NetIQ Access Manager 4.0 SP1 Administration Console Guide

  NetIQ Access Manager 4.0 SP1 Administration Console Guide

    Administration Console

      Security Considerations

      Configuring the Administration Console

      Multiple Administrators, Multiple Sessions

      Managing Policy View Administrators

      Managing Delegated Administrators

      Enabling Auditing

      Global Settings

    Backing Up and Restoring

      How The Backup and Restore Process Works

      Backing Up the Access Manager Configuration

      Restoring the Administration Console Configuration

      Restoring an Identity Server

      Restoring an Access Gateway

      Running the Diagnostic Configuration Export Utility

    Security and Certificate Management

      Understanding How Access Manager Uses Certificates

      Creating Certificates

      Managing Certificates and Keystores

      Managing Trusted Roots and Trust Stores

      Viewing External Trusted Roots

      Security Considerations for Certificates

      Assigning Certificates to Access Manager Devices

    Monitoring Access Manager By Using Simple Network Management Protocol

      SNMP Architecture in Access Manager

      Features of Monitoring in Access Manager

      Using the Default MIB File with External SNMP Systems

      Querying For SNMP Attributes

      Installing and Enabling Monitoring for Access Manager Components

    Access Manager Logging

      Understanding the Types of Logging

      Downloading the Log Files

      Using the Log Files for Troubleshooting

    Changing the IP Address of Access Manager Devices

      Changing the IP Address of the Administration Console

      Changing the IP Address of an Identity Server

      Changing the IP Address of the Access Gateway Appliance

      Changing the IP Address of the Access Gateway Service

      Changing the IP Address of the Audit Server

    Code Promotion

      How Code Promotion Helps?

      Use Cases

      Code Promotion Mechanism

      Sequence of Promoting the Configuration Data

      Prerequisites

      Limitations

      Exporting the Configuration Data by Using Code Promotion

      Importing the Configuration Data by Using Code Promotion

      Exporting the Access Gateway Configuration Data

      Importing the Access Gateway Configuration Data

      Troubleshooting

    Troubleshooting the Administration Console

      Global Troubleshooting Options

      Stopping Tomcat on Windows

      Logging

      Event Codes

      Restoring a Failed Secondary Console

      Moving the Primary Administration Console to New Hardware

      Converting a Secondary Administration Console into a Primary Console

      Repairing the Configuration Datastore

      Session Conflicts

      Unable to Log In to the Administration Console

      (Linux) Exception Processing IdentityService_ServerPage.JSP

      Backup and Restore Failure Because of Special Characters in Passwords

      Unable to Install NMAS SAML Method

      Incorrect Audit Configuration

      Unable to Update the Access gateway Listening IP Address in the Administration Console Reverse Proxy

      During Access Gateway Installation Any Error Message Should Not Display Successful Status

      Incorrect Health Is Reported on the Access Gateway

      Importing the 3.1 SP4 Access Gateway by Changing the Device IP Address on the Existing Configuration Is Not Supported

      Upgraded eDirectory Version Is Not Displayed On The Administration Console

      The Administration Console Does Not Start After Restore

      The Identity Server and Administration Console Upgrade Fails

      Administration Console Does Not Refresh the Command Status Automatically

      Error while Downloading Logs through the Administration Console on Windows

      SSL Communication Fails

      Error: Tomcat did not stop in time. PID file was not removed

      SAML Affiliate Object Creation Fails While Configuring the eDirectory User Store With the Install NMAS SAML Method Enabled

      Upgrading the Secondary Administration Console Fails with an Error

      View Objects Do Not Function Properly in Internet Explorer 10 Default Mode

      Audit Certificate Validation Fails on Windows

      The Administration Console Upgrade Hangs While Upgrading Access Manager 3.2 to Access Manager 4.0

    Troubleshooting Certificate Issues

      Resolving Certificate Import Issues

      Mutual SSL with X.509 Produces Untrusted Chain Messages

      Certificate Command Failure

      Cannot Log In with Certificate Error Messages

      When a User Accesses a Resource, the Browser Displays Certificate Errors

      Canceling Certificates Modification Results in Errors

      A Device Reports Certificate Errors

      Issue while Adding the Access Gateway in a Cluster

      Renewing the expired eDirectory certificates

    Certificates Terminology

    Troubleshooting XML Validation Errors on the Access Gateway Appliance

      Modifying a Configuration That References a Removed Object

      Configuration UI Writes Incorrect Information to the Local Configuration Store

    Access Manager Audit Events and Data

      NIDS: Sent a Federate Request (002e0001)

      NIDS: Received a Federate Request (002e0002)

      NIDS: Sent a Defederate Request (002e0003)

      NIDS: Received a Defederate Request (002e0004)

      NIDS: Sent a Register Name Request (002e0005)

      NIDS: Received a Register Name Request (002e0006)

