Page 1 AUTHORIZED DOCUMENTATION Administration Console Guide Novell ® Access Manager 3.1 SP1 March 17, 2010 www.novell.com Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 2: Legal Notices
Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
Page 4 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 5: Table Of Contents
Enabling Auditing ............23 1.7.1 Configuring Access Manager for Novell Auditing ......24 1.7.2 Querying Data and Generating Reports in Novell Audit .
Page 6 Importing an External Certificate Key Pair ....... . 111 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 7 B.1.2 When the Full Certificate Chain Is Not Returned During an Automatic Import of the Trusted Root ............112 B.1.3 Using Internet Explorer to Add a Trusted Root Chain .
Page 8 D.62 Management Communication Channel: Device Configuration Changed (0x002e0604) ..160 D.63 Management Communication Channel: Device Alert (0x002e0605) ....160 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 9: About This Guide
About This Guide ® This guide describes the following features of Novell Access Manager Administration Console: Chapter 1, “Administration Console,” on page 11 Chapter 2, “Backing Up and Restoring Components,” on page 31 Chapter 3, “Security and Certificate Management,” on page 41 Chapter 4, “Access Manager Logging,”...
Page 10: Additional Documentation
Novell Access Manager 3.1 SP1 SSL VPN Server Guide Novell Access Manager 3.1 SP1 Event Codes Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ®...
Page 11: Administration Console
(found in the novell container), then click Restrictions. For configuration help, use the Help button. Intruder Detection: The admin user is created in the novell policy container. You should set up a intruder detection policy for this container. In the Administration Console, select the Roles and Tasks icon in the iManager header, then click Directory Administration >...
Page 12 Manager. If something happens to the user who knows the name of this user and password or if the user forgets the password, you cannot access the Administration Console. Novell recommends that you create at least one back up user and to make that user security equivalent to the admin user.
Page 13: Configuration Store
These Management Communication Channel events have an ID of 002e0605. All Access Manager events begin with 002e. SSL VPN starts with 0031. You can set up Novell Auditing to send e-mail whenever these events or your selected audit events occur. See “Configuring System Channels”...
Page 14: Administration Console Conventions
Access Manager has two views in the Administration Console. Access Manager 3.0 and its Support Packs used the Roles and Tasks view, with Access Manager as the first listed task in the left hand navigation frame. It looks similar to the following: Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 15 Access Manager Roles and Tasks View Figure 1-1 This view has the following advantages: Other tasks that you occasionally need to manage the configuration datastore are visible. If you are familiar with 3.0, you do not need to learn new ways to navigate to configure options.
Page 16 When you install or upgrade to Access Manager 3.1 and log in to the Administration Console, the default view is set to the Access Manager view. To change the view: 1 Locate the Header frame. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 17: Changing The Administration Console Session Timeout
1.5 Changing the Password for the Administration Console The admin of the Administration Console is a user created in the novell container of the configuration store. To change the password: 1 In the Administration Console, click Users > Modify User.
Page 18: Multiple Administrators, Multiple Sessions
4 Click Security > Security Equal To. 5 Select the admin user, then click Apply > OK. 6 Repeat Step 3 through Step 5 for each user you want to make security equivalent to the admin user. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 19: Managing Delegated Administrators
1.6.2 Managing Delegated Administrators As the Access Manager admin user, you can create delegated administrators to manage the following Access Manager components. Individual Access Gateways or an Access Gateway cluster Identity Server clusters Individual J2EE agents or a J2EE agent cluster Individual SSL VPN servers or an SSL VPN cluster Policy containers IMPORTANT: You need to trust the users you assign as delegated administrators.
Page 20 You can assign a user to be a delegated administrator of an Access Gateway cluster or a single Access Gateway that does not belong to a cluster. You cannot assign a user to manage a single member of a cluster. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 21 When a delegated administrator of an Access Gateway cluster is granted View/Modify rights, the administrator has sufficient rights to change the cluster configuration, to stop and start (or reboot and shutdown), and to update the Access Gateways in the cluster. However, to configure the Access Gateway to use SSL, you need to be the admin user, rather than a delegated administrator.
Page 22 1 In the Administration Console, click Auditing > Auditing. 2 Make sure you have configured the IP address and port to use for your Secure Logging Server. The server can be a Novell Audit server or a Sentinel server. For more information about this process, see Section 1.7, “Enabling Auditing,”...
Page 23: Enabling Auditing
3 From the iManager view bar, select the Roles and Tasks view. 4 Click Directory Administration > Modify Object. 5 Click the Object Selector icon, expand the novell container, then select the eDirectory server. The eDirectory server uses the tree name, without the _TREE suffix, for its name. The tree name is displayed in the iManager view bar.
Page 24: Configuring Access Manager For Novell Auditing
Novell Audit server. If the Novell Audit server is not available, the Platform Agent caches log entries until the server is operational and can accept audit log data. The Platform Agent can be configured to forward events to Sentinel rather than Novell Audit. For information on how to do this, see “Specifying the Logging Server and the Console Events”...
Page 25 Specifying the Logging Server and the Console Events The Secure Logging Server manages the flow of information to and from the Novell auditing system. It receives incoming events and requests from the Platform Agents, logs information to the data store, monitors designated events, and provides filtering and notification services. It can also be configured to automatically reset critical system attributes according to a specified policy.
