Access Manager 4.5 Service Pack 3 Release Notes

August 2020

Access Manager 4.5 Service Pack 3 (4.5.3) includes enhancements, improves usability, and resolves several previous issues.

Many of these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Access Manager forum on our community website that also includes product notifications, blogs, and product user groups.

For information about the previous release, see Access Manager 4.5 Service Pack 2 Hotfix 1 Release Notes.

For more information about this release and for the latest release notes, see the Documentation page. To download this product, see the Product page.

If you have suggestions for documentation improvements, click comment on this topic at the bottom of the specific page in the HTML version of the documentation posted at the Documentation page.

For information about Access Manager support lifecycle, see the Product Support Lifecycle page.

1.0 What’s New?

This release provides the following enhancements and fixes:

1.1 Enhancements

This release includes the following enhancements:

Support for Behavioral Analytics Using Micro Focus Interset

To enable detection of an unknown threat or anomalies, Access Manager integrates with Interset and leverages its User and Entity Behavioral Analytics (UEBA) capability.

Using the organization's data, Interset establishes the normal behavior for the organizational entities and then, using advanced analytics and machine learning, identifies the anomalous behaviors that constitute potential risks such as compromised accounts, insider threats, or other unknown cyber threats.

For more information, see Enabling Behavioral Analytics Using Micro Focus Interset.

Enhanced Identity Server to Meet the OASIS Specification for SAML 2.0

This release updates Identity Server to meet the OASIS SAML 2.0 Specification. With this update, SAML authentication requests must be digitally signed by the SAML service provider if the AssertionConsumerServiceURL attribute is different than what is specified in the SAML service provider’s metadata.

NOTE:Certain existing SAML federations might stop working if the SAML authentication requests are not signed.

Support for Registering Mobile Devices Using a QR Code

This release introduces the MobileAccess 2 app. Using this app, you can now register your devices using a QR code. For more information, see Registering Users Mobile Devices in the Access Manager 4.5 Administration Guide and MobileAccess Quick Start.

Support for Using a Different LDAP Attribute During Second-Factor Authentication

When using Advanced Authentication with Access Manager, you can use the following two optional properties for authentication methods:



Use these options when you want to use a different LDAP attribute instead of the username for user authentication, such as email ID attribute instead of the username.

For more information about these options, see NetIQ Advanced Authentication in the Access Manager 4.5 Administration Guide.

Support for Using the login_hint Parameter During Multi-Factor Authentication

This release adds support for auto-filling the username in multi-factor authentication if the user has already provided the username using the login_hint parameter.

For more information about this option, see NetIQ Advanced Authentication in the Access Manager 4.5 Administration Guide.

1.2 Operating System Upgrade

In addition to the existing supported platforms, this release adds support for RHEL 7.8.

NOTE:For more information about system requirements, see NetIQ Access Manager System Requirements.

1.3 Updates for Dependent Components

This release adds support for the following software:

  • Apache http version 2.4.43

  • Tomcat 8.5.57

  • JRE 1.8.252

  • Open JDK 1.8 Update 252

1.4 Software Fixes

This release includes the following software fixes:


Bug ID




Importing SAML metadata text using Administration Console (SAML2 > Create Service) through text option corrupts the posted metadata.xml file.



When a client application uses the Authorization Code flow and sends the access token to the userinfo endpoint, the attribute type of the query result is not consistent. If the attribute contains a single value, it is sent as a string, and if it contains multiple values, it is sent as an array.

NOTE:While this fixes the inconsistent handling of OAuth attributes, certain OAuth applications might stop working.



When an unauthenticated user tries to access /nidp/oauth/nam/callback, the browser displays an HTTP 302 error and redirects the user to a blank page.



When a SAML 2.0 external contract is used for authentication, the id_token request displays NullPointerException error.



The target parameters of an OAuth request get truncated while executing the post-authentication method.



Identity Server logout cookies do not get cleared during SLO (single logout) request.



After upgrading Access Manager from 4.5 Service Pack 1 to 4.5 Service Pack 2, SAMLAuthnReq fails with the following error:

Unable to complete request at this time. ACS Index and the ProtocolBinding attributes are mutually exclusive as per the SAML2 specification

Rule Based Authentication


Risk-based authentication Time of Login rule fails if you provide a combination of weekday and weekend time range.



Configuring ms-DS-ConsistencyGuid as immutable ID for Office 365 fails as Access Manager is unable to fetch the correct value from Active Directory.



Configuring objectSid as immutable ID for Office 365 fails as Identity Server sends unreadable values.

2.0 Installing or Upgrading

After purchasing Access Manager 4.5.3, you can access the product in the Customer Center. The activation code is in the Customer Center where you download the software. For more information, see Customer Center Frequently Asked Questions.

To access a full version of Access Manager:

  1. Log in to the Customer Center.

  2. Click Software.

  3. On the Entitled Software tab, click the appropriate version of Access Manager for your environment to download the product.

The following files are available:

Table 1 Files Available for Access Manager 4.5.3




Contains Identity Server and Administration Console .tar file for Linux.

Contains Identity Server and Administration Console .exe file for Windows Server.


Contains Access Gateway Appliance OVF template.


Contains Access Gateway Appliance .tar file.

Contains Access Gateway Service .exe file for Windows Server.


Contains Access Gateway Service .tar file for Linux.

NOTE:This release does not support installation or upgrade of Analytics Server. For a fresh installation of Analytics Server, use AM_443_AnalyticsServerAppliance.iso file, then upgrade Analytics Server to 4.4 SP3 version by using AM_443_AnalyticsServerAppliance.tar.gz file. If you are already using a previous version of Analytics Server, then upgrade to Analytics Server 4.4 SP3. For more information about installing Analytics Server, see Installing Analytics Server in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.

3.0 Additions to Documentation

The following topics have been added to the documentation:

4.0 Verifying Version Number after Upgrading to 4.5.3

After upgrading to Access Manager 4.5.3, verify that the version number of the component is indicated as To verify the version number, perform the following steps:

  1. In Administration Console Dashboard, click Troubleshooting > Version.

  2. Verify that the Version field lists

5.0 Supported Upgrade Paths

To upgrade to Access Manager 4.5.3, you need to be on one of the following versions of Access Manager:

  • 4.4 Service Pack 4 Hotfix 3

  • 4.5 Service Pack 1 Hotfix 1

  • 4.5 Service Pack 2 Hotfix 1

  • 4.5 Service Pack 2

IMPORTANT:If you are using SQL database with the existing Risk-Based Authentication (RBA) data and you are upgrading to Access Manager 4.5.3, you must run a utility to de-normalize the database. This is to ensure that your existing RBA data does not become irrelevant. For more information about this utility and how to run it, see Denormalizing SQL Database in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.

For more information about upgrading Access Manager, see Upgrading Access Manager in the NetIQ Access Manager 4.5 Installation and Upgrade Guide.

6.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in Access Manager 4.5 Service Pack 2 Hotfix 1 Release Notes. If you need further assistance with any issue, please contact Technical Support.

7.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

8.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see

Copyright © 2019 NetIQ Corporation. All Rights Reserved.