Version 3.2 Service Pack 1
Date Published:October, 2012
This release of Access Manager 3.2 SP1 includes enhancements and resolves several previous issues. The fixes included in this release supercede the fixes included in the 3.2 IR1 release. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.
You can post feedback in the Access Manager forum. For TIDs and Cool Solutions articles, go to Access Manager Support forum and select Access Manager for the Product and Articles / Tips in the Advanced Search options.
For the list of software fixes and enhancements in the previous release, see 3.2 IR1 Readme.
The following outline the key enhancements provided by this version, as well as issues resolved in this release:
Operating System Support
This Service Pack adds support for the following platforms, in addition to the platforms introduced in the 3.2 release:
This release updates the following components:
You can use your existing LDAP credentials for single sign-on access to the Office 365 services. Single sign-on access is achieved by implementing federated authentication through SAML 2.0 where Access Manager acts as an identity provider and Office 365 acts as a service provider. For more information on configuring single sign-on with Office 365, see Additional Resources.
Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Administration Console.
Anonymous Simple Bind is Enabled by Default
The Administration Console Restore Script Does Not Restore a Renamed File
Error Installing the Audit Server on a 64-bit Platform
Administration Console Fails to Renew eDirectory Certificate on a Secondary Server
Administration Console Creates Many LDAP Connections to the eDirectory
Enhancements and Software Fixes - Identity Server
Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Identity Server.
An LDAP Search With Special Characters in User Distinguished Name Fails
Vulnerability Issue for Cross-Site Scripting in the Identity Server
ESP Considers Xms Value for Connection Throttle Calculations
Kerberos Does Not Redirect to the Password Management Servlet
User Request to the Identity Servers During the Initialization Process Results in the HTTP Status 500 Error
Enhancements and Software Fixes - Access Gateway Appliance and Access Gateway Service (Fixes common to both Access Gateway Appliance and Access Gateway Service)
Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Access Gateway Appliance and Access Gateway Service.
Session Stickiness to the Back-End Web Server is Not Persistent
Unresponsive Listener on Local Port
The Idle Timeout Setting is Not Updated in the Access Gateway Appliance
Web Server Failover Not Available With the Access Gateway Service
AutoSubmit Displays a Blank Page When the Page Has Multiple Forms
Apache Crashes While Sending Form Filled Policy Request With DumpSoapMessages Option Enabled
Error Code Indicates Incorrect Severity
The Access Gateway Returns an Invalid Location Header
TLS Handshake Error When the Access Gateway Service Performs a Heartbeat Check on a Web Server
The Access Gateway Appliance Passes Health Check After Reaching Low Memory Threshold
The Audit Event Logs Display the IP Address of L4 Switch As the Source IP Address
Access Gateway Stops Responding to Client Requests During Log Rotation
Page Redirection Error While Accessing a Resource
ActiveMQ Web Console Goes Into A Non-Responding State Due to Many Open Files
Access Gateway Service Proxy in Tunnelling Mode Terminates Connections Randomly Under Heavy Load
Empty Authentication Header Variable Causes Application to Crash (HTTP 500 error)
Unexpected Non-Redirected Login Behavior
Non-Redirected Login Is Not Working
Difference in the Content Exchanged Between the Access Gateway Appliance and the Web Server
The Navigation Page of Vibe Not Appearing Intermittently
Accessing a Hyperlink From MS-Office Applications Results in An Error
The Identity Server Is Not Updated With Session Details of the Access Gateway Appliance
Provide a Way to Cache More Than 1 MB
Inconsistent Behaviour of the Upgrade Script Across All Components
302 Redirect Occurs After Updating the Configuration
Error Connecting To the Data Store From the Administration Console
Secret Store Does Not Work When Form Fill Advanced Options Are Enabled
The Access Gateway Does Not Retain a Session After Idle Time Intervals
The Access Gateway Does Not Cache the Identity Injection Policy Attribute Values
Enhancements and Software Fixes - Access Gateway Appliance (Fixes only for Access Gateway Appliance)
Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Access Gateway Appliance.
Missing Access Gateway Appliance Statistical Details
Form Fill Policy with Auto Submit Enabled Fails on Pages That Has Form Tags Inside Java Script
Error Installing Access Gateway Appliance in a Non-English Language
Installing or Upgrading the Purchased Products
After you have purchased Access Manager 3.2 SP1, log in to the Customer Centre and follow the link that allows you to download the software.
The following files are available:
If you have purchased a previous release of Access Manager (3.1.4, 3.1 SP4 IR1, 3.2 or 3.2 IR1) and need to move to 3.2 SP1, download the patch files from Novell Downloads.
Following are the supported upgrade/migration paths for 3.2 SP1:
If you are on Access Manager 3.1 SP4, you can directly upgrade to 3.2 SP1 without moving to 3.2.
If your base platform is SLES 11 SP1 or a Windows 2003 server, you need to migrate whereas if your base platform is Windows 2008, you can directly upgrade to Access Manager 3.2 SP1.
If you are already on Access manager 3.2, you can directly upgrade to 3.2 SP1 using the instructions at Upgrading from Access Manager 3.2 to 3.2 IR1 or 3.2 SP1 in the NetIQ Access Manager 3.2 Installation Guide.
Verifying Version Numbers
It is important to verify the version number of existing Access Manager components before you upgrade or migrate to 3.2 SP1. This ensures that you have the correct version of files on your system.
Verifying Version Number After Upgrading to 3.2 SP1
Known Issues in this Release
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issues With Extended Logging
Issues With Form Fill Policy
Issues with Sharepoint
Script File to Reimport SSL VPN Not Available
Customized Logout Pages Not Available After Upgrade
Alert About Authentication Error After Migration to 3.2 SP1
Configuration Changes on Access Gateway Service Leads to Apache Restart
Target Value of Intersite Transfer URL Contains Non-Standard URL
Only One eDirectory Replica Addresses Admin Connections
Error Rewriting Published DNS Name
not found error is displayed as the Access Gateway Service does not rewrite to a published DNS name if the back-end host name specified within a URL is embedded in a
When you access SSL VPN client in Kiosk mode through an Internet Explorer browser, it shuts down all instances of Windows Explorer on the system. (Bug 781727)
The lcache process (Novell Nsure Audit Platform agent) runs as a root user. However, after failing unexpectedly the process runs as a non root user. (Bug 770037)
For information on resolving this issue, see TID 7010978.
This version also includes enhancements added in Access Manager 3.2 IR1
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2012 NetIQ Corporation and its affiliates. All Rights Reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
Access Manager, ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Cloud Manager, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PlateSpin, PlateSpin Recon, Privileged User Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its affiliates in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
EXCEPT AS MAY BE EXPLICITLY SET FORTH IN THE APPLICABLE END USER LICENSE AGREEMENT, NOTHING HEREIN SHALL CONSTITUTE A WARRANTY AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE EXPRESSLY DISCLAIMED BY NETIQ, ITS SUPPLIERS AND LICENSORS.