NovellAccessManager3.
1SP3IR2Readme1NovellNovellAccessManager3.
1SP3IR2ReadmeJuly19,2011ThisReadmedescribestheNovellAccessManager3.
1SP3IR2release.
Section1,"Documentation,"onpage1Section2,"UpgradingtoAccessManager3.
1SP3IR2,"onpage1Section3,"BugsFixedinAccessManager3.
1SP3IR2,"onpage4Section4,"KnownIssuesinAccessManager3.
1SP3IR2,"onpage6Section5,"LegalNotices,"onpage91DocumentationThefollowingsourcesprovideinformationaboutNovellAccessManager:DocumentationWebSite(http://www.
novell.
com/documentation/novellaccessmanager31/index.
html).
AccessManagerSupport(http://www.
novell.
com/support/microsites/microsite.
do).
ForTIDsandCoolSolutionsarticles,selectAccessManagerfortheProductandArticles/TipsintheAdvancedSearchoptions.
NovellAccessManagerProductSite(http://www.
novell.
com/products/accessmanager/).
2UpgradingtoAccessManager3.
1SP3IR2Section2.
1,"UpgradingthePurchasedProduct,"onpage1Section2.
2,"InstallingtheHigh-BandwidthSSLVPNServer,"onpage42.
1UpgradingthePurchasedProductAfteryouhaveobtainedAccessManager3.
1SP3IR2orapreviousreleaseofAccessManager,logintotheNovellCustomerCenter(http://www.
novell.
com/center),thenfollowthelinkthatallowsyoutodownloadthesoftware.
Thefollowingfilesareavailable:FilenameDescriptionAM_31_SP3_IR2_IdentityServer_Linux32.
tar.
gzContainstheLinuxIdentityServer,theLinuxAdministrationConsole,theESP-enabledSSLVPNServer,andtheTraditionalSSLVPNServer.
AM_31_SP3_IR2_IdentityServer_Win32.
exe2NovellAccessManager3.
1SP3IR2ReadmeForupgradeandinstallationinformation:"UpgradeInstructions"onpage2"InstallationInstructions"onpage3"VerifyingVersionNumbersBeforeUpgrading"onpage3"VerifyingVersionNumbersAfterUpgrading"onpage3ContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2003.
AM_31_SP3_IR2_IdentityServer_Win64.
exeContainstheWindowsIdentityServerandWindowsAdministrationConsoleforWindowsServer2008.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES9.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)9versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_IR2_AccessGatewayAppliance_Linux_SLES11.
tar.
gzContainstheupgradeRPMsforthe(SUSELinuxEnterpriseServer)11versionoftheAccessGatewayApplianceandtheTraditionalSSLVPNserver.
AM_31_SP3_ConfigurationUpgrade.
zipContainsthescripttoenablethesessionstickinessoptionforexistingproxyservicesandallowtargetoptionfortheintersitetransferservice.
Thisoptionisdisabledonanupgradefrom3.
1SP2IR3to3.
1SP3IR2.
AM_31_SP3_IR2_AccessGatewayService_Win64.
exeContainstheAccessGatewayServiceforWindowsServer2008R2witha64-bitoperatingsystem.
AM_31_SP3_IR2_AccessGatewayService_Linux64.
binContainstheAccessGatewayServicefor(SUSELinuxEnterpriseServer)11witha64-bitoperatingsystem.
AM_31_SP3_IR2_ApplicationServerAgents_AIX.
binContainstheAgentsservicefortheAIXplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Linux.
binContainstheAgentsservicefortheLinuxplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Solaris.
binContainstheAgentsservicefortheSolarisplatform.
AM_31_SP3_IR2_ApplicationServerAgents_Windows.
exeContainstheAgentsservicefortheWindowsplatform.
FilenameDescriptionNovellAccessManager3.
1SP3IR2Readme32.
1.
1UpgradeInstructionsForinstructionsonupgradingfrom3.
1SP3,3.
1SP3IR1to3.
1SP3IR2,see"UpgradingAccessManagerComponents"intheNovellAccessManager3.
1SP3InstallationGuide.
Toverifythatyourcomponentsarerunning3.
1SP3,3.
1SP3IR1see"VerifyingVersionNumbersbeforeUpgrading"onpage3.
AnyAccessManagerversionpriorto3.
1SP2IR2shouldbefirstupgradedto3.
1SP3.
Formoreinformationonupgradingto3.
