Sign In
Upload
Manuals
Brands
NOVELL Manuals
Gateway
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manuals
Manuals and User Guides for NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION. We have
7
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION manuals available for free PDF download: Manual, Installation Manual, Quick Start Manual
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual (324 pages)
Identity Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 4.86 MB
Table of Contents
Legal Notices
2
Table of Contents
5
About this Guide
11
Additional Documentation
12
1 Configuring an Identity Server
13
Managing a Cluster Configuration
13
Creating a Cluster Configuration
14
Assigning an Identity Server to a Cluster Configuration
19
Configuring Session Failover
19
Removing a Server from a Cluster Configuration
20
Managing a Cluster with Multiple Identity Servers
21
Enabling and Disabling Protocols
24
Modifying the Base URL
24
Customizing Identity Server Messages
25
Customizing Messages
25
Customizing the Branding of the Error Page
27
Customizing Tooltip Text for Authentication Contracts
29
Customizing the Identity Server Login Page
30
Selecting the Login Page and Modifying It
31
Configuring the Identity Server to Use Custom Login
42
Troubleshooting Tips for Custom Login
47
Customizing the Identity Server Logout Page
48
Rebranding the Logout Page
48
Replacing the Logout Page with a Custom Page
48
Enabling Role-Based Access Control
49
Using Nethsm for the Signing Key Pair
49
Server
50
Configuring the Identity Server for Nethsm
52
Configuring Secure Communication on the Identity Server
66
Viewing the Services that Use the Signing Key Pair
67
Viewing Services that Use the Encryption Key Pair
68
Managing the Keys, Certificates, and Trust Stores
68
Security Considerations
71
Federation Options
71
Authentication Contracts
72
Forcing 128-Bit Encryption
72
2 Configuring Local Authentication
75
Configuring Identity User Stores
76
Using more than One LDAP User Store
76
Configuring the User Store
77
Configuring an Admin User for the User Store
80
Configuring a User Store for Secrets
80
Creating Authentication Classes
88
Creating Basic or Form-Based Authentication Classes
88
Specifying Common Class Properties
90
Configuring Authentication Methods
92
Configuring Authentication Contracts
94
Using a Password Expiration Service
96
URL Parameters
97
Forcing Authentication after the Password Has Changed
97
Grace Logins
98
Federated Accounts
98
Specifying Authentication Defaults
98
Managing Direct Access to the Identity Server
99
Logging in to the User Portal
100
Specifying a Target
101
Blocking Access to the WSDL Services Page
101
3 Configuring Advanced Local Authentication Procedures
105
Configuring for RADIUS Authentication
105
Configuring Mutual SSL (X.509) Authentication
106
Setting up Mutual SSL Authentication
111
Creating an Ored Credential Class
111
Configuring for Kerberos Authentication
113
Prerequisites
114
Configuring Active Directory
115
Configuring the Identity Server
117
Configuring the Clients
123
Configuring the Access Gateway for Kerberos Authentication
124
Upgrading from Access Manager 3.0 SP4 or 3.1
124
Configuring Access Manager for NESCM
125
Prerequisites
125
Creating a User Store
125
Creating a Contract for the Smart Card
127
Assigning the NESCM Contract to a Protected Resource
131
Verifying the User's Experience
131
Troubleshooting
132
4 Defining Shared Settings
133
Configuring Attribute Sets
133
Editing Attribute Sets
135
Configuring User Matching Expressions
136
Adding Custom Attributes
137
Creating Shared Secret Names
137
Creating LDAP Attribute Names
138
Adding Authentication Card Images
140
5 Configuring SAML and Liberty Trusted Providers
141
Understanding the Trust Model
141
Identity Providers and Consumers
141
Embedded Service Providers
142
High-Level Steps
143
Configuring General Provider Options
144
Configuring the General Identity Provider Options
144
Configuring the General Identity Consumer Options
145
Creating a Trusted Provider
145
Modifying a Trusted Provider
148
Configuring Communication Security Settings
148
Using the Intersite Transfer Service
150
Selecting Attributes for a Trusted Provider
155
Managing Metadata
156
Configuring an Authentication Request for an Identity Provider
159
Configuring an Authentication Response for a Service Provider