Page 26 You can minimize the effects of this scenario by configuring the following two parameters in file. logevent Parameter Description LogMaxCacheSize Sets a limit to the amount of cache the Platform Agent can consume to log events when the audit server is unreachable. The default is unlimited. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 27: Querying Data And Generating Reports In Novell Audit
SQL. Although you must be familiar with the SQL language to create SQL query statements, this is the most powerful and flexible query method. Novell Audit provides two tools to query events and generate reports: the Novell Audit iManager plug-in and Novell Audit Report (...
Page 28 “Novell Audit Report” on page 28 The Novell Audit iManager Plug-in The Novell Audit iManager plug-in is a Web-based JDBC* application that enables you to query MySQL and Oracle databases. All queries are defined in SQL. iManager includes several predefined queries and it includes a Query Builder to help you define basic query statements.
Page 29 “Working with Reports in Novell Audit Report” (http://www.novell.com/documentation/ novellaudit20/novellaudit20/data/alorpgw.html#alsn2fj) “Working with Queries in Novell Audit Report” (http://www.novell.com/documentation/ novellaudit20/novellaudit20/data/alorpgw.html#alshpuw) Administration Console...
Page 30 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 31: Backing Up And Restoring Components
Access Manager. The following sections describe how to back up and restore your Access Manager components and how to export your configuration for Novell Support: Section 2.1, “How The Backup and Restore Process Works,” on page 31 Section 2.2, “Backing Up the Administration Console,”...
Page 32: Backing Up The Administration Console
The backup script backs up the objects in the ou=accessManagerContainer.o=novell container. It does not back up the following: Admin user account and password Delegated administrator accounts, their passwords, or rights Role Based Services (RBS) configuration Modified configuration files on the devices such as the file web.xml...
Page 33: Restoring An Administration Console Configuration
The certificates contained in the configuration store. The trusted roots in the trustedRoots container of the accessManagerContainer object. An encrypted LDIF file, containing everything found in the OU=accessManagerContainer,O=novell container. file containing the Tomcat configuration information for the Administration server.xml Console.
Page 34: Restoring The Configuration On A Standalone Administration Console Or With A
13c (Optional) To verify that the re-push of the certificates was successful, click Security > Command Status. If you are restoring only the Administration Console, other components should still function properly after the restore. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 35: Restoring The Configuration With An Identity Server On The Same Machine
9a Remove the Identity Server from the cluster configuration. (See “Removing a Server from a Cluster Configuration” in the Novell Access Manager 3.1 SP1 Identity Server Guide.) 9b Delete the Identity Server from the Administration Console. (See “Managing an Identity Server”...
Page 36: Restoring The Configuration With An Esp-Enabled Ssl Vpn Server
9 For the SSL VPN Server, complete the following steps after the restore has finished: 9a Remove the SSL VPN Server from the cluster configuration. 9b Delete the SSL VPN Server from the Administration Console. 9c Uninstall the SSL VPN server. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 37: Restoring An Identity Server
1 Remove the Identity Server from the Identity Server cluster configuration. (See “Removing a Server from a Cluster Configuration” in the Novell Access Manager 3.1 SP1 Identity Server Guide.) 2 Delete the Identity Server from the Administration Console. (See “Managing an Identity Server”...
Page 38: Single Access Gateway
5b If you have configured the Access Gateway to use SSL, reconfigure the certificates for the listener. Click Devices > Access Gateways > Edit > [Name of Reverse Proxy]. 5c Save and apply any changes. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 39: Running The Diagnostic Configuration Export
These are not instances of passwords, but rather definitions that describe passwords as string types. The LDIF file can then be sent to Novell Support for help in diagnosing configuration problems. Backing Up and Restoring Components...
Page 40 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 41: Security And Certificate Management
Administration Console and is the main certificate store ® for all of the Access Manager components. If you use Novell Certificate Server , you can create certificates there and import them into Access Manager.
Page 42: Process Flow
A CA is a third-party or network authority that issues and manages security credentials and public keys for message encryption. The CA’s certificate is held in the configuration store of the computers that trust the CA. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 43: Access Manager Trust Stores
Linux Device: /opt/novell/devman/jcc/certs/<device> Windows Device: C:\Program Files\novell\devman\jcc\certs/<device> The <device> can be idp (for the Identity Server), esp (for the Embedded Service Providers, including Access Gateways, J2EE agents, and SSL VPN servers), or sslvpn (for the SSL VPN server).
Page 44: Access Manager Keystores
A keystore is a store, such as a file, containing keys and certificates. Access Manager components and agents can access the keystore to retrieve certificates and keys as needed. Keystores for Access Manager are already defined for the components. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 45 Linux Device: /opt/novell/devman/jcc/certs/<device> Windows Device: C:\Program Files\novell\devman\jcc\certs/<device> The <device> can be idp (for the Identity Server), esp (for the Embedded Service Providers, including Access Gateways, J2EE agents, and SSL VPN servers), or sslvpn (for the SSL VPN server). Access Manager creates keystores for the following devices: “Identity Server Keystores”...
Page 46 This keystore does not use the default location; it is located in the /etc/opt/novell/sslvpn/ directory. certs SSL Connector: This keystore contains the certificate that encrypts authentication information between the SSL VPN client browser and the SSL VPN server. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 47: Managing Certificates
Keystores When Multiple Devices Are Installed on the Administration Console Access Manager creates the following keystore when the Identity Server and the SSL VPN server are installed on the Administration Console. COMMON_TOMCAT_CLUSTER: This keystore contains the certificate that is used for SSL connections.
Page 48: Creating A Locally Signed Certificate
