NovellAccessManager3.
1SP3IR2Readme1NovellNovellAccessManager3.
1SP3IR2ReadmeJuly19,2011ThisReadmedescribestheNovellAccessManager3.
1SP3IR2release.
Section1,"Documentation,"onpage1Section2,"UpgradingtoAccessManager3.
1SP3IR2,"onpage1Section3,"BugsFixedinAccessManager3.
1SP3IR2,"onpage4Section4,"KnownIssuesinAccessManager3.
1SP3IR2,"onpage6Section5,"LegalNotices,"onpage91DocumentationThefollowingsourcesprovideinformationaboutNovellAccessManager:DocumentationWebSite(http://www.
novell.
com/documentation/novellaccessmanager31/index.
html).
AccessManagerSupport(http://www.
novell.
com/support/microsites/microsite.
do).
ForTIDsandCoolSolutionsarticles,selectAccessManagerfortheProductandArticles/TipsintheAdvancedSearchoptions.
NovellAccessManagerProductSite(http://www.
novell.
com/products/accessmanager/).
2UpgradingtoAccessManager3.
1SP3IR2Section2.
1,"UpgradingthePurchasedProduct,"onpage1Section2.
2,"InstallingtheHigh-BandwidthSSLVPNServer,"onpage42.
1UpgradingthePurchasedProductAfteryouhaveobtainedAccessManager3.
1SP3IR2orapreviousreleaseofAccessManager,logintotheNovellCustomerCenter(http://www.
novell.
com/center),thenfollowthelinkthatallowsyoutodownloadthesoftware.
Thefollowingfilesareavailable:FilenameDescriptionAM_31_SP3_IR2_IdentityServer_Linux32.
tar.
gzContainstheLinuxIdentityServer,theLinuxAdministrationConsole,theESP-enabledSSLVPNServer,andtheTraditionalSSLVPNServer.
AM_31_SP3_IR2_IdentityServer_Win32.
exe2NovellAccessManager3.
1SP3IR2ReadmeForupgradeandinstallationinformation:"UpgradeInstructions"onpage2"InstallationInstructions"onpage3"VerifyingVersionNumbersBeforeUpgrading"onpage3"VerifyingVersionNumbersAfterUpgrading"onpage3ContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2003.
AM_31_SP3_IR2_IdentityServer_Win64.
exeContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2008.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES9.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)9versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES11.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)11versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_ConfigurationUpgrade.
zipContainsthescripttoenablethesessionstickinessoptionforexistingproxyservicesandallowtargetoptionfortheintersitetransferservice.
Thisoptionisdisabledonanupgradefrom3.
1SP2IR3to3.
1SP3IR2.
AM_31_SP3_IR2_AccessGatewayService_Win64.
exeContainstheAccessGatewayServiceforWindowsServer2008R2witha64-bitoperatingsystem.
AM_31_SP3_IR2_AccessGatewayService_Linux64.
binContainstheAccessGatewayServicefor(SUSELinuxEnterpriseServer)11witha64-bitoperatingsystem.
AM_31_SP3_IR2_ApplicationServerAgents_AIX.
binContainstheAgentsservicefortheAIXplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Linux.
binContainstheAgentsservicefortheLinuxplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Solaris.
binContainstheAgentsservicefortheSolarisplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Windows.
exeContainstheAgentsservicefortheWindowsplatform.
FilenameDescriptionNovellAccessManager3.
1SP3IR2Readme32.
1.
1UpgradeInstructionsForinstructionsonupgradingfrom3.
1SP3,3.
1SP3IR1to3.
1SP3IR2,see"UpgradingAccessManagerComponents"intheNovellAccessManager3.
1SP3InstallationGuide.
Toverifythatyourcomponentsarerunning3.
1SP3,3.
1SP3IR1see"VerifyingVersionNumbersbeforeUpgrading"onpage3.
AnyAccessManagerversionpriorto3.
1SP2IR2shouldbefirstupgradedto3.
1SP3.
Formoreinformationonupgradingto3.