162
Managing the Authentication Card of an Identity Provider
165
6 Configuring Cardspace
167
Overview of the Cardspace Authentication Process
167
Prerequisites for Cardspace
168
Enabling High Encryption
169
Configuring the Client Machines for Cardspace
169
Authenticating with a Personal Card
171
Authenticating with a Managed Card
174
Prerequisite
174
Configuring a Cardspace Identity Provider
174
Creating and Installing a Managed Card
175
Configuring the Relying Party to Trust an Identity Provider
176
Logging in with the Managed Card
177
Authenticating with a Managed Card Backed by a Personal Card
178
Configuring the Identity Server as a Relying Party
179
Defining an Authentication Card and Profile
179
Defining a Trusted Provider
181
Cleaning up Identities
183
Defederating after User Portal Login
183
Configuring the Identity Server as an Identity Provider
183
Replacing the Signing Certificate
183
Configuring STS
184
Creating a Managed Card Template
185
Using Cardspace Cards for Authentication to Access Gateway Protected Resources
186
7 Configuring WS Federation
187
Using the Identity Server as an Identity Provider for ADFS
187
Configuring the Identity Server
188
Configuring the ADFS Server
193
Logging in
195
Troubleshooting
196
Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource197
197
Configuring the Identity Server as a Service Provider
198
Configuring the ADFS Server to be an Identity Provider
201
Logging in
202
Additional WS Federation Configuration Options
203
Modifying a WS Federation Identity Provider
203
Renaming the Identity Provider
203
Configuring the Attributes Obtained at Authentication
203
Modifying the User Identification Method
204
Managing the Metadata
205
Modifying the Authentication Card
206
Modifying a WS Federation Service Provider
206
Renaming the Service Provider
206
Configuring the Attributes Sent with Authentication
206
Modifying the Authentication Response
207
Managing the Metadata
208
8 Configuring User Identification Methods for Federation
209
Selecting a User Identification Method for Liberty or SAML 2.0
209
Selecting a User Identification Method for SAML 1.1
211
Configuring the Attribute Matching Method
213
Defining the User Provisioning Method
214
User Provisioning Error Messages
217
9 Configuring Communication Profiles
219
Configuring a Liberty Profile
219
Configuring a SAML 1.1 Profile
220
Configuring a SAML 2.0 Profile
220
10 Configuring Liberty Web Services
223
Configuring the Web Services Framework
224
Enabling Web Services and Profiles
224
Editing Web Service Descriptions
225
Configuring Credential Profile Security and Display Settings
226
Configuring Service and Profile Details
228
Customizing Attribute Names
231
Editing Web Service Policies
231
Configuring the Web Service Consumer
234
Mapping LDAP and Liberty Attributes
235
Configuring One-To-One Attribute Maps
236
Configuring Employee Type Attribute Maps
238
Configuring Employee Status Attribute Maps
239
Configuring Postal Address Attribute Maps
240
Configuring Contact Method Attribute Maps
242
Configuring Gender Attribute Maps
243
Configuring Marital Status Attribute Maps
244
11 Maintaining an Identity Server
247
Managing an Identity Server
247
Updating an Identity Server Configuration
248
Restarting the Identity Server
249
Editing Server Details
250
Configuring Component Logging
250
Enabling Component Logging
250
Managing Log File Size
252
Configuring Session-Based Logging
253
Creating the Administrator Class, Method, and Contract
253
Creating the Logging Session Class, Method, and Contract
255
Enabling Basic Logging
256
Responding to an Incident
256
Monitoring the Health of an Identity Server
259
Health States
259
Viewing the Health Details
259
Monitoring Identity Server Statistics
262
Application
263
Authentications
263
Incoming HTTP Requests
264
Outgoing HTTP Requests
265
Liberty
265
Saml 1.1
266
Saml 2
266
WSF (Web Services Framework)
266
Clustering
268
Ldap
269
Enabling Identity Server Audit Events
270
Monitoring Identity Server Alerts
272
Viewing the Command Status of the Identity Server
272
12 Troubleshooting the Identity Server and Authentication
275
Useful Networking Tools for the Linux Identity Server
275
Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors
275
The Metadata
276
DNS Name Resolution
277
Certificate Names
278