CA that can issue and sign certificates, and a certificate server that generates or imports certificates and keys, and generate CSRs 1 In the Administration Console, click Security > Certificates. 2 Click New. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 49 3 Select the following option: Use local certificate authority: Creates a certificate signed by the local CA (or Organizational CA), and creates the private key. For information about creating a CSR, see “Generating a Certificate Signing Request” on page 4 Provide a certificate name: Certificate name: The name of the certificate.
Page 50 7 (Optional) To configure advanced options, click Advanced Options. 8 Configure the following options as necessary for your organization: Critical: Specifies that an application should reject the certificate if the application does not understand the key usage extensions. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 51 Alternate Names button. Alternate names can represent the entity identified by the certificate. The certificate can identify the subject CN=www.OU=novell.O=com, but the subject can also be known by an IP address, such as 222.111.100.101, or a URI, such as www.novell.com, for example.
Page 52 Registered ID: An ASN.1 object identifier. DNS Name: A domain name such as novell.com. Email Address (RFC 822 name): An e-mail address such as ca@novell.com. X400 Name: The messaging and e-mail standard specified by the ITU-TS (International Telecommunications Union - Telecommunication Standard Sector). It is an alternative to the more prevalent Simple Mail Transfer Protocol (SMTP) e-mail protocol.
Page 53 street: Describes the street address (OID: 2.5.4.9) serialNumber: Specifies the serial number of a device (OID: 2.5.4.5) title: Describes the position or function of an object (OID: 2.5.4.12) description: Describes the associated object (OID: 2.5.4.13) searchGuide: Specifies a search filter (OID: 2.5.4.14) businessCategory: Describes the kind of business performed by an organization (OID: 2.5.4.15) postalAddress: Specifies address information required for the physical delivery of postal messages (OID: 2.5.4.16)
Page 54: Generating A Certificate Signing Request
Certificate name: The name of the certificate. Pick a unique, system-wide name for the certificate that you can easily associate with the certificate’s purpose. The name must contain only alphanumeric characters and no spaces. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 55: Importing A Signed Certificate
Subject: An X.500 formatted distinguished name that identifies the entity that is bound to the public key in an X.509 certificate. Choose the subject name that the browser expects to find in the certificate. The name you enter must be fully distinguished. Completing all the fields creates a fully distinguished name that includes the appropriate types (such as C for country, ST for state, L for location, O for organization, OU for organizational unit, and CN for common name).
Page 56: Managing Certificates And Keystores
Certificate data file (PFX/PKCS12): The certificate file to import. You can browse to locate file. PKCS12 Certificate data file (JKS): To locate a JKS file, select this option, then click the Browse button. 4 Click OK. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 57 If you receive an error when importing the certificate, the error comes from either NICI or PKI. ® For a description of these error codes, see Novell Certificate Server Error Codes and Novell International Cryptographic Infrastructure (http://www.novell.com/documentation/nwec/ index.html). For general certificate import issues, see Section B.1.1, “Importing an External Certificate Key Pair,”...
Page 58 You cannot export a certificate if you enabled the Do not allow private key to be exportable option while creating the certificate. 1 In the Administration Console, click Security > Certificates. 2 On the Certificates page, click the certificate. 3 On the Certificate Details page, click Export Private/Public Keypair. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 59 4 Select the format for the key: PFX/PKCS12: Public Key Cryptography Standards #12 (PKCS#12) format, which is also called PFX format. This format can be used to create JKS or PEM files. JKS: Java keystore format. 5 Specify the password in the Encryption/decryption password field, then click OK. IMPORTANT: Remember this password because you need it to re-import the key.
Page 60 Implementations search the CRL from each distribution point (the distribution point is usually a URI that points to a store of revoked certificates) to see whether a certificate has been revoked. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 61: Managing Trusted Roots And Trust Stores
Authority Info Access (OCSP): Displays a list of Online Certificate Status Protocol (OCSP) responders that are embedded into the certificate as an extension at certificate creation time. Implementations query the OCSP responder to see whether a certificate has been revoked. 3.2.3 Managing Trusted Roots and Trust Stores When an external certificate authority creates certificates, you need to import the trusted root of the certificate authority and assign the trusted root to the trust store of the device that needs to trust the...
Page 62 Trust store type: The type of trust store such as Java, PEM, or DER. Cluster or Device name: The name of the cluster using this trust store or the single device that is using the trust store. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 63 Cluster members’ Trust Stores: The trust stores assigned to a cluster. If a device does not belong to a cluster, this section does not appear. Viewing Trusted Root Details 1 In the Administration Console, click Security > Trusted Roots. 2 Click the name of a trusted root. 3 View the following information: Field Description...
Page 64: Assigning Certificates To Access Manager Devices
Section 3.3.6, “Changing a Non-Secure (HTTP) Environment to a Secure (HTTPS) Environment,” on page 69 Section 3.3.7, “Creating Keystores and Trust Stores,” on page 69 Section 3.3.8, “Reviewing the Command Status for Certificates,” on page 71 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 65: Importing A Trusted Root To The Ldap User Store
3.3.1 Importing a Trusted Root to the LDAP User Store When you specify the settings of a user store for an Identity Server configuration, or add a user store, you can import the trusted root certificate to the LDAP user store device. 1 In the Administration Console, click Devices >...
Page 66: Replacing Identity Server Ssl Certificates
If this revocation checking protocol is used, the Identity Server does not cache or store the information in the reply, but sends a request every time it needs to check the revocation status of a Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 67: Assigning Certificates To An Access Gateway