1SP3,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
2InstallationInstructionsForinstallationinstructionsfortheAccessManagerAdministrationConsole,theIdentityServer,theAccessGatewayAppliance,theAccessGatewayService,andtheSSLVPNserver,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
3VerifyingVersionNumbersbeforeUpgradingIfyouareupgradingfromAccessManager3.
0,allcomponentsmustbefirstupgradedtoAccessManager3.
1SP3beforeupgradingtoAccessManager3.
1SP3IR2.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfield.
Thefollowingtableindicatestheversionsthatcanbeupgradedto3.
1SP3IR2.
2.
1.
4VerifyingVersionNumbersafterUpgradingWhenyouhavefinishedupgradingyourAccessManagercomponents,verifythattheyhaveallbeenupgraded.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfieldtoverifythatthecomponenthasbeenupgradedto3.
1SP3IR2.
Component3.
1SP33.
1SP3IR1AdministrationConsole3.
1.
3.
2473.
1.
3.
273IdentityServer3.
1.
3.
2473.
1.
3.
273LinuxAccessGateway3.
1.
3.
2473.
1.
3.
273AccessGatewayServices3.
1.
3.
2473.
1.
3.
273SSLVPN3.
1.
3.
2473.
1.
3.
273Component3.
1SP3IR2AdministrationConsole3.
1.
3.
292IdentityServer3.
1.
3.
292LinuxAccessGateway3.
1.
3.
292AccessGatewayServices3.
1.
3.
2924NovellAccessManager3.
1SP3IR2Readme2.
2InstallingtheHigh-BandwidthSSLVPNServerThekeyforthehigh-bandwidthSSLVPNserverdoesnotshipwiththeproductbecauseofexportlawsandrestrictions.
Thehigh-bandwidthversiondoesnothavetheconnectionandperformancerestrictionsthatarepartoftheversionthatshipswiththeproduct.
YourregularNovellsaleschannelcandetermineiftheexportlawallowsyoutoorderthehigh-bandwidthversionatnoextracost.
Afteryouhaveobtainedauthorizationforthehigh-bandwidthversion,logintotheNovellCustomerCenter(http://www.
novell.
com/center)andfollowthelinkthatallowsyoutodownloadthehigh-bandwidthkey.
3BugsFixedinAccessManager3.
1SP3IR2Section3.
1,"IdentityServer,"onpage4Section3.
2,"LinuxAccessGatewayAppliance,"onpage5Section3.
3,"AccessGatewayService,"onpage53.
1IdentityServerFixedanissuewherethepasswordfetchmethoddoesnotgetexecutedatourSAML2.
0ServiceProviderwhileconsuminganassertionfromtheidentityproviderserverthroughtheinter-sitetransferURLFixedanissuewheretheusercouldnotsetavalueforSAML2.
0RequestedAuthnContextcomparisonexcept"Exact.
"FixedanissuewhereauthenticationfailedforWSFederationwithSharePoint2010afterapplying3.
1SP3whenthetimesfortheidentityproviderWSFedwerenotsynchronized.
Formoreinformation,see"AssertionValidityWindow.
"FixedanissuewheretheKerberosauthenticationfailedwhentherequestwasproxiedbyanidentityprovidertoanotheridentityprovider.
FixedanissuewheretheclustercookiesdidnothaveanysecureandHTTPOnlyoptions.
Theseoptionsarenotenabledbydefault,andtheweb.
xmloptionsareintroducedtoenabletheseoptions.
Formoreinformation,see"EnablingSecureorHTTPOnlyFlagsforClusterCookies.
"FixedanissuewheretheserviceprovidergeneratedtwoSAMLSSOrequests,resultingintwosessionindexesthatcausedincompletesinglelogout.
FixedanissuewhentheidentityserverinaclusterreceivedaSAML2.
0logoutrequestwheretheauthenticationwasperformedonadifferentnode.
FixedanissuewhereaSAML2.
0attributequeryresponsedidnotpopulatetheinResponseToattributeinSubjectConfirmation.
SSLVPN3.
1.
3.
292Component3.
1SP3IR2NovellAccessManager3.
1SP3IR2Readme5FixedanissuewhereSAML2.
0ignoredtheFrontChannelLogoutoptioninthelogoutinitiatedbytheAccessGatewayAppliance.