1SP3,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
2InstallationInstructionsForinstallationinstructionsfortheAccessManagerAdministrationConsole,theIdentityServer,theAccessGatewayAppliance,theAccessGatewayService,andtheSSLVPNserver,seetheNovellAccessManager3.
1SP3InstallationGuide.
2.
1.
3VerifyingVersionNumbersbeforeUpgradingIfyouareupgradingfromAccessManager3.
0,allcomponentsmustbefirstupgradedtoAccessManager3.
1SP3beforeupgradingtoAccessManager3.
1SP3IR2.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfield.
Thefollowingtableindicatestheversionsthatcanbeupgradedto3.
1SP3IR2.
2.
1.
4VerifyingVersionNumbersafterUpgradingWhenyouhavefinishedupgradingyourAccessManagercomponents,verifythattheyhaveallbeenupgraded.
1IntheAdministrationConsole,clickAccessManager>Auditing>Troubleshooting>Version.
2ExaminethevalueintheVersionfieldtoverifythatthecomponenthasbeenupgradedto3.
1SP3IR2.
Component3.
1SP33.
1SP3IR1AdministrationConsole3.
1.
3.
2473.
1.
3.
273IdentityServer3.
1.
3.
2473.
1.
3.
273LinuxAccessGateway3.
1.
3.
2473.
1.
3.
273AccessGatewayServices3.
1.
3.
2473.
1.
3.
273SSLVPN3.
1.
3.
2473.
1.
3.
273Component3.
1SP3IR2AdministrationConsole3.
1.
3.
292IdentityServer3.
1.
3.
292LinuxAccessGateway3.
1.
3.
292AccessGatewayServices3.
1.
3.
2924NovellAccessManager3.
1SP3IR2Readme2.
2InstallingtheHigh-BandwidthSSLVPNServerThekeyforthehigh-bandwidthSSLVPNserverdoesnotshipwiththeproductbecauseofexportlawsandrestrictions.
Thehigh-bandwidthversiondoesnothavetheconnectionandperformancerestrictionsthatarepartoftheversionthatshipswiththeproduct.
YourregularNovellsaleschannelcandetermineiftheexportlawallowsyoutoorderthehigh-bandwidthversionatnoextracost.
Afteryouhaveobtainedauthorizationforthehigh-bandwidthversion,logintotheNovellCustomerCenter(http://www.
novell.
com/center)andfollowthelinkthatallowsyoutodownloadthehigh-bandwidthkey.
3BugsFixedinAccessManager3.
1SP3IR2Section3.
1,"IdentityServer,"onpage4Section3.
2,"LinuxAccessGatewayAppliance,"onpage5Section3.
3,"AccessGatewayService,"onpage53.
1IdentityServerFixedanissuewherethepasswordfetchmethoddoesnotgetexecutedatourSAML2.
0ServiceProviderwhileconsuminganassertionfromtheidentityproviderserverthroughtheinter-sitetransferURLFixedanissuewheretheusercouldnotsetavalueforSAML2.
0RequestedAuthnContextcomparisonexcept"Exact.
"FixedanissuewhereauthenticationfailedforWSFederationwithSharePoint2010afterapplying3.
1SP3whenthetimesfortheidentityproviderWSFedwerenotsynchronized.
Formoreinformation,see"AssertionValidityWindow.
"FixedanissuewheretheKerberosauthenticationfailedwhentherequestwasproxiedbyanidentityprovidertoanotheridentityprovider.
FixedanissuewheretheclustercookiesdidnothaveanysecureandHTTPOnlyoptions.
Theseoptionsarenotenabledbydefault,andtheweb.
xmloptionsareintroducedtoenabletheseoptions.
Formoreinformation,see"EnablingSecureorHTTPOnlyFlagsforClusterCookies.
"FixedanissuewheretheserviceprovidergeneratedtwoSAMLSSOrequests,resultingintwosessionindexesthatcausedincompletesinglelogout.
FixedanissuewhentheidentityserverinaclusterreceivedaSAML2.
0logoutrequestwheretheauthenticationwasperformedonadifferentnode.
FixedanissuewhereaSAML2.
0attributequeryresponsedidnotpopulatetheinResponseToattributeinSubjectConfirmation.
SSLVPN3.
1.
3.
292Component3.
1SP3IR2NovellAccessManager3.
1SP3IR2Readme5FixedanissuewhereSAML2.
0ignoredtheFrontChannelLogoutoptioninthelogoutinitiatedbytheAccessGatewayAppliance.
Formoreinformation,see"DefiningOptionsforLibertyorSAML2.