The system restarts Tomcat for you if you click Restart Now at the prompt. If you want to restart at your convenience, select Restart Later and then manually restart Tomcat. Linux: Enter the following command: /etc/init.d/novell-tomcat5 restart Windows: Enter the following commands: net stop Tomcat5 net start Tomcat5 8 Update the Identity Server configuration on the Servers page, as prompted.
Page 68: Assigning Certificates To J2Ee Agents
Import the public certificate of the CA into the Identity Server configuration that the component is using for authentication. In the Administration Console, click Devices >Identity Servers > Edit > Security > NIDP Trust Store and add the certificate to the Trusted Roots list. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 69: Changing A Non-Secure (Http) Environment To A Secure (Https) Environment
4 (Conditional) If you have set up federation, reimport metadata for trusted service and identity providers. (See “Managing Metadata” in the Novell Access Manager 3.1 SP1 Identity Server Guide.) 5 Change the Access Gateway configuration to HTTPS. (See “Configuring the Access Gateway SSL”...
Page 70 This creates the keystore. 9 (Optional) On the Keystore page, assign a certificate to the new keystore by selecting the store’s check box. 10 Click OK in the Add Certificate to Keystores dialog box. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 71: Reviewing The Command Status For Certificates
3.3.8 Reviewing the Command Status for Certificates You can view the status of the commands that have been sent to the certificate server for execution. 1 In the Administration Console, click Security > Certificates, then click Command Status. 2 Use the following options to review or change a server’s certificate command status: Delete: To delete a command, select the check box for the command, then click Delete.
Page 72 If the command failed, additional information is available. For a command that the Administration Console can successfully process, the page displays a Command Execution Details section with the name of the command and the command results. 4 Click Close. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 73: Access Manager Logging
Access Manager Logging Section 4.1, “Understanding the Types of Logging,” on page 73 Section 4.2, “Downloading the Log Files,” on page 74 Section 4.3, “Using the Log Files for Troubleshooting,” on page 79 4.1 Understanding the Types of Logging Access Manager supports three types of logging: Section 4.1.1, “Component Logging for Troubleshooting Configuration or Network Problems,”...
Page 74: Http Transaction Logging For Proxy Services
If you want this file to appear in this list on a Linux machine, you must make this file readable by the novlwww user. It is a breach of Novell Audit security for Access Manager code to change the permissions on this file. You must decide whether changing its permissions and displaying the file in this list compromises your security.
Page 75 Contains events related to policy app_cc.0.log configuration. Contains XML events for configuration /Program Files/Novell/log/ changes. This log file contains very little platform.0.log useful information for system administrators. Contains the log entries for Novell /Program Files/Novell/Nsure Audit/ auditing. logs/auditlog Linux Identity Server Access Manager Logging...
Page 76 Echo to Console option from the Identity Servers > Servers > Edit > Logging page. Check this file for entries tracing the evaluation of authorization, identity injection, and form fill policies. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 77 (To enable this type of logging, see “Configuring Proxy Service Logging” in the Novell Access Manager 3.1 SP1 Access Gateway Guide.) A directory is listed for each reverse proxy on which you have enabled logging.
Page 78 0.log.0 interaction of the SSL VPN with the Administration Console, such as imports, certificates, and configuration. /var/log/messages Contains the log entries for the connection manager and socks servers. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 79: Using The Log Files For Troubleshooting
Identity Server for authentication. For configuration information, see “Configuring Component Logging” in the Novell Access Manager 3.1 SP1 Identity Server Guide. Embedded Service Providers: Each Access Manager device has an Embedded Service Provider that communicates with the Identity Server. Its log level is controlled by configuring Identity Server logging.
Page 80 The following entry is a typical entry that is logged when a user has initiated a login sequence. <amLogEntry> 2007-06-08T21:06:25Z INFO NIDS Application: AM#500105014: AMDEVICEID#9921459858EAAC29: AMAUTHID#BB11C254B7521B5E836D8703826287 AF: Attempting to authenticate user cn=jwilson,o=novell with provided credentials. </amLogEntry> Fields in a Log Entry Table 4-2...
Page 81 This information is optional, and contains information that is specific to the log entry. It can be as simple as an informational string, such as the string in the example log entry: Attempting to authenticate user cn=jwilson,o=novell with provided credentials. The supplementary information can have a very specific format. For an example and explanation of the policy trace information, see “Understanding Policy Evaluation...
Page 82: Sample Authentication Traces
If the Access Gateway initiates the authentication because of a user request to a protected resource, the Embedded Service Provider log file of the Access Gateway also contains entries for the Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 83 AMDEVICEID#9921459858EAAC29: AMAUTHID#F35A3C7AD7F2EEDEB3D17F99EC3F39D1: Executing contract Name/Password - Form. </amLogEntry> 6. <amLogEntry> 2007-06-14T17:14:39Z INFO NIDS Application: AM#500105014: AMDEVICEID#9921459858EAAC29: AMAUTHID#F35A3C7AD7F2EEDEB3D17F99EC3F39D1: Attempting to authenticate user cn=bcf,o=novell with provided credentials. </ amLogEntry> 7. <amLogEntry> 2007-06-14T17:14:39Z WARNING NIDS Application: Event Id: 3014666, Target: cn=bcf,o=novell, Sub-Target: F35A3C7AD7F2EEDEB3D17F99EC3F39D1, Note 1: Local, Note 2: This Identity Provider, Note 3: name/password/uri, Numeric 1: 0 </amLogEntry>...
Page 84 AdditionalRole(6601):unknown():Manager:~~~Success(0) </amLogEntry> 11. <amLogEntry> 2007-06-14T17:14:39Z INFO NIDS Application: AM#500105013: AMDEVICEID#9921459858EAAC29: AMAUTHID#F35A3C7AD7F2EEDEB3D17F99EC3F39D1: Authenticated user cn=bcf,o=novell in User Store Local Directory with roles Manager,authenticated. </amLogEntry> 12. <amLogEntry> 2007-06-14T17:14:39Z INFO NIDS Application: AM#500105017: AMDEVICEID#9921459858EAAC29: AMAUTHID#F35A3C7AD7F2EEDEB3D17F99EC3F39D1: nLogin succeeded, redirecting to http://10.10.15.19:8080/nidp/app. </ amLogEntry>...