Formoreinformation,see"DefiningOptionsforLibertyorSAML2.
0"3.
2LinuxAccessGatewayApplianceFixedanissuewithRangerequestswheretheAccessGatewayAppliancesendsthesamerequesttwicetotheWebserver,resultinginrandomservercrashes.
FixedanissuewhereAccessGatewayAppliancecrasheswhentheWebserversentcontent-lengthresponseheadervaluesmallerthantheactualcontent.
FixedaloginissueintheclusterenvironmentwithAccessGatewayAppliancewhentheusernamecontaineddoublebytecharactersinit.
FixedanissuewiththeAccessGatewayAppliancewheretheusergotanerrormessage"403ForbiddenDescription:DetectedURLtampering.
"FixedamemoryleakissuethatcausedacoredumpwithAccessGatewayAppliance.
FixedanissuewiththeOpenHREloginpage.
Ifthevaluefortheformnumberwasconfiguredas0intheFormFillpolicy,theloginpagewastruncated.
FixedanissuewhererandomprocessrestartsoccurredinSP3.
FixedanissueintheauthorizationpolicywithmultipleLDAPOUevaluationfailuresafterupgradingfrom3.
1SP2to3.
1SP3.
Fixedanissuewherethe/var/novell/.
disableWSHealthtouchfilewasnotworking.
ThistouchfilehelpsavoidthedevicehealthbeingmarkedasbadbecauseofsomeunreachableWebservers.
Formoreinformation,see"disableWSHealth"Fixedanissuewheretheuser'sprivateinformationwasgettingloggedtothesoapmessageslogfileunderspecificconfigurations.
Fixeda403forbiddenissuethatresultedwhentheuserpostedlargedata(morethan56KiloBytesinsize)afterasessiontimeout.
TheAdministratorcanchangethepostdataparkingsizelimit.
Formoreinformation,see"ParkingSizeInKiloBytes"FixedanissuewherethesourceportoftheconnectiontotheWebserverwasincorrectintheics_dyn.
logfile.
FixedanissuewheretheAccessGatewayAppliancecrashedwhilebeingredirectedfromhttptohttpswhenthehostnameheaderexceeds4kbytes.
FixedacrashissuewithAccessGatewayincustomloginsequenceenvironmentwhere/nesp/app/ploginrequestreachesproxywithPOSTdata.
Fixedanissuewhere400badrequestswasobservedinthereliabilitytestsforlargefilescripts.
3.
3AccessGatewayServiceFixedanissuewheretheAccessGatewayServicerewriterremoved"%2"incorrectlyfromtheurlbeingrewritten.
6NovellAccessManager3.
1SP3IR2ReadmeFixedadelayissuewiththeAccessGatewayServicewhentheauditserverwasnotreachableornotresponding.
FixedaloginissuewiththeAccessGatewayServiceifuserswaitfor3+minattheIDPloginpageandthensubmitstheircredentials.
FixedanissuewhereAccessGatewayServicesessioncookiearchitecturewasdifferentfromAccessGatewayAppliancesessioncookiearchitecture.
FixedanissuewheretheAccessGatewayServiceperformancedropsby90%whentheauditserverisnotreachable.
4KnownIssuesinAccessManager3.
1SP3IR2Section4.
1,"StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServices,"onpage6Section4.
2,"AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabled,"onpage7Section4.
3,"TheSSLVPNCausesaWindowsExplorerCrashinKioskMode,"onpage7Section4.
4,"VulnerabilityIssuesinJRESecurity,"onpage7Section4.
5,"ServiceUnavailabilityCausedbyaSLES11Issue,"onpage7Section4.
6,"DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopard,"onpage8Section4.
7,"OnWindowsServer2008,YouCannotUninstalltheAdministrationConsole,"onpage8Section4.
8,"ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayAppliance,"onpage8Section4.
9,"ErrorinSecondaryIPaddressesafterPushingConfigurationUpdates,"onpage8Section4.
10,"The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWork,"onpage8Section4.
11,"IssuewithSSLVPNWhileValidatingServerCertificates,"onpage8Section4.
12,"LinuxAccessGatewayApplianceDoesNotSupportRFC5746,"onpage94.
1StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServicesOccasionally,whenthenauditserviceisstoppedbyusing/etc/init.
d/novell-nauditstopcommand,otherimportantservicessuchasTomcatandJCCalsostop,whichcausesinterruptionofservices.
Toworkaroundthisissue,manuallyrestarttheTomcatandJCCservices.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008991&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228708&stateId=0%200%20247101813)intheTID.
NovellAccessManager3.
1SP3IR2Readme74.
2AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabledIfyouhavetwocontracts,andtheOverwriteRealUseroptionisenabledforoneofthem,thefirstuserauthenticationdoesnotoverwritetheseconduserauthentication.
Itdisplaysthefollowingerrormessage:"Unabletoauthenticate.
(409-esp-7271673232708786).
"ThisissueisnotobservedwiththeLinuxAccessGateway.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008992&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228779&stateId=0%200%20247101935)intheTID.
4.
3TheSSLVPNCausesaWindowsExplorerCrashinKioskModeTheSSLVPNclientworksproperlyinEnterprisemode,butcrashesWindowsExplorerusingActiveX.
Ifyourestore/downgradetheWindowsXPclienttoWindowsXPSP3,theSSLVPNclientworksproperlyinKioskmode.
ThisissueisnotobservedwithFirefoxusingJava.
4.
4VulnerabilityIssuesinJRESecurityToworkaroundtheJREsecurityvulnerabilityissue,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008129&sliceId=1&docTypeID=DT_TID_1_1&dialogID=216290409&stateId=0%200%20216288812)intheTID.
4.
5ServiceUnavailabilityCausedbyaSLES11IssueInSLES11,theoperatingsystemreturnsthe27.
0.
0.
2entrywhenthehostnameisresolved.
Thiscausesthe127.
0.
0.
2tobethedefaultaddressofthelistenerwhenthedeviceisaddedtothecluster.
Toworkaroundthisissue:1Gototheproxyservicepage.
ChangethelisteningIPaddresstotheotherclustermember,thenselectthecorrectIPaddressagain.
2ClickUpdatetosavethechanges.
3Verifythecorrectaddress,thenaddthedevicetothecluster.
IMPORTANT:DonotrefertothedeploymentscenariosinthecontextsensitivehelpavailablewiththeAccessManager3.
1.
3build.
RefertothisinformationintheIdentityServerGuide.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008978&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120230000&stateId=0%200%20247107319)intheTID.
8NovellAccessManager3.
1SP3IR2Readme4.
6DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopardIftheIPaddressandDNSserversareconfiguredstaticallyonMACLeopardandasuccessfulSSLVPNconnectionisestablished,theDNSresolutionfailstousetheDNSserverIPaddresspushedfromtheSSLVPNserver.
4.
7OnWindowsServer2008,YouCannotUninstalltheAdministrationConsoleWhenyouinstalltheAdministrationConsoleandtheIdentityServeronaWindows2008machine,youcannotcompletelyuninstallthecomponents.
Theuninstallprogramhangsbeforeitcleansallthefilesandtheregistryentries.
Toworkaroundthisissue,see(http://www.
novell.
com/documentation/novellaccessmanager31/readme/accessmanager_readme_sp2_ir3.
html#br1og3r)intheNovellAccessManager3.
1SP2IR3aReadme.
4.
8ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayApplianceYoucannotuploadlargefilestoanIIS7.
xWebserverwhereSSLisenabledbetweentheLinuxAccessGatewayandIIS7server.
Themaximumuploadsizedependsonthenetworksetup.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008505&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120156265&stateId=0%200%20246847206)intheTID.
4.
9ErrorinSecondaryIPaddressesafterPushingConfigurationUpdatesWithsecuritypatchesinstalledontheSLES11LinuxAccessGatewaymachine,thesecondaryIPaddressismissingafterpushingconfigurationupdatesfromtheAdministrationConsoletotheLinuxAccessGatewaydevice.
Toworkaroundthisissue:1Backupthefile/etc/sysconfig/network/ifcfg-eth-id-thenremoveitfromthedirectory.
2PushtheconfigurationfromtheAdministrationConsole.
4.