0"3.
2LinuxAccessGatewayApplianceFixedanissuewithRangerequestswheretheAccessGatewayAppliancesendsthesamerequesttwicetotheWebserver,resultinginrandomservercrashes.
FixedanissuewhereAccessGatewayAppliancecrasheswhentheWebserversentcontent-lengthresponseheadervaluesmallerthantheactualcontent.
FixedaloginissueintheclusterenvironmentwithAccessGatewayAppliancewhentheusernamecontaineddoublebytecharactersinit.
FixedanissuewiththeAccessGatewayAppliancewheretheusergotanerrormessage"403ForbiddenDescription:DetectedURLtampering.
"FixedamemoryleakissuethatcausedacoredumpwithAccessGatewayAppliance.
FixedanissuewiththeOpenHREloginpage.
Ifthevaluefortheformnumberwasconfiguredas0intheFormFillpolicy,theloginpagewastruncated.
FixedanissuewhererandomprocessrestartsoccurredinSP3.
FixedanissueintheauthorizationpolicywithmultipleLDAPOUevaluationfailuresafterupgradingfrom3.
1SP2to3.
1SP3.
Fixedanissuewherethe/var/novell/.
disableWSHealthtouchfilewasnotworking.
ThistouchfilehelpsavoidthedevicehealthbeingmarkedasbadbecauseofsomeunreachableWebservers.
Formoreinformation,see"disableWSHealth"Fixedanissuewheretheuser'sprivateinformationwasgettingloggedtothesoapmessageslogfileunderspecificconfigurations.
Fixeda403forbiddenissuethatresultedwhentheuserpostedlargedata(morethan56KiloBytesinsize)afterasessiontimeout.
TheAdministratorcanchangethepostdataparkingsizelimit.
Formoreinformation,see"ParkingSizeInKiloBytes"FixedanissuewherethesourceportoftheconnectiontotheWebserverwasincorrectintheics_dyn.
logfile.
FixedanissuewheretheAccessGatewayAppliancecrashedwhilebeingredirectedfromhttptohttpswhenthehostnameheaderexceeds4kbytes.
FixedacrashissuewithAccessGatewayincustomloginsequenceenvironmentwhere/nesp/app/ploginrequestreachesproxywithPOSTdata.
Fixedanissuewhere400badrequestswasobservedinthereliabilitytestsforlargefilescripts.
3.
3AccessGatewayServiceFixedanissuewheretheAccessGatewayServicerewriterremoved"%2"incorrectlyfromtheurlbeingrewritten.
6NovellAccessManager3.
1SP3IR2ReadmeFixedadelayissuewiththeAccessGatewayServicewhentheauditserverwasnotreachableornotresponding.
FixedaloginissuewiththeAccessGatewayServiceifuserswaitfor3+minattheIDPloginpageandthensubmitstheircredentials.
FixedanissuewhereAccessGatewayServicesessioncookiearchitecturewasdifferentfromAccessGatewayAppliancesessioncookiearchitecture.
FixedanissuewheretheAccessGatewayServiceperformancedropsby90%whentheauditserverisnotreachable.
4KnownIssuesinAccessManager3.
1SP3IR2Section4.
1,"StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServices,"onpage6Section4.
2,"AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabled,"onpage7Section4.
3,"TheSSLVPNCausesaWindowsExplorerCrashinKioskMode,"onpage7Section4.
4,"VulnerabilityIssuesinJRESecurity,"onpage7Section4.
5,"ServiceUnavailabilityCausedbyaSLES11Issue,"onpage7Section4.
6,"DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopard,"onpage8Section4.
7,"OnWindowsServer2008,YouCannotUninstalltheAdministrationConsole,"onpage8Section4.
8,"ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayAppliance,"onpage8Section4.
9,"ErrorinSecondaryIPaddressesafterPushingConfigurationUpdates,"onpage8Section4.
10,"The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWork,"onpage8Section4.
11,"IssuewithSSLVPNWhileValidatingServerCertificates,"onpage8Section4.
12,"LinuxAccessGatewayApplianceDoesNotSupportRFC5746,"onpage94.
1StoppingthenauditServiceSubsequentlyStopsJCCandTomcatServicesOccasionally,whenthenauditserviceisstoppedbyusing/etc/init.
d/novell-nauditstopcommand,otherimportantservicessuchasTomcatandJCCalsostop,whichcausesinterruptionofservices.
Toworkaroundthisissue,manuallyrestarttheTomcatandJCCservices.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008991&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228708&stateId=0%200%20247101813)intheTID.