Page 85 Executing contract Name/Password - Form. </amLogEntry> <amLogEntry> 2007-07-31T17:36:49Z INFO NIDS Application: AM#500105014: AMDEVICEID#AA257DA77ED48DB0: AMAUTHID#83778AE09DCA5A35B57842D754A60D67: Attempting to authenticate user cn=admin,o=novell with provided credentials. </amLogEntry> <amLogEntry> 2007-07-31T17:36:49Z INFO NIDS Application: AM#500105012: AMDEVICEID#AA257DA77ED48DB0: AMAUTHID#83778AE09DCA5A35B57842D754A60D67: Authenticated user cn=admin,o=novell in User Store Internal with no roles. </ Access Manager Logging...
Page 86 Processing proxy request for login using contract name/password/uri and return url http://jwilson.provo.novell.com/ </amLogEntry> <amLogEntry> 2007-07-31T17:35:05Z INFO NIDS Application: AM#500105015: AMDEVICEID#esp-2FA73CE1A376FD91: AMAUTHID#C6D119FD93EEBBEBEC50BEB27B9E2832: Processing login request with TARGET = http://jwilson.provo.novell.com/, saved TARGET = . </amLogEntry> <amLogEntry> 2007-07-31T17:35:05Z INFO NIDS Application: AM#500105009: AMDEVICEID#esp-2FA73CE1A376FD91: AMAUTHID#C6D119FD93EEBBEBEC50BEB27B9E2832: Executing contract IDP Select.
Page 87: Changing The Ip Address Of Access Manager Devices
See the following sections: “Installing Secondary Versions of the Administration Console” in the Novell Access Manager 3.1 SP1 Setup Guide “Converting a Secondary Console into a Primary Console” on page 95 Converting a secondary console into a primary console is not a simple task. The task was designed as a disaster recovery solution when the primary console is no longer available.
Page 88 14 Start the server communication service by using the following command: Linux: /etc/init.d/novell-jcc start Windows: net start jccserver 15 Restart Tomcat: Linux: Enter the following command: /etc/init.d/novell-tomcat5 restart Windows: Enter the following commands: net stop Tomcat5 net start Tomcat5 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 89: Changing The Ip Address Of The Access Gateway Appliance
For information about deleting an Identity Server, see “Maintaining an Identity Server” in the Novell Access Manager 3.1 SP1 Identity Server Guide. 5.3 Changing the IP Address of the Access Gateway Appliance If you need to change the IP address of the Access Gateway machine, you need to configure the Access Gateway for this change.
Page 90: Changing The Ip Address Of An Audit Server
To move a machine or change the IP address for the audit server: 1 In the Administration Console, click Auditing > Novell Auditing. 2 On the Novell Auditing page, change the IP address for the server and, if necessary, the port. 3 Click OK.
Page 91: Troubleshooting The Administration Console
Troubleshooting the Administration Console This section discusses general troubleshooting issues found in the Administration Console: Section 6.1, “Stopping Tomcat on Windows,” on page 91 Section 6.2, “Checking for Potential Configuration Problems,” on page 91 Section 6.3, “Logging,” on page 93 Section 6.4, “Event Codes,”...
Page 92 The invalid elements that do not have an associated resource data element are listed in this section. Click the Repair button to remove them. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 93: Logging
Configuration. 6.3 Logging You can troubleshoot by configuring component logging. In the Administration Console, click Devices > Identity Server > Edit > Logging. “Configuring Component Logging” in the Novell Access Manager 3.1 SP1 Identity Server Guide. Troubleshooting the Administration Console...
Page 94: Event Codes
3 Remove traces of the secondary console from the configuration datastore: 3a In the iManager menu bar, select View Objects. 3b In the Tree view, select novell, and view the objects. 3c Delete all objects that reference the failed secondary console.
Page 95: Converting A Secondary Console Into A Primary Console
6 Uninstall the secondary consoles. For instructions, see “Uninstalling the Administration Console” in the Novell Access Manager 3.1 SP1 Installation Guide. 7 Reinstall the secondary consoles as secondary consoles to the new primary console. 6.7 Converting a Secondary Console into a...
Page 96: Shutting Down The Administration Console
3 Start the program. NDSCons.exe 4 Select dsrepair.dlm 5 In the Parameters box, specify -A, then click Start 6 Click Partitions > Root > Designate This Server As The New Master Replica. Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 97: Restoring Ca Certificates
Administration Console. 2 Change to the backup directory: Linux: /opt/novell/devman/bin Windows: C:\Program Files\Novell\bin 3 Edit the backup properties file. 3a Open the file that on Linux is a script file, and on Windows is a properties file: Linux: defbkparm.sh Windows: defbkparm.properties...
Page 98: Performing Component-Specific Procedures
2 Open a terminal window and shut down all services by entering the following commands: /etc/init.d/novell-jcc stop /etc/init.d/novell-tomcat5 stop /etc/init.d/novell-vmc stop 3 If you are running SSL VPN, enter the following command to stop SSL VPN: /etc/init.d/novell-sslvpn stop Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 99 6a Browse to the following container: novell > accessManagerContainer > VCDN_Root > PartitionsContainer > Partition > AppliancesContainer. A list of devices appears. Access Gateways have an ag prefix.
Page 100 7 At the new primary Administration Console, edit the WorkingConfig object of the Linux Access Gateway: Use an LDAP browser for these steps. 7a Browse to the following container: novell > accessManagerContainer > VCDN_Root > PartitionsContainer > Partition > AppliancesContainer. A list of devices appears. Expand the Access Gateway container.
Page 101 Tomcat5 2 Edit the file in the following directory: settings.properties C:\Program Files\Novell|devman\jcc\conf 3 Change the IP address in the list from the IP address of the failed remotemgmtip Administration Console to the address of the new primary Administration Console.
Page 102 5a Browse to the following container: novell > accessManagerContainer > VCDN_Root > PartitionsContainer > Partition > AppliancesContainer. A list of devices appears. SSL VPN devices have an sslvpn prefix.
Page 103: Enabling Backup On The New Primary Administration Console
6 At the new primary Administration Console, edit the WorkingConfig object of the SSL VPN container: Use an LDAP browser for these steps. 6a Browse to the SSL VPN object by expanding the following containers: novell > accessManagerContainer > VCDN_Root > PartitionsContainer > Partition > AppliancesContainer.
Page 104: Orphaned Objects In The Trust/Configuration Store
