Access Manager

Version 3.2 Service Pack 1 IR1a

Release Notes

Date Published:February 2013


This release of Access Manager 3.2 Service Pack 1 IR1a includes enhancements and resolves several issues. The fixes included in this release supercede the fixes included in the 3.2 Service Pack 1 release. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.

You can post feedback in the Access Manager forum. For TIDs and Cool Solutions articles, go to Access Manager Support forum and select Access Manager for the Product and Articles / Tips in the Advanced Search options.

For more information about this release and for the latest release notes, see the Access Manager Documentation Web site. To download this product, see the Access Manager Product Web site.

For the list of software fixes and enhancements in the previous release, see 3.2 SP1 Readme.

What's New?

The following outline the key features and functions provided by this version, as well as issues resolved in this release:

Non-Redirected Login

You can now configure Non-Redirected Login with a Kerberos contract. For more information on configuring, see Assigning an Authorization Policy to a Protected Resource.

Changes in the nidpconfig. properties File

You can now enable or disable the following SAML tags using the file. For more information on these tags, see Enabling and Disabling SAML Tags.


Using the Patch Tool to Upgrade Access Manager Patches

The Patch Tool helps you upgrade to the latest Access Manager patches with ease. Instead of downloading .tar file that contain the entire set of binaries. You can download a .zip file that contains incremental changes in form of a patch file. You can use this patch file to update all your Access Manager components. For more information on the Patch Tool, see Upgrading from Access Manager 3.2 SP1 to 3.2 SP1 IR1a Using the Patch Tool.

Software Fixes for the Administration Console

This release includes software fixes that resolve several previous issues in the Administration Console.

Error Acknowledging Alerts in the Administration Console

When you acknowledge alerts in the Administration Console an error occurs. (Bug 788364)

Shared Secret Encryption Password Hash Key is Displayed

Shared secret encryption password hash key is displayed. (Bug 791586)

Software Fixes for Identity Server

This release includes software fixes that resolve several previous issues in the Identity Server.

The Identity Server Is Not Updated with Session Details of the Access Gateway Appliance

When the Identity Server is not updated with the user session details of Access Gateway Appliance, the Identity Server times out. (Bug 772975)

Issues with Form Fill Policy when Using Internet Explorer

When Form Fill is enabled, the Access Gateway posts only a subset of data that it receives from the browser to the back-end Web server. This issue occurs only in Internet Explorer browser. (Bug 784612)

Identity Server Custom Class Fails During Upgrade

When you upgrade the Identity Server, Custom Class fails. It does not display any information about the error. (Bug 784251)

Redirection Fails during Form Fill


When Form Fill uses the default Java scripts, redirection fails randomly. (Bug 780164)


Location header is now used instead of Java script based redirection. To enable this, use the NAGGlobalOptions onFormFillPolicyRedirUseHttp=on advanced option. For more information about this option, see the Advanced Gateway Service Options in the Access Gateway Guide.

Configuring Identity Provider with Another Service Provider Leads to Authentication Failure

You can now configure the Identity Server to be an identity provider with another service provider. Authentication failures no longer occur when the target is not a standard URL, such as name=value. (Bug 781812)

Subsequent Authentication Requests Fail After Accessing the Intersite URL

You can now access the Intersite Transfer URL without authentication failure. This is because an unique Assertion ID is generated for each request. (Bug 784876)

Software Fixes for Access Gateway

This release includes software fixes that resolve several previous issues in the Access Gateway Appliance and Access Gateway Service.

Issues with Access Gateway Extended Logging

When you enable extended logging the following issues occurr: (Bugs 783159, 783160, 783163, 783161)

  • Strings %t\ and %r\ appear twice in the LogFormat value.
  • Many Log Format options get logged without any information.

Specifying Non-Standard HTTP Port for Web Server Leads to Duplication of Port Number

If the Web server is listening on a non-standard HTTP port, the referer header duplicates the port number. (Bug 785500)

Failures Occur While Logging out of Identity Server

When you apply changes to the Access Gateway, logging out of Identity server fails. When you request access to a protected resource after logging out of Access Gateway, you will be prompted to log in again. (Bug 788152)

Looping Issues when Auto Submit is Enabled in the Form Fill Policy

Enabling Auto Submit for Form Fill policies does not cause infinite loop issues. For more information, see TID 7011787. (Bug 801835)

Exception in the Error Log and Issue with Email Alerts in the Access Gateway

An exception reported in the ags_error.log file is now resolved and there are not issues with email alerts when Alerts are enabled in the Access Gateway. For more information, see TID 7011801. (Bug 802725)

Return to Top

Installing or Upgrading the Access Manager

To install Access Manager 3.2 Service Pack IR1a, log in to the Customer Centre and follow the link that allows you to download the software.