Certificates in the Required Trust Stores
279
Certificates in the Correct Certificate Store
280
Enabling Debug Logging
281
Testing Whether the Provider Can Access the Metadata
283
Manually Creating any Auto-Generated Certificates
283
Authentication Issues
283
Authentication Classes and Duplicate Common Names
284
General Authentication Troubleshooting Tips
284
Slow Authentication
285
Basic Authentication Fails with an Edirectory User Store
285
Federation Errors
285
Mutual Authentication Troubleshooting Tips
285
Browser Hangs in an Authentication Redirect
286
Translating the Identity Server Configuration Port
286
A Simple Redirect Script
287
Configuring Iptables for Multiple Components
289
Problems Reading Keystores after Identity Server Re-Installation
291
Advertisement
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual (162 pages)
Administration Console Guide
Brand:
NOVELL
| Category:
Software
| Size: 2.49 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
9
Additional Documentation
10
Documentation Conventions
10
1 Administration Console
11
1.1 Security Considerations
11
1.1.1 Access Manager Administration Console
11
1 Administration Console
11
Access Manager Administration Console
11
Section 1.1, "Security Considerations
11
Section 1.1.1, "Access Manager Administration Console
11
Security Considerations
11
Auditing and Event Notification
13
Configuration Store
13
Section 1.1.2, "Configuration Store
13
Section 1.1.3, "Auditing and Event Notification
13
Administration Console Conventions
14
Configuring the Default View
14
Section 1.2, "Administration Console Conventions
14
Section 1.3, "Configuring the Default View
14
Changing the Administration Console Session Timeout
17
Changing the Password for the Administration Console
17
Section 1.4, "Changing the Administration Console Session Timeout
17
Section 1.5, "Changing the Password for the Administration Console
17
Multiple Admin Accounts
18
Multiple Administrators, Multiple Sessions
18
Section 1.6, "Multiple Administrators, Multiple Sessions
18
Managing Delegated Administrators
19
Enabling Auditing
23
Section 1.7, "Enabling Auditing
23
Configuring Access Manager for Novell Auditing
24
Querying Data and Generating Reports in Novell Audit
27
2 Backing up and Restoring
31
2 Backing up and Restoring Components
31
How the Backup and Restore Process Works
31
Default Parameters
31
Section 2.1, "How the Backup and Restore Process Works
31
Section 2.1.1, "Default Parameters
31
Section 2.1.2, "The Process
31
The Process
31
Backing up the Administration Console
32
Section 2.2, "Backing up the Administration Console
32
Restoring an Administration Console Configuration
33
Section 2.3, "Restoring an Administration Console Configuration
33
Restoring the Configuration on a Standalone Administration Console or with a
34
Traditional SSL VPN Server
34
Restoring the Configuration with an Identity Server on the same Machine
35
Restoring the Configuration with an ESP-Enabled SSL VPN Server
36
Restoring an Access Gateway
37
Clustered Access Gateway
37
Section 2.4, "Restoring an Identity Server
37
Section 2.5, "Restoring an Access Gateway
37
Single Access Gateway
38
Restoring an Identity Server
37
Running the Diagnostic Configuration Export
39
Section 2.6, "Running the Diagnostic Configuration Export
39
3 Security and Certificate Management
41
Understanding How Access Manager Uses Certificates
41
Process Flow
42
Access Manager Trust Stores
43
Access Manager Keystores
44
3.2 Managing Certificates
47
Managing Certificates
47
Creating Certificates
47
Section 3.2.1, "Creating Certificates
47
Creating a Locally Signed Certificate
48
Generating a Certificate Signing Request
54
Importing a Signed Certificate
55
Managing Certificates and Keystores
56
Section 3.2.2, "Managing Certificates and Keystores
56
Managing Trusted Roots and Trust Stores
61
Section 3.2.3, "Managing Trusted Roots and Trust Stores
61
Assigning Certificates to Access Manager Devices
64
Security Considerations for Certificates
64
Section 3.2.4, "Security Considerations for Certificates
64
Importing a Trusted Root to the LDAP User Store
65
Replacing Identity Server SSL Certificates
66
Assigning Certificates to an Access Gateway
67
Assigning Certificates to J2EE Agents
68
Configuring SSL for Authentication between the Identity Server and Access
68
Gateway
68
