP file

    File/Folder Name

    Description

    rpm

    Contains rpm files for the hotfix to run on a Linux server.

    Patchtool

    Contains logging properties file and files necessary for the hotfix to run on a Windows server.

    installPtool.sh

    Script to install the hotfix and the hotfix tool on a Linux server.

    installPatch.sh

    Script to install the hotfix tool and the updated binaries on a Linux server.

    installPtool.cmd

    Script to install the hotfix on a Windows server.

  2. Log in as the root user.

  3. (Conditional) To automate the hotfix installation, perform the steps mentioned in Silent Hotfix Upgrade, else continue with Step 4.

  4. Go to the location where you have extracted the hotfix files.

  5. Run the installPatch.sh command.

    This command installs the hotfix and the bundled binaries.

    NOTE:To manage the Access Manager hotfix file, refer Managing Hotfix.

If the hotfix is already installed, the installer exits with a message.

3.3 Silent Hotfix Upgrade

Perform the following steps to automate the installation of the hotfix.

  1. Go to /opt/novell/nam/patching/bin/ and add the following in the patch file:

    -Dcom.netiq.nam.patching.enableautomation=true

    This updates the patch file as following:

    /opt/novell/java/bin/java -cp ../lib/*: \
    -Dcom.netiq.nam.patching.enableautomation=true -Djava.util.logging.config.file=logging.properties com.netiq.nam.patching.PatchInstaller $@
  2. Run the following command at /opt/novell/nam/patching/bin/:

    ./patch -i /<path where you extracted the hotfix>/AM_4442/AM_4442-13.patch

3.4 Managing Hotfix

  1. After the hotfix is installed, go to the following folder:

    /opt/novell/nam/patching/bin

  2. Use the following options to manage the Access Manager hotfix file:

Option

Description

Command on Linux server

-qa

Lists all installed hotfixes.

patch.sh -qa

-q

Lists details of an installed hotfix.

patch.sh –q

Example: patch.sh –q AM_4442-13

-i

Installs a hotfix. During installation of a hotfix, all running services are stopped temporarily. After a hotfix is installed, all services are restarted and details of the operation are written to log files.

patch.sh –i <location and hotfix name>

Example: patch.sh –i /opt/novell/nam/Patches/AM_4442/AM_4442-13.patch

-e

Removes an installed hotfix. The hotfix maintains content relationship among hotfixes. So, if you have installed hotfix 1 and hotfix 2, hotfix 1 cannot be removed without removing hotfix 2. This is because hotfix 2 contains details of hotfix 1 as well.During the hotfix process, all the running services are stopped temporarily.

patch.sh –e <hotfix name>

Example: patch.sh –e AM_4442-13

-qpl

Lists details of a hotfix that is not installed. If you want to view the changes that are included in the hotfix file without installing it on your server, use this option

patch.sh –qpl <location and hotfix name>

Example: patch.sh –qpl /opt/novell/nam/Patches/AM_4442/ AM_4442-13.patch

-v

Verifies integrity of a hotfix.

patch.sh –v <location and hotfix name>

Example: patch.sh –v /opt/novell/nam/Patches/AM_4442/ AM_4442-13.patch

-t

Verifies if services can be restored by the installer. Use this option to stop/start all services after the installation of hotfix.

patch.sh –t <location and hotfix name>

Example: patch.sh –t /opt/novell/nam/Patches/AM_4442/ AM_4442-13.patch

4.0 Verifying Version Numbers After Upgrading to 4.4.4.2

After upgrading to Access Manager 4.4.4.2, verify that the version number of the component is indicated as 4.4.4.2-10. To verify the version number, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version field displays 4.4.4.2-10.

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in Access Manager 4.4 Service Pack 4 Release Notes. If you need further assistance with any issue, please contact Technical Support.

5.1 "SameSite=Strict" in HTTP Request Does Not Display Web Content

Issue: Configuring reverse proxy on Hypertext Transfer Protocol (HTTP) with "SameSite=Strict" setting does not display web content. (Bug 1163653)

Workaround: None. Set your configuration to either "SameSite=lax" or "Samesite=None".

5.2 Patch Installer Tool Displays an Error

Issue: In Windows machine, patch installer tool displays the error: Could not find or load main class com.netiq.nam.patching.enableautomation=true. (Bug 1163676)

Workaround: Follow the steps:

  1. Go to c:\Program Files\Novell\patching\bin>

  2. Open notepad patch.cmd

  3. Remove com.netiq.nam.patching.enableautomation=true

  4. Run patch.cmd -i c:\Users\Administrator\Downloads\AM_4442\AM_4442\AM_4442-13.patch

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2020 NetIQ Corporation, a Micro Focus company. All Rights Reserved.