Access Manager |
Version 3.2 Service Pack 1 IR1a |
Release Notes |
Date Published:February 2013 |
|
Installing or Upgrading the Product
|
You can post feedback in the Access Manager forum. For TIDs and Cool Solutions articles, go to Access Manager Support forum and select Access Manager for the Product and Articles / Tips in the Advanced Search options. For more information about this release and for the latest release notes, see the Access Manager Documentation Web site. To download this product, see the Access Manager Product Web site. For the list of software fixes and enhancements in the previous release, see 3.2 SP1 Readme. What's New?The following outline the key features and functions provided by this version, as well as issues resolved in this release:
Non-Redirected LoginYou can now configure Non-Redirected Login with a Kerberos contract. For more information on configuring, see Assigning an Authorization Policy to a Protected Resource. Changes in the nidpconfig. properties FileYou can now enable or disable the following SAML tags using the
Using the Patch Tool to Upgrade Access Manager PatchesThe Patch Tool helps you upgrade to the latest Access Manager patches with ease. Instead of
downloading Software Fixes for the Administration ConsoleThis release includes software fixes that resolve several previous issues in the Administration Console.
Error Acknowledging Alerts in the Administration ConsoleWhen you acknowledge alerts in the Administration Console an error occurs. (Bug 788364) Shared Secret Encryption Password Hash Key is DisplayedShared secret encryption password hash key is displayed. (Bug 791586) Software Fixes for Identity ServerThis release includes software fixes that resolve several previous issues in the Identity Server.
The Identity Server Is Not Updated with Session Details of the Access Gateway ApplianceWhen the Identity Server is not updated with the user session details of Access Gateway Appliance, the Identity Server times out. (Bug 772975) Issues with Form Fill Policy when Using Internet ExplorerWhen Form Fill is enabled, the Access Gateway posts only a subset of data that it receives from the browser to the back-end Web server. This issue occurs only in Internet Explorer browser. (Bug 784612) Identity Server Custom Class Fails During UpgradeWhen you upgrade the Identity Server, Custom Class fails. It does not display any information about the error. (Bug 784251) Redirection Fails during Form Fill
Configuring Identity Provider with Another Service Provider Leads to Authentication FailureYou can now configure the Identity Server to be an identity provider with another service provider. Authentication failures no longer occur when the target is not a standard URL, such as name=value. (Bug 781812) Subsequent Authentication Requests Fail After Accessing the Intersite URLYou can now access the Intersite Transfer URL without authentication failure. This is because an unique Assertion ID is generated for each request. (Bug 784876) Software Fixes for Access GatewayThis release includes software fixes that resolve several previous issues in the Access Gateway Appliance and Access Gateway Service.
Issues with Access Gateway Extended LoggingWhen you enable extended logging the following issues occurr: (Bugs 783159, 783160, 783163, 783161)
Specifying Non-Standard HTTP Port for Web Server Leads to Duplication of Port NumberIf the Web server is listening on a non-standard HTTP port, the referer header duplicates the port number. (Bug 785500) Failures Occur While Logging out of Identity ServerWhen you apply changes to the Access Gateway, logging out of Identity server fails. When you request access to a protected resource after logging out of Access Gateway, you will be prompted to log in again. (Bug 788152) Looping Issues when Auto Submit is Enabled in the Form Fill PolicyEnabling Auto Submit for Form Fill policies does not cause infinite loop issues. For more information, see TID 7011787. (Bug 801835) Exception in the Error Log and Issue with Email Alerts in the Access GatewayAn exception reported in the Installing or Upgrading the Access ManagerTo install Access Manager 3.2 Service Pack IR1a, log in to the Customer Centre and follow the link that allows you to download the software.
To upgrade to Access Manager 3.2 Service Pack IR1a, download the Verifying Version NumbersNetIQ recommends that you verify the version number of existing Access Manager components before you upgrade or migrate to this version. This ensures that you have the correct version of files on your system. Verifying Version Number Before Upgrading to 3.2 Service Pack 1 IR1a
Verifying Version Number After Upgrading to 3.2 Service Pack 1 IR1a
Known Issues in this ReleaseNetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue with Attribute MappingYou cannot edit or view an existing Attribute Mapping from the Administration Console. (Bug 789663)
Issue Displaying LogoutSuccess PageIssue displaying the LogoutSuccess page when you access AGLogout with a third-party SAML 2.0 service provider (SAML 2.0 SP). SAML 2.0 SP supports only front channel logout. (Bug 792560) Issue When LDAP User Store Stops UnexpectedlyThe Identity server and the Administration Console do not respond when the LDAP user store stops unexpectedly. (Bug 792738) Issue with RADIUS AuthenticationYou cannot configure RADIUS authentication class to validate token before the LDAP password verification is complete. (Bug 794495) Issue with Load BalancerThe load balancer continues to send browser requests even though the Identity server is in a non-responding state. (Bug 797770) Issue with TCP Connect OptionsWhen you set the value of TCP Connect Options to more than 1440 seconds, the configuration update for Access Gateway fails. (Bug 796078) Issue Configuring PortYou cannot append a port number in the Web Server Host Name field in the Access Gateway. (Bug 787378) Issue with Health CheckThe Access Gateway health check fails to check status of some of the back-end Web servers when they are not reachable. (Bug 794482) Issue with User AuthenticationIf LDAP userstore takes more than 15 seconds for a bind request, the Identity server fails to authenticate user. (Bug 796554)
Issue with User Provisioning
|
Issue: |
When you create a user in the Access Manager user store but do not provision the user in Office 365, Office 365 denies access to the user. (Bug 791036) |
Workaround: |
Clear the cookies in the browser or log out of the Identity server before signing in to Office 365 with different credentials. |
When you log out of Office 365 and the browser redirects to the Identity server portal, you are still connected to the Identity server. (Bug 791038
In Microsoft Windows, the Access Gateway does not create extended logs for reverse proxy requests configured for extended logging. (Bug 797559)
Service interruption occurs when the administrator makes any configuration changes on the Access Gateway Service while the users are logged in. (Bug 778475)
This version also includes enhancements added in Access Manager 3.2 Service Pack 1. For more information, see the release notes for Access Manager 3.2 Service Pack 1.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
Access Manager, ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Cloud Manager, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PlateSpin, PlateSpin Recon, Privileged User Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its affiliates in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
EXCEPT AS MAY BE EXPLICITLY SET FORTH IN THE APPLICABLE END USER LICENSE AGREEMENT, NOTHING HEREIN SHALL CONSTITUTE A WARRANTY AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE EXPRESSLY DISCLAIMED BY NETIQ, ITS SUPPLIERS AND LICENSORS.