Changing a Non-Secure (HTTP) Environment to a Secure (HTTPS) Environment
69
Creating Keystores and Trust Stores
69
Reviewing the Command Status for Certificates
71
4 Access Manager Logging
73
Understanding the Types of Logging
73
Component Logging for Troubleshooting Configuration or Network Problems
73
HTTP Transaction Logging for Proxy Services
74
Downloading the Log Files
74
Enabling Logging79
79
Understanding Log Format
79
Sample Authentication Traces
82
Using the Log Files for Troubleshooting
79
5 Changing the IP Address of Access Manager Devices
87
Changing the IP Address of an Identity Server
87
Changing the IP Address of the Administration Console
87
Changing the IP Address of the Access Gateway Appliance
89
Changing the IP Address of an Audit Server
90
6 Troubleshooting the Administration Console
91
Checking for Potential Configuration Problems
91
Stopping Tomcat on Windows
91
Logging
93
Event Codes
94
Moving the Primary Administration Console to New Hardware
94
Novell Access Manager 3.1 SP1 Setup Guide
94
Restoring a Failed Secondary Console
94
Converting a Secondary Console into a Primary Console
95
Changing the Master Replica
96
Shutting down the Administration Console
96
Deleting Objects from the Edirectory Configuration Store
97
Restoring CA Certificates
97
Performing Component-Specific Procedures
98
Enabling Backup on the New Primary Administration Console
103
Orphaned Objects in the Trust/Configuration Store
104
Repairing the Configuration Datastore
105
Session Conflicts
105
Unable to Log in to the Administration Console
105
Backup/Restore Failure Because of Special Characters in Passwords
106
Linux) Exception Processing Identityservice_Serverpage.jsp
106
Troubleshooting Certificate Issues
111
B.1 Resolving Certificate Import Issues
114
B.1.1 Importing an External Certificate Key Pair
114
A Certificates Terminology
109
Importing an External Certificate Key Pair
111
Resolving Certificate Import Issues
111
Section B.1, "Resolving Certificate Import Issues
111
Section B.1.1, "Importing an External Certificate Key Pair
111
Section B.1.3, "Using Internet Explorer to Add a Trusted Root Chain
112
Using Internet Explorer to Add a Trusted Root Chain
112
When the Full Certificate Chain Is Not Returned During an Automatic Import of the Trusted Root
112
Can't Log in with Certificate Error Messages
113
Certificate Command Failure
113
Mutual SSL with X.509 Produces Untrusted Chain Messages
113
Section B.2, "Mutual SSL with X.509 Produces Untrusted Chain Messages
113
Section B.3, "Certificate Command Failure
113
Section B.4, "Can't Log in with Certificate Error Messages
113
A Device Reports Certificate Errors
114
Access Gateway Canceled Certificate Modifications
114
Import
114
Section B.5, "When a User Accesses a Resource, the Browser Displays Certificate Errors
114
Section B.6, "Access Gateway Canceled Certificate Modifications
114
Section B.7, "A Device Reports Certificate Errors
114
When a User Accesses a Resource, the Browser Displays Certificate Errors
114
C Troubleshooting XML Validation Errors
115
Modifying a Configuration that References a Removed Object
115
Configuration UI Writes Incorrect Information to the Local Configuration Store
117
D Access Manager Audit Events and Data
121
NIDS: Sent a Federate Request (002E0001)
123
Section D.1, "NIDS: Sent a Federate Request (002E0001)
123
NIDS: Received a Federate Request (002E0002)
124
NIDS: Sent a Defederate Request (002E0003)
124
Section D.2, "NIDS: Received a Federate Request (002E0002)
124
Section D.3, "NIDS: Sent a Defederate Request (002E0003)
124
NIDS: Received a Defederate Request (002E0004)
125
NIDS: Sent a Register Name Request (002E0005)
125
Section D.4, "NIDS: Received a Defederate Request (002E0004)
125
Section D.5, "NIDS: Sent a Register Name Request (002E0005)
125
NIDS: Logged out an Authentication that was Provided to a Remote Consumer (002E0007)
126
NIDS: Received a Register Name Request (002E0006)
126
Section D.6, "NIDS: Received a Register Name Request (002E0006)
126
Section D.7, "NIDS: Logged out an Authentication that was Provided to a Remote Consumer (002E0007)
126
NIDS: Logged out a Local Authentication (002E0008)
127
NIDS: Provided an Authentication to a Remote Consumer (002E0009)
127
Section D.8, "NIDS: Logged out a Local Authentication (002E0008)
127
Section D.9, "NIDS: Provided an Authentication to a Remote Consumer (002E0009)