NovellAccessManager3.
1SP3IR2Readme74.
2AuthenticationErrorIftheOverwriteRealUserorOverwriteTemporaryUserOptionIsEnabledIfyouhavetwocontracts,andtheOverwriteRealUseroptionisenabledforoneofthem,thefirstuserauthenticationdoesnotoverwritetheseconduserauthentication.
Itdisplaysthefollowingerrormessage:"Unabletoauthenticate.
(409-esp-7271673232708786).
"ThisissueisnotobservedwiththeLinuxAccessGateway.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008992&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120228779&stateId=0%200%20247101935)intheTID.
4.
3TheSSLVPNCausesaWindowsExplorerCrashinKioskModeTheSSLVPNclientworksproperlyinEnterprisemode,butcrashesWindowsExplorerusingActiveX.
Ifyourestore/downgradetheWindowsXPclienttoWindowsXPSP3,theSSLVPNclientworksproperlyinKioskmode.
ThisissueisnotobservedwithFirefoxusingJava.
4.
4VulnerabilityIssuesinJRESecurityToworkaroundtheJREsecurityvulnerabilityissue,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008129&sliceId=1&docTypeID=DT_TID_1_1&dialogID=216290409&stateId=0%200%20216288812)intheTID.
4.
5ServiceUnavailabilityCausedbyaSLES11IssueInSLES11,theoperatingsystemreturnsthe27.
0.
0.
2entrywhenthehostnameisresolved.
Thiscausesthe127.
0.
0.
2tobethedefaultaddressofthelistenerwhenthedeviceisaddedtothecluster.
Toworkaroundthisissue:1Gototheproxyservicepage.
ChangethelisteningIPaddresstotheotherclustermember,thenselectthecorrectIPaddressagain.
2ClickUpdatetosavethechanges.
3Verifythecorrectaddress,thenaddthedevicetothecluster.
IMPORTANT:DonotrefertothedeploymentscenariosinthecontextsensitivehelpavailablewiththeAccessManager3.
1.
3build.
RefertothisinformationintheIdentityServerGuide.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008978&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120230000&stateId=0%200%20247107319)intheTID.
8NovellAccessManager3.
1SP3IR2Readme4.
6DNSResolutionbyUsingDNSServersPushedfromSSLVPNfailsonMacLeopardIftheIPaddressandDNSserversareconfiguredstaticallyonMACLeopardandasuccessfulSSLVPNconnectionisestablished,theDNSresolutionfailstousetheDNSserverIPaddresspushedfromtheSSLVPNserver.
4.
7OnWindowsServer2008,YouCannotUninstalltheAdministrationConsoleWhenyouinstalltheAdministrationConsoleandtheIdentityServeronaWindows2008machine,youcannotcompletelyuninstallthecomponents.
Theuninstallprogramhangsbeforeitcleansallthefilesandtheregistryentries.
Toworkaroundthisissue,see(http://www.
novell.
com/documentation/novellaccessmanager31/readme/accessmanager_readme_sp2_ir3.
html#br1og3r)intheNovellAccessManager3.
1SP2IR3aReadme.
4.
8ErrorwhileUploadingLargeFilestoanIIS7.
xback-endWebServerthroughtheLinuxAccessGatewayApplianceYoucannotuploadlargefilestoanIIS7.
xWebserverwhereSSLisenabledbetweentheLinuxAccessGatewayandIIS7server.
Themaximumuploadsizedependsonthenetworksetup.
Forinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008505&sliceId=1&docTypeID=DT_TID_1_1&dialogID=120156265&stateId=0%200%20246847206)intheTID.
4.
9ErrorinSecondaryIPaddressesafterPushingConfigurationUpdatesWithsecuritypatchesinstalledontheSLES11LinuxAccessGatewaymachine,thesecondaryIPaddressismissingafterpushingconfigurationupdatesfromtheAdministrationConsoletotheLinuxAccessGatewaydevice.
Toworkaroundthisissue:1Backupthefile/etc/sysconfig/network/ifcfg-eth-id-thenremoveitfromthedirectory.
2PushtheconfigurationfromtheAdministrationConsole.
4.
10The"includethesessiontimeoutattributeintheassertion"FeatureDoesNotWorkToworkaroundthisissue,keeptheSPRemotecontracttimeoutthesameastheremoteidentityprovidersessiontimeout.
4.
11IssuewithSSLVPNWhileValidatingServerCertificatesTheSSLVPNclientcannotvalidateservercertificateifthetrustchainincludesoneormoreintermediaterootcertificates.