      NIDS: Logged Out an Authentication that Was Provided to a Remote Consumer (002e0007)

      NIDS: Logged out a Local Authentication (002e0008)

      NIDS: Provided an Authentication to a Remote Consumer (002e0009)

      NIDS: User Session Was Authenticated (002e000a)

      NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b)

      NIDS: User Session Authentication Failed (002e000c)

      NIDS: Received an Attribute Query Request (002e000d)

      NIDS: User Account Provisioned (002e000e)

      NIDS: Failed to Provision a User Account (002e000f)

      NIDS: Web Service Query (002e0010)

      NIDS: Web Service Modify (002e0011)

      NIDS: Connection to User Store Replica Lost (002e0012)

      NIDS: Connection to User Store Replica Reestablished (002e0013)

      NIDS: Server Started (002e0014)

      NIDS: Server Stopped (002e0015)

      NIDS: Server Refreshed (002e0016)

      NIDS: Intruder Lockout (002e0017)

      NIDS: Severe Component Log Entry (002e0018)

      NIDS: Warning Component Log Entry (002e0019)

      NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider as Identity Provider and Service Provider Are not in Same Group (002E001A)

      NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider Because a Policy Evaluated to Deny (002E001B)

      NIDS: Brokered an Authentication from Identity Provider to Service Provider (002E001C)

      NIDS: Roles PEP Configured (002e0300)

      Access Gateway: PEP Configured (002e0301)

      J2EE Agent: Web Service Authorization PEP Configured (002e0305)

      J2EE Agent: JACC Authorization PEP Configured (002e0306)

      Roles Assignment Policy Evaluation (002e0320)

      Access Gateway: Authorization Policy Evaluation (002e0321)

      Access Gateway: Form Fill Policy Evaluation (002e0322)

      Access Gateway: Identity Injection Policy Evaluation (002e0323)

      J2EE Agent: Web Service Authorization Policy Evaluation (002e0324)

      J2EE Agent: Web Service SSL Required Policy Evaluation (002e0325)

      J2EE Agent: Startup (002e0401)

      J2EE Agent: Shutdown (002e0402)

      J2EE Agent: Reconfigure (002e0403)

      J2EE Agent: Authentication Successful (002e0404)

      J2EE Agent: Authentication Failed (002e0405)

      J2EE Agent: Web Resource Access Allowed (002e0406)

      J2EE Agent: Clear Text Access Allowed (002e0407)

      J2EE Agent: Clear Text Access Denied (002e0408)

      J2EE Agent: Web Resource Access Denied (002e0409)

      J2EE Agent: EJB Access Allowed (002e040a)

      J2EE Agent: EJB Access Denied (002e040b)

      Access Gateway: Access Denied (0x002e0505)

      Access Gateway: URL Not Found (0x002e0508)

      Access Gateway: System Started (0x002e0509)

      Access Gateway: System Shutdown (0x002e050a)

      Access Gateway: Identity Injection Parameters (0x002e050c)

      Access Gateway: Identity Injection Failed (0x002e050d)

      Access Gateway: Form Fill Authentication (0x002e050e)

      Access Gateway: Form Fill Authentication Failed (0x002e050f)

      Access Gateway: URL Accessed (0x002e0512)

      Access Gateway: IP Access Attempted (0x002e0513)

      Access Gateway: Webserver Down (0x002e0515)

      Access Gateway: All WebServers for a Service is Down (0x002e0516)

      Management Communication Channel: Health Change (0x002e0601)

      Management Communication Channel: Device Imported (0x002e0602)

      Management Communication Channel: Device Deleted (0x002e0603)

      Management Communication Channel: Device Configuration Changed (0x002e0604)

      Management Communication Channel: Device Alert (0x002e0605)

      SSL VPN: Common Logs (002e0701)

      SSL VPN: Extended Logs (002e0702)

      SSL VPN: Servlet Status (002e0706)

      SSL VPN: Servlet Connection Added (002e0707)

      SSL VPN: Servlet Connection Failed (002e0708)

      SSL VPN: Servlet Connection Removed (002e0709)

      SSL VPN: Cluster Node Status (002e070A)

      SSL VPN: Servlet New Session Created (002e070B)

      SSL VPN: Servlet Session Replicated (002e070C)

      SSL VPN: Servlet Session Removed (002e070D)

      SSL VPN: Servlet State Transfer Started (002e0710)

      SSL VPN: Servlet State Transfer Completed (002e0711)

      SSL VPN: Servlet Cluster Node Is Down (002e0712)

      SSL VPN: Servlet Cluster Node Is Restarted (002e0713)

      SSL VPN: Servlet Cluster Error with Reason (002e0714)

      SSL VPN: Servlet Service Provider Authenticated User (002e0715)

      SSL VPN: Servlet New Authenticated Connection Received (002e0716)

      SSL VPN: Servlet Service Provider Re-authenticated User (002e0717)

    Legal Notice