127
NIDS: User Session was Authenticated (002E000A)
128
Section D.10, "NIDS: User Session was Authenticated (002E000A)
128
NIDS: Failed to Provide an Authentication to a Remote Consumer (002E000B)
129
NIDS: User Session Authentication Failed (002E000C)
129
Section D.11, "NIDS: Failed to Provide an Authentication to a Remote Consumer (002E000B)
129
Section D.12, "NIDS: User Session Authentication Failed (002E000C)
129
NIDS: Received an Attribute Query Request (002E000D)
130
NIDS: User Account Provisioned (002E000E)
130
Section D.13, "NIDS: Received an Attribute Query Request (002E000D)
130
Section D.14, "NIDS: User Account Provisioned (002E000E)
130
NIDS: Failed to Provision a User Account (002E000F)
131
Section D.15, "NIDS: Failed to Provision a User Account (002E000F)
131
NIDS: Web Service Modify (002E0011)
132
NIDS: Web Service Query (002E0010)
132
Section D.16, "NIDS: Web Service Query (002E0010)
132
Section D.17, "NIDS: Web Service Modify (002E0011)
132
NIDS: Connection to User Store Replica Lost (002E0012)
133
Section D.18, "NIDS: Connection to User Store Replica Lost (002E0012)
133
NIDS: Connection to User Store Replica Reestablished (002E0013)
134
NIDS: Server Started (002E0014)
134
Section D.19, "NIDS: Connection to User Store Replica Reestablished (002E0013)
134
Section D.20, "NIDS: Server Started (002E0014)
134
NIDS: Server Refreshed (002E0016)
135
NIDS: Server Stopped (002E0015)
135
Section D.21, "NIDS: Server Stopped (002E0015)
135
Section D.22, "NIDS: Server Refreshed (002E0016)
135
NIDS: Intruder Lockout (002E0017)
136
NIDS: Severe Component Log Entry (002E0018)
136
Section D.23, "NIDS: Intruder Lockout (002E0017)
136
Section D.24, "NIDS: Severe Component Log Entry (002E0018)
136
NIDS: Roles PEP Configured (002E0300)
137
NIDS: Warning Component Log Entry (002E0019)
137
Section D.25, "NIDS: Warning Component Log Entry (002E0019)
137
Section D.26, "NIDS: Roles PEP Configured (002E0300)
137
Access Gateway: PEP Configured (002E0301)
138
J2EE Agent: Web Service Authorization PEP Configured (002E0305)
138
Section D.27, "Access Gateway: PEP Configured (002E0301)
138
Section D.28, "J2EE Agent: Web Service Authorization PEP Configured (002E0305)
138
J2EE Agent: JACC Authorization PEP Configured (002E0306)
139
Section D.29, "J2EE Agent: JACC Authorization PEP Configured (002E0306)
139
Access Gateway: Authorization Policy Evaluation (002E0321)
140
Roles Assignment Policy Evaluation (002E0320)
140
Section D.30, "Roles Assignment Policy Evaluation (002E0320)
140
Section D.31, "Access Gateway: Authorization Policy Evaluation (002E0321)
140
Access Gateway: Form Fill Policy Evaluation (002E0322)
141
Access Gateway: Identity Injection Policy Evaluation (002E0323)
141
Section D.32, "Access Gateway: Form Fill Policy Evaluation (002E0322)
141
J2EE Agent: Web Service Authorization Policy Evaluation (002E0324)
142
J2EE Agent: Web Service SSL Required Policy Evaluation (002E0325)
142
Section D.34, "J2EE Agent: Web Service Authorization Policy Evaluation (002E0324)
142
Section D.35, "J2EE Agent: Web Service SSL Required Policy Evaluation (002E0325)
142
J2EE Agent: Shutdown (002E0402)
143
J2EE Agent: Startup (002E0401)
143
Section D.36, "J2EE Agent: Startup (002E0401)
143
Section D.37, "J2EE Agent: Shutdown (002E0402)
143
J2EE Agent: Authentication Successful (002E0404)
144
J2EE Agent: Reconfigure (002E0403)
144
Section D.38, "J2EE Agent: Reconfigure (002E0403)
144
Section D.39, "J2EE Agent: Authentication Successful (002E0404)
144
J2EE Agent: Authentication Failed (002E0405)
145
Section D.40, "J2EE Agent: Authentication Failed (002E0405)
145
J2EE Agent: Clear Text Access Allowed (002E0407)
146
J2EE Agent: Web Resource Access Allowed (002E0406)
146
Section D.41, "J2EE Agent: Web Resource Access Allowed (002E0406)
146
Section D.42, "J2EE Agent: Clear Text Access Allowed (002E0407)
146
J2EE Agent: Clear Text Access Denied (002E0408)
147
J2EE Agent: Web Resource Access Denied (002E0409)
147
Section D.43, "J2EE Agent: Clear Text Access Denied (002E0408)
147
Section D.44, "J2EE Agent: Web Resource Access Denied (002E0409)
147
J2EE Agent: EJB Access Allowed (002E040A)
148
Section D.45, "J2EE Agent: EJB Access Allowed (002E040A)
148
Access Gateway: Access Denied (0X002E0505)
149
J2EE Agent: EJB Access Denied (002E040B)
149