To upgrade to Access Manager 3.2 Service Pack IR1a, download the This file contains the Access Manager Patch Tool and the patch file available under Novell Downloads. To upgrade to this version, you must be using 3.2 Service Pack 1. For more information on upgrading, see Upgrading from Access Manager 3.2 SP1 to 3.2 SP1 IR1a Using the Patch Tool in the NetIQ Access Manager 3.2 Installation Guide.

Return to Top

Verifying Version Numbers

NetIQ recommends that you verify the version number of existing Access Manager components before you upgrade or migrate to this version. This ensures that you have the correct version of files on your system.

Verifying Version Number Before Upgrading to 3.2 Service Pack 1 IR1a

  1. In the Administration Console, click Access Manager > Auditing > Troubleshooting > Version.
  2. Verify that the Version field lists 3.2.1-57 for all 3.2 Service Pack 1 Access Manager components .

Verifying Version Number After Upgrading to 3.2 Service Pack 1 IR1a

  1. In the Administration Console, click Access Manager > Auditing > Troubleshooting > Version.
  2. Verify that the Version field lists 3.2.1-57 + IR1-201 for 3.2 Service Pack 1 IR1a.

Known Issues in this Release

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

  • Issue with Attribute Mapping
  • Issue Displaying LogoutSuccess Page
  • Issues When LDAP User Store Goes Down
  • Issue with RADIUS Authentication
  • Issue with Load Balancer
  • Issue with TCP Connect Options
  • Issue Configuring Port
  • Issue with Health Check
  • Issue with User Authentication
  • Issue with User Provisioning
  • Issue Logging Out of Identity Server
  • Issue with Extended Logging
  • Issue with Apache Restart Causing Service Interruption
  • Issue with Attribute Mapping

    You cannot edit or view an existing Attribute Mapping from the Administration Console. (Bug 789663)

    Issue Displaying LogoutSuccess Page

    Issue displaying the LogoutSuccess page when you access AGLogout with a third-party SAML 2.0 service provider (SAML 2.0 SP). SAML 2.0 SP supports only front channel logout. (Bug 792560)

    Issue When LDAP User Store Stops Unexpectedly

    The Identity server and the Administration Console do not respond when the LDAP user store stops unexpectedly. (Bug 792738)

    Issue with RADIUS Authentication

    You cannot configure RADIUS authentication class to validate token before the LDAP password verification is complete. (Bug 794495)

    Issue with Load Balancer

    The load balancer continues to send browser requests even though the Identity server is in a non-responding state. (Bug 797770)

    Issue with TCP Connect Options

    When you set the value of TCP Connect Options to more than 1440 seconds, the configuration update for Access Gateway fails. (Bug 796078)

    Issue Configuring Port

    You cannot append a port number in the Web Server Host Name field in the Access Gateway. (Bug 787378)

    Issue with Health Check

    The Access Gateway health check fails to check status of some of the back-end Web servers when they are not reachable. (Bug 794482)

    Issue with User Authentication

    If LDAP userstore takes more than 15 seconds for a bind request, the Identity server fails to authenticate user. (Bug 796554)

    Issue with User Provisioning


    When you create a user in the Access Manager user store but do not provision the user in Office 365, Office 365 denies access to the user. (Bug 791036)


    Clear the cookies in the browser or log out of the Identity server before signing in to Office 365 with different credentials.

    Issue Logging Out of Identity Server

    When you log out of Office 365 and the browser redirects to the Identity server portal, you are still connected to the Identity server. (Bug 791038

    Issue with Extended Logging

    In Microsoft Windows, the Access Gateway does not create extended logs for reverse proxy requests configured for extended logging. (Bug 797559)

    Issue with Apache Restart Causing Service Interruption

    Service interruption occurs when the administrator makes any configuration changes on the Access Gateway Service while the users are logged in. (Bug 778475)

    Return to Top

    Previous Releases

    This version also includes enhancements added in Access Manager 3.2 Service Pack 1. For more information, see the release notes for Access Manager 3.2 Service Pack 1.

    Return to Top

    Contact Information

    Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

    For detailed contact information, see the Support Contact Information Web site.

    For general corporate and product information, see the NetIQ Corporate Web site.

    For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

    Return to Top

    Legal Notice

    Return to Top