This Readme describes the NetIQ Access Manager 3.2 release.
For more information about the new features and enhancements added in this release, see What’s New in Access Manager 3.2
in the NetIQ Access Manager 3.2 Installation Guide.
After you have obtained the Access Manager license, log in to the Novell Customer Center, then follow the link that allows you to download the software.
The following files are available:
|
Filename |
|
Description |
|---|---|---|
|
AM_32_AccessManagerService_Linux64.tar.gz |
||
|
Contains the Linux Identity Server, the Linux Administration Console, the ESP-enabled SSL VPN Server, and the Traditional SSL VPN Server. |
|
|
AM_32_AccessManagerService_Win64.exe |
|
|
|
Contains the Windows Identity Server and Windows Administration Console for Windows Server 2008. |
|
|
AM_32_AccessGatewayAppliance_Linux_SLES11_64.iso |
||
|
Contains the upgrade RPMs for SLES 11 version of the Access Gateway Appliance and the Traditional SSL VPN server. |
|
|
AM_32_AccessGatewayAppliance_Linux_SLES11_64.tar.gz |
||
|
Contains the upgrade for the Access Gateway Appliance from evaluation version to full. |
|
|
AM_32_AccessManagerAppliance_Linux_SLES11_64.iso |
||
|
Contains the Access Manager Appliance. |
|
|
AM_32_AccessManagerAppliance_Linux_SLES11_64.tar.gz |
||
|
Contains the upgrade for the Access Manager Appliance from evaluation version to full. |
|
|
AM_32_AccessGatewayService_Win64.exe |
||
|
Contains the Access Gateway Service for Windows Server 2008. |
|
|
AM_32_AccessGatewayService_Linux_64.tar.gz |
||
|
Contains the Access Gateway Service for SLES 11 and RHEL 6.2. |
|
|
AM_32_ApplicationServerAgents_AIX.bin |
||
|
Contains the Agents service for AIX platform. |
|
|
AM_32_ApplicationServerAgents_Linux.bin |
||
|
Contains the Agents service for Linux platform. |
|
|
AM_32_ApplicationServerAgents_Solaris.bin |
||
|
Contains the Agents service for Solaris platform. |
|
|
AM_32_ApplicationServerAgents_Windows.exe |
||
|
Contains the Agents service for Windows platform. |
|
For migration, upgrade, and installation information:
For instructions on upgrading or migrating from 3.1 SP4 to 3.2, see Upgrading Access Manager
in the NetIQ Access Manager 3.2 Upgrade and Migration Guide.
You should first upgrade any Access Manager version prior to 3.1 SP4 to 3.1 SP4. For more information on upgrading to 3.1 SP4, see the Novell Access Manager 3.1 SP4 Installation Guide.
For information on differences between the 3.1 SP4 Access Gateway Appliance and the 3.2 Access Gateway Appliance, see Feature Comparison between Linux Access Gateway and Access Gateway Appliance
in the NetIQ Access Manager 3.2 Installation Guide.
For installation instructions of the Access Manager Administration Console, the Identity Server, the Access Gateway Appliance, the Access Gateway Service, and the SSL VPN server, see the NetIQ Access Manager 3.2 Installation Guide.
Before upgrading or migrating to Access Manager 3.2 from any previous version, ensure that you have upgraded all components to Access Manager 3.1 SP4.
To determine the existing version:
In the Administration Console, click > >
Examine the value in the field. The following table indicates the versions that can be upgraded to 3.2.
|
Component |
3.1 SP4 |
|---|---|
|
Administration Console |
3.1.4.27 |
|
Identity Server |
3.1.4.27 |
|
Linux Access Gateway |
3.1.4.27 |
|
Access Gateway Services |
3.1.4.27 |
|
SSL VPN |
3.1.4.27 |
After upgrading all the Access Manager components, verify their version as follows:
In the Administration Console, click > >
Examine the value in the field to verify that the component has been upgraded to 3.2.