Section D.46, "J2EE Agent: EJB Access Denied (002E040B)
149
Section D.47, "Access Gateway: Access Denied (0X002E0505)
149
Access Gateway: URL Not Found (0X002E0508)
150
Section D.48, "Access Gateway: URL Not Found (0X002E0508)
150
Access Gateway: System Shutdown (0X002E050A)
151
Access Gateway: System Started (0X002E0509)
151
Section D.49, "Access Gateway: System Started (0X002E0509)
151
Section D.50, "Access Gateway: System Shutdown (0X002E050A)
151
Access Gateway: Identity Injection Parameters (0X002E050C)
152
Section D.51, "Access Gateway: Identity Injection Parameters (0X002E050C)
152
Access Gateway: Form Fill Authentication (0X002E050E)
153
Access Gateway: Identity Injection Failed (0X002E050D)
153
Section D.52, "Access Gateway: Identity Injection Failed (0X002E050D)
153
Section D.53, "Access Gateway: Form Fill Authentication (0X002E050E)
153
Access Gateway: Form Fill Authentication Failed (0X002E050F)
154
Section D.54, "Access Gateway: Form Fill Authentication Failed (0X002E050F)
154
Access Gateway: URL Accessed (0X002E0512)
155
Section D.55, "Access Gateway: URL Accessed (0X002E0512)
155
Access Gateway: IP Access Attempted (0X002E0513)
156
Access Gateway: Webserver down (0X002E0515)
156
Section D.56, "Access Gateway: IP Access Attempted (0X002E0513)
156
Section D.57, "Access Gateway: Webserver down (0X002E0515)
156
Access Gateway: All Webservers for a Service Is down (0X002E0516)
157
Management Communication Channel: Device Imported (0X002E0602)
158
Section D.59, "Management Communication Channel: Health Change (0X002E0601)
158
Section D.60, "Management Communication Channel: Device Imported (0X002E0602)
158
Management Communication Channel: Health Change (0X002E0601)
158
Management Communication Channel: Device Deleted (0X002E0603)
159
Data Length (X): 0
160
Group (G): 0
160
Management Communication Channel: Device Alert (0X002E0605)
160
Management Communication Channel: Device Configuration Changed (0X002E0604)
160
Section D.62, "Management Communication Channel: Device Configuration Changed (0X002E0604)
160
Section D.63, "Management Communication Channel: Device Alert (0X002E0605)
160
Value1 (1): 0
160
Data (D): Null
161
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual (208 pages)
Access Gateway Guide
Brand:
NOVELL
| Category:
Gateway
| Size: 2.89 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
9
Additional Documentation
10
Documentation Conventions
10
1 Configuring the Access Gateway to Protect Web Resources
11
1.1 Creating a Reverse Proxy and Proxy Service
12
Creating a Reverse Proxy and Proxy Service
12
Section 1.1, "Creating a Reverse Proxy and Proxy Service
12
Configuring a Proxy Service
16
Section 1.2, "Configuring a Proxy Service
16
Configuring the Web Servers of a Proxy Service
18
Section 1.3, "Configuring the Web Servers of a Proxy Service
18
Configuring Protected Resources
19
Section 1.4, "Configuring Protected Resources
19
Setting up a Protected Resource
20
Understanding URL Path Matching
23
Using a Query String in the URL Path
23
Modifying Authentication Procedures
24
Assigning an Authorization Policy to a Protected Resource
25
Assigning an Identity Injection Policy to a Protected Resource
26
Assigning a Form Fill Policy to a Protected Resource
27
Assigning a Policy to Multiple Protected Resources
29
Configuring Protected Resources for Specific Applications
30
Configuring Protected Resource for a Sharepoint Server
30
Section 1.5, "Configuring Protected Resources for Specific Applications
30
Configuring a Protected Resource for a Sharepoint Server with an ADFS Server
31
Configuring a Protected Resource for Outlook Web Access
34
Configuring a Protected Resource for a Novell Teaming 2.0 Server
36
Configuring HTML Rewriting
41
Section 1.6, "Configuring HTML Rewriting
41
Understanding the Rewriting Process
42
Specifying the DNS Names to Rewrite
43
Defining the Requirements for the Rewriter Profile
46
Configuring the HTML Rewriter and Profile
52
Disabling the Rewriter
57
Configuring Connection and Session Limits
59
Configuring TCP Listen Options for Clients
59
Section 1.7, "Configuring Connection and Session Limits
59
Configuring TCP Connect Options for Web Servers
60
Configuring Connection and Session Persistence
62
Configuring the Session Timeout
62
2 Configuring the Access Gateway
63
2.1 Using SSL on the Access Gateway
63
Communication Channels
63
