NovellAccessManager3.
1SP3IR2Readme1NovellNovellAccessManager3.
1SP3IR2ReadmeJuly19,2011ThisReadmedescribestheNovellAccessManager3.
1SP3IR2release.
Section1,"Documentation,"onpage1Section2,"UpgradingtoAccessManager3.
1SP3IR2,"onpage1Section3,"BugsFixedinAccessManager3.
1SP3IR2,"onpage4Section4,"KnownIssuesinAccessManager3.
1SP3IR2,"onpage6Section5,"LegalNotices,"onpage91DocumentationThefollowingsourcesprovideinformationaboutNovellAccessManager:DocumentationWebSite(http://www.
novell.
com/documentation/novellaccessmanager31/index.
html).
AccessManagerSupport(http://www.
novell.
com/support/microsites/microsite.
do).
ForTIDsandCoolSolutionsarticles,selectAccessManagerfortheProductandArticles/TipsintheAdvancedSearchoptions.
NovellAccessManagerProductSite(http://www.
novell.
com/products/accessmanager/).
2UpgradingtoAccessManager3.
1SP3IR2Section2.
1,"UpgradingthePurchasedProduct,"onpage1Section2.
2,"InstallingtheHigh-BandwidthSSLVPNServer,"onpage42.
1UpgradingthePurchasedProductAfteryouhaveobtainedAccessManager3.
1SP3IR2orapreviousreleaseofAccessManager,logintotheNovellCustomerCenter(http://www.
novell.
com/center),thenfollowthelinkthatallowsyoutodownloadthesoftware.
Thefollowingfilesareavailable:FilenameDescriptionAM_31_SP3_IR2_IdentityServer_Linux32.
tar.
gzContainstheLinuxIdentityServer,theLinuxAdministrationConsole,theESP-enabledSSLVPNServer,andtheTraditionalSSLVPNServer.
AM_31_SP3_IR2_IdentityServer_Win32.
exe2NovellAccessManager3.
1SP3IR2ReadmeForupgradeandinstallationinformation:"UpgradeInstructions"onpage2"InstallationInstructions"onpage3"VerifyingVersionNumbersBeforeUpgrading"onpage3"VerifyingVersionNumbersAfterUpgrading"onpage3ContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2003.
AM_31_SP3_IR2_IdentityServer_Win64.
exeContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2008.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES9.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)9versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES11.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)11versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_ConfigurationUpgrade.
zipContainsthescripttoenablethesessionstickinessoptionforexistingproxyservicesandallowtargetoptionfortheintersitetransferservice.
Thisoptionisdisabledonanupgradefrom3.
1SP2IR3to3.
1SP3IR2.
AM_31_SP3_IR2_AccessGatewayService_Win64.
exeContainstheAccessGatewayServiceforWindowsServer2008R2witha64-bitoperatingsystem.
AM_31_SP3_IR2_AccessGatewayService_Linux64.
binContainstheAccessGatewayServicefor(SUSELinuxEnterpriseServer)11witha64-bitoperatingsystem.
AM_31_SP3_IR2_ApplicationServerAgents_AIX.
binContainstheAgentsservicefortheAIXplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Linux.
binContainstheAgentsservicefortheLinuxplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Solaris.
binContainstheAgentsservicefortheSolarisplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Windows.
exeContainstheAgentsservicefortheWindowsplatform.
FilenameDescriptionNovellAccessManager3.
1SP3IR2Readme32.
1.
1UpgradeInstructionsForinstructionsonupgradingfrom3.
1SP3,3.
1SP3IR1to3.
1SP3IR2,see"UpgradingAccessManagerComponents"intheNovellAccessManager3.
1SP3InstallationGuide.
Toverifythatyourcomponentsarerunning3.
1SP3,3.
1SP3IR1see"VerifyingVersionNumbersbeforeUpgrading"onpage3.
AnyAccessManagerversionpriorto3.
1SP2IR2shouldbefirstupgradedto3.
1SP3.
Formoreinformationonupgradingto3.
1SP3,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
2InstallationInstructionsForinstallationinstructionsfortheAccessManagerAdministrationConsole,theIdentityServer,theAccessGatewayAppliance,theAccessGatewayService,andtheSSLVPNserver,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
3VerifyingVersionNumbersbeforeUpgradingIfyouareupgradingfromAccessManager3.