|
Component |
Version |
|---|---|
|
Administration Console |
3.2.0.327 |
|
Identity Server |
3.2.0.327 |
|
Access Gateway Appliance |
3.2.0.327 |
|
Access Gateway Services |
3.2.0.327 |
|
SSL VPN |
3.2.0.327 |
The following table lists the known issues and appropriate workaround in Access Manager 3.2:
|
Issue |
Workaround |
|---|---|
|
The Identity Server delegated administrators do not have view or modify rights after migrating from the 3.1 SP4 Identity Server to the 3.2 Identity Server. |
|
|
Downloading stdout.logs through the Administration Console on Windows Server fails. |
|
|
If the data posted to the Access Gateway before authentication exceeds 50 KB, the data will be lost. |
None |
|
The Alert feature with Access Gateway Appliance works only for configuration changes and when the proxy goes up/down. |
None |
|
Under the Identity Server logging section in the Administration Console, if the is left blank, the Identity Server XML log file gets created in /opt/novell/nam/idp/webapps/nidp/WEB-INF/logs/. It results in having less space in the /opt partition than the /var partition. |
Specify the to /var. |
|
Changing the IP address of the Access Gateway Management interface fails. |
|
|
Apache does not cache a file if the file size is more than 1 MB. |
None |
|
If is enabled, authentication goes into a loop when redirecting from HTTP to HTTPS. |
Disable the option. |
|
The access log is enabled by default in the Windows Administration Console and Identity Server. |
By default, the access log is enabled in the Windows Administration Console and Identity Server. Comment out the line Valve className="org.apache.catalina.valves.AccessLogValve in the \ProgramFiles(x86)\Novell\Tomcat\conf\server.xml file. |
|
Advanced option NAGHostOptions mangleCookies=on can cause looping issues. |
In version 3.2, for mangling cookies, add the following two options to the Advanced options:
|
|
The SSL VPN client works in Enterprise mode, but shuts down Windows Explorer using ActiveX. If you restore/downgrade the Windows XP client to Windows XP SP3, the SSL VPN client works in Kiosk mode. |
Use Firefox with Java. |
|
If the IP address and DNS servers are configured statically on MAC Leopard and the SSL VPN connection is established, the DNS resolution fails to use the DNS server’s IP address pushed from the SSL VPN server. |
None |
|
When you install the Administration Console and the Identity Server on a Windows Server 2008 server, you cannot completely uninstall the components. The uninstall program hangs before it cleans all the files and the registry entries. |
To uninstall all Access Manager files and registry entries:
|
|
When the DNS server is not reachable and ESP debug logging is enabled, each authentication request will be delayed by 20 to 30 seconds. |
Add an /etc/hosts entry for authentication domain in Access Gateway appliance. |
|
The extended logging format has changed between the Linux Access Gateway and the Access Gateway Appliance. |
None |
|
The Identity Server installation displays the /novell-access-manager/scripts/nam_utility_functions.sh: line 424: export: <special characters>: not a valid identifier error message, when the Administration Console password contains special characters, for example, @,$, and (. |
Ignore the message. |
|
There may be issues with Identity Injection Policies when the resources are protected by Access Gateway with Non-Redirected Login contract. |
Enable the option. |
|
An error XML document structures must start and end within the same entity occurs when the values are different in /opt/novell/nam/mag/conf/server.xml and /etc/opt/novell/apache2/conf/httpd.conf files. |
Add the packetSize and maxPostSize parameters with value 65536 in the /opt/novell/nam/mag/conf/server.xml file to the “Connector" element with protocol AJP. For example <Connector port="9009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" address="127.0.0.1" minSpareThreads="25" maxThreads="300" backlog="0" connectionTimeout="20000" packetSize="65536" maxPostSize="65536"/> Also, add the value 65336 to the parameter ProxyIOBufferSize in the /etc/opt/novell/apache2/conf/httpd.conf file. NOTE:The size values in both the conf files must be the same. |
|
When the option is enabled in the Path-Based Multi-Homing page, you may have some issues for example, with the help links, button and so on. |
None |
|
Browsing help links in the Sharepoint portal using the Access Gateway Appliance fails if the Sharepoint Web portal is configured as a path based multihomed service with remove path on fill enabled. |
None |
The following sources provide information about Access Manager:
Access Manager Support. For TIDs and Cool Solutions articles, select for the and in the options.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2012 NetIQ Corporation and its affiliates. All Rights Reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
Access Manager, ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Cloud Manager, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PlateSpin, PlateSpin Recon, Privileged User Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its affiliates in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.