Access Manager 4.5 Service Pack 2 (4.5.2) includes enhancements, improves usability, and resolves several previous issues.
Many of these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Access Manager forum on our community website that also includes product notifications, blogs, and product user groups.
For information about the previous release, see Access Manager 4.5 Service Pack 1 Hotfix 1 Release Notes.
For more information about this release and for the latest release notes, see the Documentation page. To download this product, see the Product page.
If you have suggestions for documentation improvements, click comment on this topic at the bottom of the specific page in the HTML version of the documentation posted at the Documentation page.
For information about Access Manager support lifecycle, see the Product Support Lifecycle page.
This release provides the following enhancements and fixes:
This release includes the following enhancements:
Access Manager now provides the LDAP Groups and Authorizations page when configuring a SAML2/Account Management application. Using this page, you can map authorizations returned by a SaaS application (for example, O365), such as licenses, service plans, roles, and groups to the local LDAP groups in the Access Manager user stores.
To use this feature, you must have SaaS Account Management (SAM) registered with Access Manager. While provisioning qualified users from the LDAP user stores to a SaaS application, SAM creates these users with the authorizations as mapped in the LDAP Groups and Authorizations page.
For more information about SAML2/Account Management applications, see SAML/Account Management Connectors
in the Access Manager 4.5 Applications Configuration Guide.
Access Manager now supports the multi-tenancy feature of Advanced Authentication. Instead of using only the default tenant (TOP), you can now use any tenant configured in the Advanced Authentication server. For more information about the new multi-tenancy option, see Configuring Advanced Authentication Server
in the Access Manager 4.5 Administration Guide.
Access Manager introduces a new UI option, Perform Revocation Check After. When you use a user store as an LDAP load balancer, which has a read-only and write-only replica, token verification can fail if there is any delay in the data synchronization of the user store LDAP replicas. Using this new option, you can delay the initial token revocation check. For more information about the new option, see Configuring OAuth and OpenID Connect
in the Access Manager 4.5 Administration Guide.
Access Manager now offers an option to choose the format you want to send the audit events. You can send these events to multiple audit servers in either CSV or JSON format. For more information about the new option, see Setting Up Logging Server and Console Events
in the Access Manager 4.5 Administration Guide.
Access Manager now allows configuration of the c3p0 connection pool libraries to enhance performance and scalability. For more information about c3p0 connection pool libraries and how to configure it, see Enhancing the Access Manager Performance Using Database Utility
in the Access Manager 4.5 Administration Guide.
In addition to the existing supported platforms, this release adds support for SLES 12 SP5.
NOTE:For more information about system requirements, see NetIQ Access Manager System Requirements.
This release adds support for Tomcat 8.5.51 (CVE-2020-1938).
Upgrading to this version adds a secret required attribute to the Apache JServ Protocol (AJP) Connector. You might need to specify this attribute in server.xml file. For more information, see Changes Required in server.xml for Apache Tomcat 8.5.51 after Upgrading to Access Manager 4.5 Service Pack 2 in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.
This release includes the following software fixes:
|
Component |
Bug ID |
Issue |
|---|---|---|
|
Administration Console |
1089317 |
Any change made in the auditing page updates the server IP address and port in both auditlogging.cfg and nam.conf files instead of logging the information only in the nam.conf file. |
|
OAuth 2.0 |
1148869 |
Changed the format of the acr claim value of the ID Token from array to string, as per the OpenID Connect Core 1.0 specification. |
|
OAuth 2.0 |
1129521 |
Accessing a resource protected using OAuth gives an error because Active Directory Lightweight Directory Services does not have the userAccountControl attribute. |
|
OAuth 2.0 |
1165233 |
The n (Modulus) parameter of the RSA public key contains an extra zero-valued octet in the JSON Web Key Set. The cryptographic library prefixes this additional octet. |
|
SAML 2.0 |
1155505 |
Desktop email client configuration with POP3, IMAP, MAPI, and ActiveSync fails if the Office 365 SAML service provider is configured with the default metadata. |
|
Advanced Authentication Integration |
1155906 |
While using the Advanced Authentication Generic class, users gain access to a protected resource without performing the second-factor authentication. |
|
Identity Server |
1137700 |
Authentication takes longer if you enable the device fingerprinting feature. The row-lock of the database hangs when Identity Server is under load, causing this issue. |
|
User Stores |
1134145 |
Social Authentication fails when write and read attributes of LDAP requests go to a different user store replica. |
After purchasing Access Manager 4.5.2, you can access the product in the Customer Center. The activation code is in the Customer Center where you download the software. For more information, see Customer Center Frequently Asked Questions.
Log in to the Customer Center.
Click Software.
On the Entitled Software tab, click the appropriate version of Access Manager for your environment to download the product.
The following files are available:
Table 1 Files Available for Access Manager 4.5.2
|
Filename |
Description |
|---|---|
|
AM_452_AccessManagerService_Linux64.tar.gz |
Contains Identity Server and Administration Console .tar file for Linux. |
|
AM_452_AccessManagerService_Win64.zip |
Contains Identity Server and Administration Console .exe file for Windows Server. |
|
AM_452_AccessGatewayAppliance_OVF.tar.gz |
Contains Access Gateway Appliance OVF template. |
|
AM_452_AccessGatewayAppliance.tar.gz |
Contains Access Gateway Appliance .tar file. |
|
AM_452_AccessGatewayService_Win64.zip |
Contains Access Gateway Service .exe file for Windows Server. |
|
AM_452_AccessGatewayService_Linux64.tar.gz |
Contains Access Gateway Service .tar file for Linux. |
NOTE:This release does not support installation or upgrade of Analytics Server. For a fresh installation of Analytics Server, use AM_442_AnalyticsServerAppliance.iso file, then upgrade Analytics Server to 4.4 SP3 version by using AM_443_AnalyticsServerAppliance.tar.gz file. If you are already using a previous version of Analytics Server, then upgrade to Analytics Server 4.4 SP3. For more information about installing Analytics Server, see Installing Analytics Server
in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.
For information about the upgrade paths, see Supported Upgrade Paths. For more information about installing and upgrading, see the NetIQ Access Manager 4.5 Installation and Upgrade Guide.
After upgrading to Access Manager 4.5.2, verify that the version number of the component is indicated as 4.5.2.0-125. To verify the version number, perform the following steps:
In Administration Console Dashboard, click Troubleshooting > Version.
Verify that the Version field lists 4.5.2.0-125.
To upgrade to Access Manager 4.5.2, you need to be on one of the following versions of Access Manager:
4.4 Service Pack 4
4.4 Service Pack 4 Hotfix 1 (Not applicable for Windows)
4.4 Service Pack 4 Hotfix 2
4.5
4.5 Hotfix 1 (Not applicable for Windows)
4.5 Service Pack 1
4.5 Service Pack 1 Hotfix 1
IMPORTANT:If you are using SQL database with the existing Risk-Based Authentication (RBA) data and you are upgrading to Access Manager 4.5.2, you must run a utility to de-normalize the database. This is to ensure that your existing RBA data does not become irrelevant. For more information about this utility and how to run it, see Denormalizing SQL Database
in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.
For more information about upgrading Access Manager, see Upgrading Access Manager
in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: When you click Product Upgrade, you get a message that Access Gateway Appliance will be upgraded to the 4.5.2 version. However, selecting the upgrade option updates only the base Operating System and CAF. It does not update Access Gateway Appliance to the latest version. You can upgrade Access Gateway Appliance to the latest version as you usually do. See Upgrading Access Gateway Appliance.
Workaround: Ignore the message.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2020 NetIQ Corporation. All Rights Reserved.