0,allcomponentsmustbefirstupgradedtoAccessManager3.
1SP3beforeupgradingtoAccessManager3.
1SP3IR2.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfield.
Thefollowingtableindicatestheversionsthatcanbeupgradedto3.
1SP3IR2.
2.
1.
4VerifyingVersionNumbersafterUpgradingWhenyouhavefinishedupgradingyourAccessManagercomponents,verifythattheyhaveallbeenupgraded.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfieldtoverifythatthecomponenthasbeenupgradedto3.
1SP3IR2.
Component3.
1SP33.
1SP3IR1AdministrationConsole3.
1.
3.
2473.
1.
3.
273IdentityServer3.
1.
3.
2473.
1.
3.
273LinuxAccessGateway3.
1.
3.
2473.
1.
3.
273AccessGatewayServices3.
1.
3.
2473.
1.
3.
273SSLVPN3.
1.
3.
2473.
1.
3.
273Component3.
1SP3IR2AdministrationConsole3.
1.
3.
292IdentityServer3.
1.
3.
292LinuxAccessGateway3.
1.
3.
292AccessGatewayServices3.
1.
3.
2924NovellAccessManager3.
1SP3IR2Readme2.
2InstallingtheHigh-BandwidthSSLVPNServerThekeyforthehigh-bandwidthSSLVPNserverdoesnotshipwiththeproductbecauseofexportlawsandrestrictions.
Thehigh-bandwidthversiondoesnothavetheconnectionandperformancerestrictionsthatarepartoftheversionthatshipswiththeproduct.
YourregularNovellsaleschannelcandetermineiftheexportlawallowsyoutoorderthehigh-bandwidthversionatnoextracost.
Afteryouhaveobtainedauthorizationforthehigh-bandwidthversion,logintotheNovellCustomerCenter(http://www.
novell.
com/center)andfollowthelinkthatallowsyoutodownloadthehigh-bandwidthkey.
3BugsFixedinAccessManager3.
1SP3IR2Section3.
1,"IdentityServer,"onpage4Section3.
2,"LinuxAccessGatewayAppliance,"onpage5Section3.
3,"AccessGatewayService,"onpage53.
1IdentityServerFixedanissuewherethepasswordfetchmethoddoesnotgetexecutedatourSAML2.
0ServiceProviderwhileconsuminganassertionfromtheidentityproviderserverthroughtheinter-sitetransferURLFixedanissuewheretheusercouldnotsetavalueforSAML2.
0RequestedAuthnContextcomparisonexcept"Exact.
"FixedanissuewhereauthenticationfailedforWSFederationwithSharePoint2010afterapplying3.
1SP3whenthetimesfortheidentityproviderWSFedwerenotsynchronized.
Formoreinformation,see"AssertionValidityWindow.
"FixedanissuewheretheKerberosauthenticationfailedwhentherequestwasproxiedbyanidentityprovidertoanotheridentityprovider.
FixedanissuewheretheclustercookiesdidnothaveanysecureandHTTPOnlyoptions.
Theseoptionsarenotenabledbydefault,andtheweb.
xmloptionsareintroducedtoenabletheseoptions.
Formoreinformation,see"EnablingSecureorHTTPOnlyFlagsforClusterCookies.
"FixedanissuewheretheserviceprovidergeneratedtwoSAMLSSOrequests,resultingintwosessionindexesthatcausedincompletesinglelogout.
FixedanissuewhentheidentityserverinaclusterreceivedaSAML2.
0logoutrequestwheretheauthenticationwasperformedonadifferentnode.
FixedanissuewhereaSAML2.
0attributequeryresponsedidnotpopulatetheinResponseToattributeinSubjectConfirmation.
SSLVPN3.
1.
3.
292Component3.
1SP3IR2NovellAccessManager3.
1SP3IR2Readme5FixedanissuewhereSAML2.
0ignoredtheFrontChannelLogoutoptioninthelogoutinitiatedbytheAccessGatewayAppliance.
Formoreinformation,see"DefiningOptionsforLibertyorSAML2.
0"3.