2 Configuring the Access Gateway for SSL
63
Section 2.1, "Using SSL on the Access Gateway Communication Channels
63
Using SSL on the Access Gateway Communication Channels
63
Prerequisite for SSL Communication between the Identity Server and the Access Gateway
65
Prerequisites for SSL
65
Prerequisites for SSL Communication between the Access Gateway and the Web Servers
65
Section 2.2, "Prerequisites for SSL
65
Configuring SSL Communication with the Browsers and the Identity Server
66
Section 2.3, "Configuring SSL Communication with the Browsers and the Identity Server
66
Configuring SSL between the Proxy Service and the Web Servers
68
Section 2.4, "Configuring SSL between the Proxy Service and the Web Servers
68
Enabling Secure Cookies
71
Section 2.5, "Enabling Secure Cookies
71
Securing the Embedded Service Provider Session Cookie
71
Securing the Proxy Session Cookie
72
Managing Access Gateway Certificates
73
Managing Embedded Service Provider Certificates
73
Managing Reverse Proxy and Web Server Certificates
73
Section 2.6, "Managing Access Gateway Certificates
73
3 Server Configuration Settings
75
3.1 Viewing and Updating the Configuration
100
Status
100
3 Server Configuration Settings
75
Section 3.1, "Viewing and Updating the Configuration Status
75
Viewing and Updating the Configuration Status
75
Saving, Applying, or Canceling Configuration Changes
77
Section 3.2, "Saving, Applying, or Canceling Configuration Changes
77
Section 3.3, "Starting and Stopping the Access Gateway
78
Starting and Stopping the Access Gateway
78
Restarting the Access Gateway Service Provider
79
Updating the Access Gateway
79
Restarting the Access Gateway Appliance
80
Starting the Access Gateway Service Provider
80
Stopping the Access Gateway Service Provider
80
Stopping the Access Gateway Appliance
81
Changing the Name of an Access Gateway and Modifying Other Server Details
82
Section 3.4, "Changing the Name of an Access Gateway and Modifying Other Server Details
82
Section 3.5, "Setting up a Tunnel
82
Setting up a Tunnel
82
Section 3.6, "Setting the Date and Time
84
Setting the Date and Time
84
Customizing Error Pages on the Gateway Appliance
85
Section 3.7, "Customizing Error Pages on the Gateway Appliance
85
Customizing the Error Pages by Using the Default Template
86
Customizing and Localizing Error Messages
88
Configuring Network Settings
90
Section 3.8, "Configuring Network Settings
90
Viewing and Modifying Adapter Settings
90
Viewing and Modifying Gateway Settings
92
Viewing and Modifying DNS Settings
94
Configuring Hosts
96
Adding New Network Interfaces to the Gateway Appliance
97
Customizing Applications to Use the Access Gateway Logout Page
98
Customizing Logout Requests
98
Customizing the Access Gateway Logout Page
98
Section 3.9, "Customizing Logout Requests
98
Configuring X-Forwarded-For Headers
100
Exporting and Importing an Access Gateway Configuration
100
In the Administration Console, Click Devices > Access Gateways
100
Section 3.10, "Configuring X-Forwarded-For Headers
100
Section 3.11, "Upgrading the Access Gateway Software
100
Section 3.12, "Exporting and Importing an Access Gateway Configuration
100
Upgrading the Access Gateway Software
100
Exporting the Configuration
101
Importing the Configuration
102
Cleaning up and Verifying the Configuration
103
4 Access Gateway Maintenance
107
Configuring Log Levels
107
Gateway Appliance Logs
107
Interpreting Log Messages
108
Configuring Logging of SOAP Messages and HTTP Headers
109
Configuring Proxy Service Logging
110
Determining Logging Requirements
110
Section 4.2, "Configuring Proxy Service Logging
110
Calculating Rollover Requirements
111
Enabling Logging
113
Configuring Common Log Options
114
Configuring Extended Log Options
115
Configuring the Size of the Log Partition
118
Monitoring Access Gateway Statistics
118
Viewing Access Gateway Statistics
118
Viewing Cluster Statistics
127
Monitoring Access Gateway Alerts
128
Reviewing Java Alerts
128
Configuring Access Gateway Alerts
129
Enabling Access Gateway Audit Events
133
Health States
134
Managing Server Health
134
Monitoring the Health of an Access Gateway
135
Viewing the Health of an Access Gateway Cluster
138
Viewing the Command Status of the Access Gateway
139
Viewing the Status of Current Commands
139
Viewing Detailed Command Information
140
5 Configuring the Content Settings