There should only be one profile object for each GUID. 5 Delete that child profile object. 6 Repeat these steps for each User object that you want to delete. 7 Delete the User objects. 104 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 105: Repairing The Configuration Datastore
3 In the View bar, select the Repair icon. For more information about DSRepair, see the following: Click the Help icon. Using NdsRepair (http://www.novell.com/documentation/edir88/edir88tshoot/data/ bq0gv5l.html) 6.10 Session Conflicts Do not use two instances of the same browser to simultaneously access the same Administration Console.
Page 106: Linux) Exception Processing Identityservice_Serverpage.jsp
If the service has been started, this command returns a message that the service has been started. If the service has been stopped, its starts eDirectory. 5b Verify that the agent is running. Click Control Panel > Novell eDirectory Services, then verify that the Server box does not contain an agent closed message.
Page 107 For example, if the administrator’s password is mi$$le, then the field should be DS_ADMIN_PWD mi\$\$le This file is located in the following directory: Linux: /opt/novell/devman/bin/defbkparm.sh Windows: \Program Files\Novell\bin\defbkparm.properties Troubleshooting the Administration Console 107...
Page 108 108 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 109: A Certificates Terminology
Certificates Terminology A public key certificate is a collection of information attached to an electronic message. It is used to verify that the user sending the message is who he or she claims to be. The following is a list of certificate terminology used in Access Manager: Certificate authority (CA): An entity that issues digital certificates attesting to the authenticity of the information in the certificate.
Page 110 CAs, so they are called “trusted roots.” Trust store: A keystore containing only trusted roots. Intermediate CAs and end entity public certificates can be part of a trust store. 110 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 111: Resolving Certificate Import Issues
Troubleshooting Certificate Issues Section B.1, “Resolving Certificate Import Issues,” on page 111 Section B.2, “Mutual SSL with X.509 Produces Untrusted Chain Messages,” on page 113 Section B.3, “Certificate Command Failure,” on page 113 Section B.4, “Can’t Log In with Certificate Error Messages,” on page 113 Section B.5, “When a User Accesses a Resource, the Browser Displays Certificate Errors,”...
Page 112: When The Full Certificate Chain Is Not Returned During An Automatic Import Of The Trusted Root
6 Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B) as the format and select Include all certificates in the certification path if possible to include the certificate chain. 7 Click Next, then specify a filename and path for the file. 112 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 113: Mutual Ssl With X.509 Produces Untrusted Chain Messages
8 Click Next > Finish. 9 Use this P7B file to import your server certificate into Access Manager. B.2 Mutual SSL with X.509 Produces Untrusted Chain Messages When you set up an X.509 contract for mutual SSL authentication, you must ensure that the Identity Server trust store (NIDP-truststore) contains the trusted root from each CA that has signed the client certificates.
Page 114: When A User Accesses A Resource, The Browser Displays Certificate Errors
2 Select the store that is reporting errors, then click Re-push certificates. You can select multiple stores at the same time. 3 (Optional) To verify that the re-push of the certificates was successful, click Security > Command Status. 114 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 115: C Troubleshooting Xml Validation Errors
When a change is applied by using the UI, the system writes the configuration to the configuration store on the Administration Console, as well as to the /var/novell/cfgdb/ file on the Linux Access Gateway. If this file passes the schema checks on the vcdn/config.xml...
Page 116 <ProtectedResource Name="root" Enable="1" Description="" LastModified="116973455 5995" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv http_mylag_iMon_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag_iMon _root"> <URLPathList LastModified="4294967295" LastModifiedBy="String"> <URLPath URLPath="/*" UserInterfaceID="/*"/> </URLPathList> <PolicyEnforcementList LastModified="1168947602067" schemaVersion="1.34" LastModifiedBy="cn=admin,o=novell" RuleCombiningAlgorithm="DenyOverridesWithPri ority"> <PolicyRef ElementRefType="ExternalWithIDRef" ExternalDocRef="ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou= Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o =novell:romaContentCollectionXMLDoc" UserInterfaceID="PolicyID_xpemlPEP_AGFormFill_1168947167634" ExternalElementRef="PolicyID_xpemlPEP_AGFormFill_1168947167634"/> 116 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 117: Configuration Ui Writes Incorrect Information To The Local Configuration Store
XML validation error. This scenario is more complex because it involves changing the configuration store on the Administration Console. Troubleshooting Steps 1 On the Administration Console, search the /opt/novell/devman/share/logs/ file for app_sc.0.log #200904025: Error - XML VALIDATION FAILED After you find the entry, work backwards to identify the start of the Java exception.
Page 118 2a Enable the most verbose level of logging in the file: /etc/laglogs.conf . See “Configuring Log Levels” in the Novell Access Manager log_level=LOG_DEBUG 3.1 SP1 Access Gateway Guide. 2b Restart the vmc services by the following command: /etc/init.d/novell-vmc restart 118 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 119 LastModifiedBy="cn=admin,o=novell" RuleCombiningAlgorithm="DenyOverridesWithPriority" IncludedPolicyCategories=""/> <AuthenticationProcedureRef AuthProcedureIDRef="authprocedure_Name_Password___Form"/> </ProtectedResource> </ProtectedResourceList> You should also see the following information: <ProtectedResourceList LastModified="1179949051828" LastModifiedBy="cn=admin,o=novell"> <ProtectedResource Name="sjh_redirect" Enable="1" Description="" LastModified="1179949051828" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_svhttp_sjh_portal_sjh_portal_1179933 619340" ProtectedResourceID="ProtectedResourceID_svhttp_sjh_portal_sjh_portal_117 9933619340"> <URLPathList LastModified="4294967295" LastModifiedBy="String"> <URLPath URLPath="/*" UserInterfaceID="/*"/> </URLPathList> <PolicyEnforcementList LastModified="1179949047445" schemaVersion="0.1" LastModifiedBy="cn=admin,o=novell" RuleCombiningAlgorithm="DenyOverridesWithPriority" IncludedPolicyCategories="">...