Formoreinformation,see(http://www.
novell.
com/support/php/search.
docmd=displayKC&docType=kc&externalId=7008465&sliceId=2&docTypeID=DT_TID_1_1&dialogID=247083053&stateId=0%200%20247079487)intheTID.
NovellAccessManager3.
1SP3IR2Readme94.
12LinuxAccessGatewayApplianceDoesNotSupportRFC5746UntilaLinuxAcessGatewayversionincludingsupportforRFC5746willnotbereleased,theworkaroundistousetheLinuxAccessGatewayService,insteadoftheappliance.
Forinformation,see(http://www.
novell.
com/support/viewContent.
doexternalId=7008600&sliceId=1)intheTID.
5LegalNoticesNovell,Inc.
,makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttorevisethispublicationandtomakechangestoitscontent,atanytime,withoutobligationtonotifyanypersonorentityofsuchrevisionsorchanges.
Further,Novell,Inc.
,makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.
Further,Novell,Inc.
,reservestherighttomakechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityofsuchchanges.
AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.
S.
exportcontrolsandthetradelawsofothercountries.
Youagreetocomplywithallexportcontrolregulationsandtoobtainanyrequiredlicensesorclassificationtoexport,re-exportorimportdeliverables.
Youagreenottoexportorre-exporttoentitiesonthecurrentU.
S.
exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.
S.
exportlaws.
Youagreetonotusedeliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.
SeetheNovellInternationalTradeServicesWebpage(http://www.
novell.
com/info/exports/)formoreinformationonexportingNovellsoftware.
Novellassumesnoresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.
Copyright2011Novell,Inc.
Allrightsreserved.
Nopartofthispublicationmaybereproduced,photocopied,storedonaretrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.
ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.
novell.
com/).
Allthird-partytrademarksarethepropertyoftheirrespectiveowners.
rfchost怎么样?rfchost是一家开办了近六年的国人主机商,一般能挺过三年的国人商家,还是值得入手的,商家主要销售VPS,机房有美国洛杉矶/堪萨斯、中国香港,三年前本站分享过他家堪萨斯机房的套餐。目前rfchost商家的洛杉矶机房还是非常不错的,采用CN2优化线路,电信双程CN2 GIA,联通去程CN2 GIA,回程AS4837,移动走自己的直连线路,目前季付套餐还是比较划算的,有需要的可...
华纳云(HNCloud Limited)是一家专业的全球数据中心基础服务提供商,总部在香港,隶属于香港联合通讯国际有限公司,拥有香港政府颁发的商业登记证明,保证用户的安全性和合规性。 华纳云是APNIC 和 ARIN 会员单位。主要提供香港和美国机房的VPS云服务器和独立服务器。商家支持支付宝、网银、Paypal付款。华纳云主要面向国内用户群,所以线路质量还是不错的,客户使用体验总体反响还是比较好...
raksmart作为一家老牌美国机房总是被很多人问到raksmart香港服务器怎么样、raksmart好不好?其实,这也好理解。香港服务器离大陆最近、理论上是不需要备案的服务器里面速度最快的,被过多关注也就在情理之中了。本着为大家趟雷就是本站的光荣这一理念,拿了一台raksmart的香港独立服务器,简单做个测评,分享下实测的数据,仅供参考!官方网站:https://www.raksmart.com...
403forbidden为你推荐
ISBNess人人视频总部基地落户重庆渝洽会上的西部国际总部基地是做什么的?客服电话中国移动的人工服务电话号码是多少传奇域名自己的传奇服务器怎么建设?我爱试用网我发现我对性爱这个话题好敏感!来吧看谁能把我下面说湿了?要200以上的才好评啊!三五互联科技股份有限公司三五互联 网站做的怎么样 公司打算做网站,近来接到电话,不知道网站做的如何,水平怎么样,后期的服务呢网站方案设计求一篇校园网络设计的方案可信网站网站备案了,还要验证可信网站吗?他们有什么区别oa办公软件价格一套专业版的oa办公系统多少钱?discuz伪静态Discuz! X3.0 到底能不能伪静态?门户怎么伪静态?
虚拟主机排名 免费cn域名注册 vps教程 万网域名管理 stablehost burstnet 163网 免费博客空间 大容量存储 论坛空间 丹弗 小米数据库 193邮箱 圣诞促销 jsp空间 息壤代理 hktv gtt 域名dns 申请网站 更多