2LinuxAccessGatewayApplianceFixedanissuewithRangerequestswheretheAccessGatewayAppliancesendsthesamerequesttwicetotheWebserver,resultinginrandomservercrashes.
FixedanissuewhereAccessGatewayAppliancecrasheswhentheWebserversentcontent-lengthresponseheadervaluesmallerthantheactualcontent.
FixedaloginissueintheclusterenvironmentwithAccessGatewayAppliancewhentheusernamecontaineddoublebytecharactersinit.
FixedanissuewiththeAccessGatewayAppliancewheretheusergotanerrormessage"403ForbiddenDescription:DetectedURLtampering.
"FixedamemoryleakissuethatcausedacoredumpwithAccessGatewayAppliance.
FixedanissuewiththeOpenHREloginpage.
Ifthevaluefortheformnumberwasconfiguredas0intheFormFillpolicy,theloginpagewastruncated.
FixedanissuewhererandomprocessrestartsoccurredinSP3.
FixedanissueintheauthorizationpolicywithmultipleLDAPOUevaluationfailuresafterupgradingfrom3.
1SP2to3.
1SP3.
Fixedanissuewherethe/var/novell/.
disableWSHealthtouchfilewasnotworking.
ThistouchfilehelpsavoidthedevicehealthbeingmarkedasbadbecauseofsomeunreachableWebservers.
Formoreinformation,see"disableWSHealth"Fixedanissuewheretheuser'sprivateinformationwasgettingloggedtothesoapmessageslogfileunderspecificconfigurations.
Fixeda403forbiddenissuethatresultedwhentheuserpostedlargedata(morethan56KiloBytesinsize)afterasessiontimeout.
TheAdministratorcanchangethepostdataparkingsizelimit.
Formoreinformation,see"ParkingSizeInKiloBytes"FixedanissuewherethesourceportoftheconnectiontotheWebserverwasincorrectintheics_dyn.
logfile.
FixedanissuewheretheAccessGatewayAppliancecrashedwhilebeingredirectedfromhttptohttpswhenthehostnameheaderexceeds4kbytes.
FixedacrashissuewithAccessGatewayincustomloginsequenceenvironmentwhere/nesp/app/ploginrequestreachesproxywithPOSTdata.
Fixedanissuewhere400badrequestswasobservedinthereliabilitytestsforlargefilescripts.
3.
3AccessGatewayServiceFixedanissuewheretheAccessGatewayServicerewriterremoved"%2"incorrectlyfromtheurlbeingrewritten.
6NovellAccessManager3.
1SP3IR2ReadmeFixedadelayissuewiththeAccessGatewayServicewhentheauditserverwasnotreachableornotresponding.
FixedaloginissuewiththeAccessGatewayServiceifuserswaitfor3+minattheIDPloginpageandthensubmitstheircredentials.
FixedanissuewhereAccessGatewayServicesessioncookiearchitecturewasdifferentfromAccessGatewayAppliancesessioncookiearchitecture.
FixedanissuewheretheAccessGatewayServiceperformancedropsby90%whentheauditserverisnotreachable.
4KnownIssuesinAccessManager3.
1SP3IR2Section4.
1,"StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServices,"onpage6Section4.
2,"AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabled,"onpage7Section4.
3,"TheSSLVPNCausesaWindowsExplorerCrashinKioskMode,"onpage7Section4.
4,"VulnerabilityIssuesinJRESecurity,"onpage7Section4.
5,"ServiceUnavailabilityCausedbyaSLES11Issue,"onpage7Section4.
6,"DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopard,"onpage8Section4.
7,"OnWindowsServer2008,YouCannotUninstalltheAdministrationConsole,"onpage8Section4.
8,"ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayAppliance,"onpage8Section4.
9,"ErrorinSecondaryIPaddressesafterPushingConfigurationUpdates,"onpage8Section4.
10,"The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWork,"onpage8Section4.
11,"IssuewithSSLVPNWhileValidatingServerCertificates,"onpage8Section4.
12,"LinuxAccessGatewayApplianceDoesNotSupportRFC5746,"onpage94.
1StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServicesOccasionally,whenthenauditserviceisstoppedbyusing/etc/init.
d/novell-nauditstopcommand,otherimportantservicessuchasTomcatandJCCalsostop,whichcausesinterruptionofservices.
