Access Manager Appliance 4.5 Service Pack 3 Patch 3 Release Notes

March 2021

Access Manager Appliance 4.5 Service Pack 3 Patch 3 (4.5.3.3) supersedes Access Manager Appliance 4.5.3 Patch 2.

For the list of software fixes and enhancements in the previous release, see Access Manager Appliance 4.5 Service Pack 3 patch 1 Release Notes.

For information about the Access Manager support lifecycle, see the Product Support Lifecycle page.

If you have suggestions for documentation improvements, click Comment on this topic at the top or bottom of the specific page in the HTML version of the documentation posted at the Documentation page.

1.0 What’s New

This release includes the fix for the following issue:

An authentication bypass issue (CVE-2021-22496).

Special thanks to Tom de Haas of Utrecht University for responsibly disclosing this vulnerability.

2.0 Verifying Version Numbers Before Upgrading to 4.5.3.3

Before upgrading, click Troubleshooting > Version in Administration Console, and ensure that the version of Access Manager is 4.5.3.2.

3.0 Upgrading to Access Manager 4.5.3.3

IMPORTANT:In a cluster setup, ensure that you install the patch on each node of the Access Manager setup.

3.1 Downloading the Patch

The patch helps in upgrading to the latest Access Manager with ease.

If you have multiple components installed on the same system, the patch installation process takes care of updating all the binaries of these components. For example, if you have both Identity Server and Administration Console installed on a system, installing the patch takes care of updating the binaries of Identity Server and Administration Console.

NOTE:This patch update is not required for Analytics Server.

IMPORTANT:Ensure that you are currently on Access Manager 4.5.3.2 before upgrading to Access Manager 4.5.3.3.

You need to procure the license key from the Software License and Download portal to register to the 4.5.3 Patch 3 channel. For information about how to download the product from this portal, watch the following video:

3.2 Upgrading to Access Manager 4.5.3.3 on Linux

You can upgrade to Access Manager 4.5.3.3 by using the proceeding steps. This requires few manual interventions to continue the upgrade process. If you do not require any manual intervention while upgrading to the patch, see Silent Patch Upgrade on Linux.

  1. Extract the patch file by using the unzip AM_4533.zip command.

    After extraction, the following files and folders are created in the AM_4533 folder:

    Table 1 Files and folders created in the AM_4533 folder after extracting the patch installer ZIP file

    File/Folder Name

    Description

    rpm

    Contains rpm files for the patch to run on a Linux server.

    installPtool.sh

    Script to install the patch and the patch tool on a Linux server.

    installPatch.sh

    Script to install the patch tool and the updated binaries on a Linux server.

  2. Log in as the root user.

  3. (Conditional) To automate the patch installation, perform the steps mentioned in Silent Patch Upgrade on Linux, else continue with Step 4.

  4. Go to the location where you have extracted the patch files.

  5. Run the installPatch.sh command.

    This command installs the patch and the bundled binaries.

    NOTE:To manage the Access Manager patch file, refer to Managing the Patch.

If the patch is already installed, the installer exits with a message.

3.3 Silent Patch Upgrade on Linux

Perform the following steps to automate the installation of the patch:

  1. Go to /opt/novell/nam/patching/bin/ and add the following in the patch file:

    -Dcom.netiq.nam.patching.enableautomation=true

    This updates the patch file as following:

    /opt/novell/java/bin/java -cp ../lib/*: \
    -Dcom.netiq.nam.patching.enableautomation=true -Djava.util.logging.config.file=logging.properties com.netiq.nam.patching.PatchInstaller $@
  2. Run the following command at /opt/novell/nam/patching/bin/:

    ./patch -i /<path where you extracted the patch>/AM_4533/AM_4533-05.patch

3.4 Managing the Patch

  1. After the patch is installed, go to the following folder:

    /opt/novell/nam/patching/bin

  2. Use the following options to manage the Access Manager patch file:

Option

Description

Command on Linux server

-qa

Lists all installed patches.

patch -qa

-q

Lists details of an installed patch.

patch –q

Example: patch –q P3-05

-i

Installs a patch. During the installation of a patch, all running services are stopped temporarily. After a patch is installed, all services are restarted and details of the operation are written to log files.

patch –i <location and patch name>

Example: patch –i /opt/novell/nam/Patches/AM_4533/AM_4533-05.patch

-e

Removes an installed patch. The patch maintains a content relationship among patches. So, if you have installed patch 1 and patch 2, patch 1 cannot be removed without removing patch 2. This is because patch 2 contains details of patch 1 as well.During the patch process, all the running services are stopped temporarily.

patch –e <patch name>

Example: patch –e HF3-05

-qpl

Lists details of a patch that is not installed. If you want to view the changes that are included in the patch file without installing it on your server, use this option

patch –qpl <location and patch name>

Example: patch –qpl /opt/novell/nam/Patches/AM_4533/ AM_4533-05.patch

-v

Verifies integrity of a patch.

patch –v <location and patch name>

Example: patch –v /opt/novell/nam/Patches/AM_4533/ AM_4533-05.patch

-t

Verifies if services can be restored by the installer. Use this option to stop/start all services after the installation of patch.

patch –t <location and patch name>

Example: patch –t /opt/novell/nam/Patches/AM_4533/ AM_4533-05.patch

4.0 Verifying Version Numbers After Upgrading to 4.5.3.3

After upgrading to Access Manager 4.5.3.3, verify the version numbers of Administration Console, Identity Server, and Access Gateway. To verify the version numbers, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version fields display as follows:

Component

Version

Administration Console

4.5.3.3-05

Identity Server

4.5.3.3-05

Access Gateway

4.5.3.3-05

5.0 Known Issues

There are no known issues at this time.

Micro Focus strives to ensure that our products provide quality solutions for your enterprise software needs. If you need assistance with any issue, visit Micro Focus Support, then select the appropriate product category.

6.0 Contacting Micro Focus

For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.

Additional technical information or advice is available from several sources:

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2021 NetIQ Corporation, a Micro Focus company. All Rights Reserved.