Page 120 5 Restart Tomcat on the Administration Console machine. 6 Log in to the Administration Console again. Make a small change to the setup and apply that change, and verify that the XML validation error has disappeared. 120 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 121: D Access Manager Audit Events And Data
Server Options page (Auditing and Logging > Logging Server Options). You can view events on the Event list page in Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events.
Page 122 Section D.50, “Access Gateway: System Shutdown (0x002e050a),” on page 151 Section D.51, “Access Gateway: Identity Injection Parameters (0x002e050c),” on page 152 Section D.52, “Access Gateway: Identity Injection Failed (0x002e050d),” on page 153 122 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 123: Nids: Sent A Federate Request (002E0001)
160 D.1 NIDS: Sent a Federate Request (002e0001) This event is generated when you select the Federation Request Sent option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Sent a federate request.
Page 124: Nids: Received A Federate Request (002E0002)
D.2 NIDS: Received a Federate Request (002e0002) This event is generated when you select the Federation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Received a federate request. Originator (B): Schema Title: Originator...
Page 125: Nids: Received A Defederate Request (002E0004)
D.4 NIDS: Received a Defederate Request (002e0004) This event is generated when you select the Defederation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Received a defederate request Originator (B): Schema Title: Originator...
Page 126: Nids: Received A Register Name Request (002E0006)
D.7 NIDS: Logged Out an Authentication that Was Provided to a Remote Consumer (002e0007) This event is generated when you select the Logout Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Logged out an authentication that was provided to a remote consumer...
Page 127: Nids: Logged Out A Local Authentication (002E0008)
Data (D): null D.8 NIDS: Logged out a Local Authentication (002e0008) This event is generated when you select the Logout Local option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Logged out a local authentication...
Page 128: Nids: User Session Was Authenticated (002E000A)
Data (D): null D.10 NIDS: User Session Was Authenticated (002e000a) This event is generated when you select the Login Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: User session was authenticated...
Page 129: Nids: Failed To Provide An Authentication To A Remote Consumer (002E000B)
D.11 NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b) This event is generated when you select the Login Consumed Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Failed to provide an authentication to a remote consumer...
Page 130: Nids: Received An Attribute Query Request (002E000D)
D.13 NIDS: Received an Attribute Query Request (002e000d) This event is generated when you select the Attribute Query Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Received an attribute query request...
Page 131: Nids: Failed To Provision A User Account (002E000F)
D.15 NIDS: Failed to Provision a User Account (002e000f) This event is generated when you select the User Account Provisioned Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Failed to provision a user account...
Page 132: Nids: Web Service Query (002E0010)
D.16 NIDS: Web Service Query (002e0010) This event is generated when you select the Web Service Query Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. The Identity Server uses this event for two types of Web service queries: Discovery: This is a query to discover a service.
Page 133: Nids: Connection To User Store Replica Lost (002E0012)
D.18 NIDS: Connection to User Store Replica Lost (002e0012) This event is generated when you select the LDAP Connection Lost option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Connection to user store replica lost...
Page 134: Nids: Connection To User Store Replica Reestablished (002E0013)
Data Length (X): 0 Data (D): null D.20 NIDS: Server Started (002e0014) This event is generated when you select the Server Started option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Server started...
Page 135: Nids: Server Stopped (002E0015)
Data Length (X): 0 Data (D): null D.21 NIDS: Server Stopped (002e0015) This event is generated when you select the Server Stopped option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Server stopped...
Page 136: Nids: Intruder Lockout (002E0017)
Data Length (X): 0 Data (D): null D.23 NIDS: Intruder Lockout (002e0017) This event is generated when you select the Intruder Lockout Detected option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Intruder Lockout...
Page 137: Nids: Warning Component Log Entry (002E0019)
Data (D): null D.25 NIDS: Warning Component Log Entry (002e0019) This event is generated when you select the Component Log Warning Messages option under Novell Audit Logging on the Logging page of an Identity Server configuration. Description: NIDS: Warning Component Log Entry...
Page 138: Access Gateway: Pep Configured (002E0301)
Data (D): Schema Title: Policy Enforcement List Data Description: Policy Enforcement List (PEL) data D.28 J2EE Agent: Web Service Authorization PEP Configured (002e0305) This event is generated when you enable auditing. 138 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 139: J2Ee Agent: Jacc Authorization Pep Configured (002E0306)
Description: J2EE Agent: Web Service Authorization PEP Configured Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:) Target (U): null SubTarget (Y): null Text1 (S): Schema Title: Event Identifier Data Description: Event Tracking Identifier Text2 (T): null Text3 (F): null Value1 (1): Schema Title: Audit Enabled Data Description: 0 = Yes;...
Page 140: Roles Assignment Policy Evaluation (002E0320)
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:) Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN 140 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 141: Access Gateway: Form Fill Policy Evaluation (002E0322)
Value1 (1): 0 Group (G): 0 Data Length (X): 0 Data (D): null D.32 Access Gateway: Form Fill Policy Evaluation (002e0322) This event is generated when you enable auditing. Description: Access Gateway: Form Fill policy evaluation Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:) Target (U): null SubTarget (Y): null...
Page 142: J2Ee Agent: Web Service Authorization Policy Evaluation (002E0324)
Policy Evaluation (002e0325) This event is generated when you enable auditing. Description: J2EE Agent: Web Service SSL Required policy evaluation Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:) 142 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 143: J2Ee Agent: Startup (002E0401)