Toworkaroundthisissue,manuallyrestarttheTomcatandJCCservices.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008991&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228708&stateId=0%200%20247101813)intheTID.
NovellAccessManager3.
1SP3IR2Readme74.
2AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabledIfyouhavetwocontracts,andtheOverwriteRealUseroptionisenabledforoneofthem,thefirstuserauthenticationdoesnotoverwritetheseconduserauthentication.
Itdisplaysthefollowingerrormessage:"Unabletoauthenticate.
(409-esp-7271673232708786).
"ThisissueisnotobservedwiththeLinuxAccessGateway.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008992&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228779&stateId=0%200%20247101935)intheTID.
4.
3TheSSLVPNCausesaWindowsExplorerCrashinKioskModeTheSSLVPNclientworksproperlyinEnterprisemode,butcrashesWindowsExplorerusingActiveX.
Ifyourestore/downgradetheWindowsXPclienttoWindowsXPSP3,theSSLVPNclientworksproperlyinKioskmode.
ThisissueisnotobservedwithFirefoxusingJava.
4.
4VulnerabilityIssuesinJRESecurityToworkaroundtheJREsecurityvulnerabilityissue,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008129&sliceId=1&docTypeID=DT_TID_1_1&dialogID=216290409&stateId=0%200%20216288812)intheTID.
4.
5ServiceUnavailabilityCausedbyaSLES11IssueInSLES11,theoperatingsystemreturnsthe27.
0.
0.
2entrywhenthehostnameisresolved.
Thiscausesthe127.
0.
0.
2tobethedefaultaddressofthelistenerwhenthedeviceisaddedtothecluster.
Toworkaroundthisissue:1Gototheproxyservicepage.
ChangethelisteningIPaddresstotheotherclustermember,thenselectthecorrectIPaddressagain.
2ClickUpdatetosavethechanges.
3Verifythecorrectaddress,thenaddthedevicetothecluster.
IMPORTANT:DonotrefertothedeploymentscenariosinthecontextsensitivehelpavailablewiththeAccessManager3.
1.
3build.
RefertothisinformationintheIdentityServerGuide.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008978&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120230000&stateId=0%200%20247107319)intheTID.
8NovellAccessManager3.
1SP3IR2Readme4.
6DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopardIftheIPaddressandDNSserversareconfiguredstaticallyonMACLeopardandasuccessfulSSLVPNconnectionisestablished,theDNSresolutionfailstousetheDNSserverIPaddresspushedfromtheSSLVPNserver.
4.
7OnWindowsServer2008,YouCannotUninstalltheAdministrationConsoleWhenyouinstalltheAdministrationConsoleandtheIdentityServeronaWindows2008machine,youcannotcompletelyuninstallthecomponents.
Theuninstallprogramhangsbeforeitcleansallthefilesandtheregistryentries.
Toworkaroundthisissue,see(http://www.
novell.
com/documentation/novellaccessmanager31/readme/accessmanager_readme_sp2_ir3.
html#br1og3r)intheNovellAccessManager3.
1SP2IR3aReadme.
4.
8ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayApplianceYoucannotuploadlargefilestoanIIS7.
xWebserverwhereSSLisenabledbetweentheLinuxAccessGatewayandIIS7server.
Themaximumuploadsizedependsonthenetworksetup.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008505&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120156265&stateId=0%200%20246847206)intheTID.
4.
9ErrorinSecondaryIPaddressesafterPushingConfigurationUpdatesWithsecuritypatchesinstalledontheSLES11LinuxAccessGatewaymachine,thesecondaryIPaddressismissingafterpushingconfigurationupdatesfromtheAdministrationConsoletotheLinuxAccessGatewaydevice.
Toworkaroundthisissue:1Backupthefile/etc/sysconfig/network/ifcfg-eth-id-thenremoveitfromthedirectory.
2PushtheconfigurationfromtheAdministrationConsole.
4.
10The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWorkToworkaroundthisissue,keeptheSPRemotecontracttimeoutthesameastheremoteidentityprovidersessiontimeout.
4.