10The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWorkToworkaroundthisissue,keeptheSPRemotecontracttimeoutthesameastheremoteidentityprovidersessiontimeout.
4.
11IssuewithSSLVPNWhileValidatingServerCertificatesTheSSLVPNclientcannotvalidateservercertificateifthetrustchainincludesoneormoreintermediaterootcertificates.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008465&sliceId=2&docTypeID=DT_TID_1_1&dialogID=247083053&stateId=0%200%20247079487)intheTID.
NovellAccessManager3.
1SP3IR2Readme94.
12LinuxAccessGatewayApplianceDoesNotSupportRFC5746UntilaLinuxAcessGatewayversionincludingsupportforRFC5746willnotbereleased,theworkaroundistousetheLinuxAccessGatewayService,insteadoftheappliance.
Forinformation,see(http://www.
novell.
com/support/viewContent.
doexternalId=7008600&sliceId=1)intheTID.
5LegalNoticesNovell,Inc.
,makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttorevisethispublicationandtomakechangestoitscontent,atanytime,withoutobligationtonotifyanypersonorentityofsuchrevisionsorchanges.
Further,Novell,Inc.
,makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttomakechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityofsuchchanges.
AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.
S.
exportcontrolsandthetradelawsofothercountries.
Youagreetocomplywithallexportcontrolregulationsandtoobtainanyrequiredlicensesorclassificationtoexport,re-exportorimportdeliverables.
Youagreenottoexportorre-exporttoentitiesonthecurrentU.
S.
exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.
S.
exportlaws.
Youagreetonotusedeliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.
SeetheNovellInternationalTradeServicesWebpage(http://www.
novell.
com/info/exports/)formoreinformationonexportingNovellsoftware.
Novellassumesnoresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.
Copyright2011Novell,Inc.
Allrightsreserved.
Nopartofthispublicationmaybereproduced,photocopied,storedonaretrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.
ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.
novell.
com/).
Allthird-partytrademarksarethepropertyoftheirrespectiveowners.
活动方案:美国洛杉矶 E5 2696V2 2核4G20M带宽100G流量20元/月美国洛杉矶E5 2696V2 2核4G100M带宽1000G流量99元/季香港CN2 E5 2660V2 2核2G30M CN2500G流量119元/季日本CN2E5 2660 2核2G30M CN2 500G流量119元/季美国300G高防 真实防御E5 2696V2 2核2G30M...
修罗云怎么样?修罗云是一家国内老牌商家,修罗云商家以销售NAT机器起家,国内的中转机相当不错,给的带宽都非常高,此前推荐的也都是国内NAT VPS机器。今天,云服务器网(www.yuntue.com)小编主要介绍一下修罗云的香港云服务器,适合建站,香港沙田cn2云服务器,2核2G,5M带宽仅70元/月起,同时香港香港大带宽NAT VPS低至50元/月起,性价比不错,可以尝试一下!点击进入:修罗云官...
无忧云怎么样?无忧云,无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,主要销售国内、中国香港、国外服务器产品,线路有腾讯云国外线路、自营香港CN2线路等,都是中国大陆直连线路,非常适合免备案建站业务需求和各种负载较高的项目,同时国内服务器也有多个BGP以及高防节点。一、无忧云官网点击此处进入无忧云官方网站二...
403forbidden为你推荐
SetSysIdroute戏曲网易yeahflashftp下载rmdown怎么下载ipad代理如何贷款买IPAD科创板首批名单中国兰男队员名单pintang目前世界上最稀有、最珍贵的钱币是什么?青岛网通测速中国联通宽带,青岛地区咋样,与网通有啥区别可信网站可信网站 是自己去注册的还是由做网站 的人帮弄的?discuz伪静态Discuz! X3.0 到底能不能伪静态?门户怎么伪静态?如何发帖子如何发表帖子
火山主机 美元争夺战 rackspace l5520 koss gg广告 河南移动邮件系统 已备案删除域名 美国在线代理服务器 免费高速空间 傲盾官网 网通服务器托管 重庆双线服务器托管 根服务器 架设邮件服务器 韩国代理ip 杭州电信宽带优惠 xuni 万网主机 徐州电信 更多