Target (U): Schema Title: Protected Resource URL Data Description: Protected Resource URL SubTarget (Y): null Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:) Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier Text3 (F): null Value1 (1): Schema Title: SSL Required Data Description: 0 = No;...
Page 144: J2Ee Agent: Reconfigure (002E0403)
(002e0404) This event is generated when you select the Successful authentications option in the Audit Configuration section of the Server Configuration page for the J2EE Agents. Description: J2EE Agent: Authentication successful 144 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 145: J2Ee Agent: Authentication Failed (002E0405)
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:) Target (U): Schema Title: User Identifier Data Description: User DN SubTarget (Y): null Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:) Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier Text3 (F): null Value1 (1): 0...
Page 146: J2Ee Agent: Web Resource Access Allowed (002E0406)
SubTarget (Y): Schema Title: Source IP Address Data Description: User IP Address Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:) Text2 (T): Schema Title: Permission Requested Data Description: Web User Data Permission 146 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 147: J2Ee Agent: Clear Text Access Denied (002E0408)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier Value1 (1): 0 Group (G): 0 Data Length (X): 0 Data (D): null D.43 J2EE Agent: Clear Text Access Denied (002e0408) This event is generated when you select the Denied clear text access option in the Audit Configuration section of the Server Configuration page for the J2EE Agents.
Page 148: J2Ee Agent: Ejb Access Allowed (002E040A)
Text2 (T): Schema Title: Permission Requested Data Description: EJB Method Permission Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier Value1 (1): 0 Group (G): 0 Data Length (X): 0 Data (D): null 148 Novell Access Manager 3.1 SP1 Administration Console Guide...
Page 149: J2Ee Agent: Ejb Access Denied (002E040B)
Data (D): null D.47 Access Gateway: Access Denied (0x002e0505) This event is generated when you select the Access Denied option on the Novell Audit page of an Access Gateway. Description: Access Gateway: Access Denied In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 150: Access Gateway: Url Not Found (0X002E0508)
Data (D): null D.48 Access Gateway: URL Not Found (0x002e0508) This event is generated when you select the URL Not Found option on the Novell Audit page of an Access Gateway. Description: Access Gateway: URL Not Found In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 151: Access Gateway: System Started (0X002E0509)
Data (D): null D.49 Access Gateway: System Started (0x002e0509) This event is generated when you select the System Started option on the Novell Audit page of an Access Gateway. Description: Access Gateway: System Started In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 152: Access Gateway: Identity Injection Parameters (0X002E050C)
Audit page of an Access Gateway. Description: Access Gateway: Identity Injection Parameters In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
Page 153: Access Gateway: Identity Injection Failed (0X002E050D)
Data (D): null D.53 Access Gateway: Form Fill Authentication (0x002e050e) This event is generated when you select the Form Fill Success option on the Novell Audit page of an Access Gateway. Description: Access Gateway: Form Fill Authentication In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 154: Access Gateway: Form Fill Authentication Failed (0X002E050F)
Data (D): null D.54 Access Gateway: Form Fill Authentication Failed (0x002e050f) This event is generated when you select the Form Fill Failed option on the Novell Audit page of an Access Gateway. Description: Access Gateway: Form Fill Authentication Failed In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 155: Access Gateway: Url Accessed (0X002E0512)
Data (D): null D.55 Access Gateway: URL Accessed (0x002e0512) This event is generated when you select the URL Accessed option on the Novell Audit page of an Access Gateway. Description: Access Gateway: URL Accessed In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 156: Access Gateway: Ip Access Attempted (0X002E0513)
D.56 Access Gateway: IP Access Attempted (0x002e0513) This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway. Description: Access Gateway: IP Access Attempted In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] >...
Page 157: Access Gateway: All Webservers For A Service Is Down (0X002E0516)
D.58 Access Gateway: All WebServers for a Service is Down (0x002e0516) This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway. Description: Access Gateway: All Web servers for a service are down In the Event list (Auditing and Logging >...
Page 158: Management Communication Channel: Health Change (0X002E0601)
Description: Management Communication Channel: Health Change In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name. In a query, this column is called EventID.
Page 159: Management Communication Channel: Device Deleted (0X002E0603)
Description: Management Communication Channel: Device Deleted In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name. In a query, this column is called EventID.
Page 160: Management Communication Channel: Device Configuration Changed (0X002E0604)
Auditing page. Description: Management Communication Channel: Device Configuration Changed In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
Page 161: Data (D): Null
SubTarget (Y): null Text1 (S): Schema Title: Device Data Description: IP address of device generating the alert Text2 (T): Schema Title: Alert Message Data Description: alert message string Text3 (F): blank string Value1 (1): 0 Group (G): 0 Data Length (X): 0 Data (D): null Access Manager Audit Events and Data 161...
Page 162 162 Novell Access Manager 3.1 SP1 Administration Console Guide...

Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual

Table of Contents

1 Administration Console

1.1 Security Considerations

1.1.1 Access Manager Administration Console

1 Administration Console

2 Backing up and Restoring

3 Security and Certificate Management

3.2 Managing Certificates

5 Changing the IP Address of Access Manager Devices

6 Troubleshooting the Administration Console

Troubleshooting Certificate Issues

B.1 Resolving Certificate Import Issues

B.1.1 Importing an External Certificate Key Pair

A Certificates Terminology

C Troubleshooting XML Validation Errors

D Access Manager Audit Events and Data

Data Length (X): 0

Group (G): 0

Value1 (1): 0

Data (D): Null

Quick Links

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Summary of Contents for Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Table of Contents