11IssuewithSSLVPNWhileValidatingServerCertificatesTheSSLVPNclientcannotvalidateservercertificateifthetrustchainincludesoneormoreintermediaterootcertificates.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008465&sliceId=2&docTypeID=DT_TID_1_1&dialogID=247083053&stateId=0%200%20247079487)intheTID.
NovellAccessManager3.
1SP3IR2Readme94.
12LinuxAccessGatewayApplianceDoesNotSupportRFC5746UntilaLinuxAcessGatewayversionincludingsupportforRFC5746willnotbereleased,theworkaroundistousetheLinuxAccessGatewayService,insteadoftheappliance.
Forinformation,see(http://www.
novell.
com/support/viewContent.
doexternalId=7008600&sliceId=1)intheTID.
5LegalNoticesNovell,Inc.
,makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttorevisethispublicationandtomakechangestoitscontent,atanytime,withoutobligationtonotifyanypersonorentityofsuchrevisionsorchanges.
Further,Novell,Inc.
,makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttomakechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityofsuchchanges.
AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.
S.
exportcontrolsandthetradelawsofothercountries.
Youagreetocomplywithallexportcontrolregulationsandtoobtainanyrequiredlicensesorclassificationtoexport,re-exportorimportdeliverables.
Youagreenottoexportorre-exporttoentitiesonthecurrentU.
S.
exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.
S.
exportlaws.
Youagreetonotusedeliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.
SeetheNovellInternationalTradeServicesWebpage(http://www.
novell.
com/info/exports/)formoreinformationonexportingNovellsoftware.
Novellassumesnoresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.
Copyright2011Novell,Inc.
Allrightsreserved.
Nopartofthispublicationmaybereproduced,photocopied,storedonaretrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.
ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.
novell.
com/).
Allthird-partytrademarksarethepropertyoftheirrespectiveowners.
近日CloudCone发布了最新的补货消息,针对此前新年闪购年付便宜VPS云服务器计划方案进行了少量补货,KVM虚拟架构,美国洛杉矶CN2 GT线路,1Gbps带宽,最低3TB流量,仅需14美元/年,有需要国外便宜美国洛杉矶VPS云服务器的朋友可以尝试一下。CloudCone怎么样?CloudCone服务器好不好?CloudCone值不值得购买?CloudCone是一家成立于2017年的美国服务器...
iON Cloud怎么样?iON Cloud今天发布了7月份优惠,使用优惠码:VC4VF8RHFL,新购指定型号VPS半年付或以上可享八五折!iON的云服务器包括美国洛杉矶、美国圣何塞(包含了优化线路、CN2 GIA线路)、新加坡(CN2 GIA线路、PCCW线路、移动CMI线路)这几个机房或者线路可供选择,有Linux和Windows系统之分,整体来说针对中国的优化是非常明显的,机器稳定可靠,比...
profitserver怎么样?profitserver是一家成立于2003的主机商家,是ITC控股的一个部门,主要经营的产品域名、SSL证书、虚拟主机、VPS和独立服务器,机房有俄罗斯、新加坡、荷兰、美国、保加利亚,VPS采用的是KVM虚拟架构,硬盘采用纯SSD,而且最大的优势是不限制流量,大公司运营,机器比较稳定,数据中心众多。此次ProfitServer正在对德国VPS(法兰克福)、西班牙v...
403forbidden为你推荐
apple.com.cn苹果官网怎么查序列号360邮箱请问360邮箱怎么申请sqlserver数据库SQL Server 数据库 (+) 这个是什么意思sns网站有哪些中国都有哪些sns网站?还有它们都是哪个类型的?ipad代理想买个ipad,3000至4000元左右有什么好的传奇域名自己的传奇服务器怎么建设?缤纷网谁都可以创造一个属于自己的缤纷世界中的缤纷是什么意思discuz论坛Discuz论坛是什么啊?建站无忧前程无忧为何上市?403forbidden403forbidden怎么解决
域名邮箱 免费注册网站域名 新网域名管理 免费cn域名 enzu permitrootlogin 贵州电信宽带测速 windows2003iso 商家促销 圣诞节促销 刀片服务器的优势 免费活动 绍兴电信 多线空间 华为云盘 厦门电信 个人免费邮箱 防cc攻击 深圳域名 阿里云邮箱申请 更多