141
Configuring Caching Options
141
Section 5.1, "Configuring Caching Options
141
Controlling Browser Caching
143
Section 5.2, "Controlling Browser Caching
143
Configuring Custom Cache Control Headers
144
Section 5.3, "Configuring Custom Cache Control Headers
144
Understanding How Custom Cache Control Headers Work
145
Enabling Custom Cache Control Headers
146
Configuring a Pin List
147
Section 5.4, "Configuring a Pin List
147
URL Mask
148
Pin Type
150
Configuring a Purge List
150
Section 5.5, "Configuring a Purge List
150
Purging Cached Content
151
Section 5.6, "Purging Cached Content
151
6 Protecting Multiple Resources
153
Setting up a Group of Web Servers
154
Using Multi-Homing to Access Multiple Resources
155
Domain-Based Multi-Homing
155
Path-Based Multi-Homing
157
Virtual Multi-Homing
159
Creating a Second Proxy Service
160
Configuring a Path-Based Multi-Homing Proxy Service
162
Managing Multiple Reverse Proxies
164
Managing Entries in the Reverse Proxy List
164
Changing the Authentication Proxy Service
165
Managing a Cluster of Access Gateways
166
Managing the Servers in the Cluster
167
Applying Changes to Cluster Members
168
Changing the Primary Cluster Server
168
7 Troubleshooting the Linux Access Gateway
171
Useful Tools for Troubleshooting the Linux Access Gateway
171
Useful Tools
172
The Linux Access Gateway Console
173
Viewing Configuration Information
175
Useful Files for Troubleshooting the Access Gateway Appliance
176
Viewing Log Files
176
Using Touch Files
177
Protected Resource Issues
184
HTML Frames Are Lost
184
Troubleshooting HTTP 1.1 and GZIP
185
Error AM#300101010 and Missing Resources
186
Protected Resource Configuration Changes Are Not Applied
186
Protected Resources Referencing Non-Existent Policies
186
Redirection Issue with some IE7 Versions
187
Unable to View Contents of Mail When Outlook Web Access Is Protected by Access Gateway
187
Hardware and Machine Resource Issues
187
Error: Novell-VMC-Chroot Failed to Start
187
Mismatched SSL Certificates in a Cluster of Access Gateways
187
Recovering from a Hardware Failure on an Access Gateway Machine
188
Reinstalling a Failed Access Gateway
188
COS Related Issues
189
Memory Issues
191
Rewriter Issues
192
Discovering the Issue
192
Links Are Broken Because the Rewriter Sends the Request to the Wrong Proxy
192
Rewriting Fails on a Page with Numerous Hrefs
192
Service
192
Reading Configuration Files
193
Rewriter Does Not Rewrite Content in Files with a Non-Default Extension
193
Additional DNS Name Without a Scheme Is Not Rewritten
194
Rewriting a URL
194
Troubleshooting Crashes and Hangs
194
Access Gateway Crashes When the Log Files Are Removed
195
The Access Gateway Hangs When the Audit Server Comes Back Online
195
Troubleshooting a Failed Linux Access Gateway Configuration
196
Troubleshooting a Linux Access Gateway Crash
196
Linux Access Gateway Not Responding
199
Connection and Authentication Issues
200
Connection Details
200
Network Socket Issues
200
Authentication Issues
201
Form Fill Issues
204
Form Fill Does Not Process Forms with Complicated Javascript Functions When Data Is Auto-Submitted
204
Alert: SSO (Form Fill) Failed Due to Malformed HTML
205
Browser Spinning Issues
205
Form Fill Error Messages
205
Form Fill Failure Because of Incorrect Policy Configuration
205
Authorization and Identity Injection Issues
206
Authorization and Identity Injection Error Messages
206
Identity Injection Failures
207
Identity Injection Problems When Using a Password Management Service
207
Yast Goes into a Non-Responsive Mode When a Partition Is Deleted or Created
207
Upgrading the Linux Access Gateway Randomly Halts the Embedded Service Provider
207
Using Curl to Download Large Files
207
Advertisement
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual (168 pages)
SSL VPN Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 3.74 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
11
Part I Overview of SSL VPN
13
1 SSL VPN Features
15
2 Traditional and ESP-Enabled SSL Vpns
19
ESP-Enabled Novell SSL VPN
19
Traditional Novell SSL VPN
20
High and Low Bandwidth SSL Vpns
21
3 SSL VPN Client Modes
23
Enterprise Mode
23
Prerequisites
24
User Scenarios
24
Kiosk Mode
25
Part II Installing and Deploying the SSL VPN Server
27
4 Installing the Ssl VPN Server
29
Limitations with 64-Bit Software
29
Prerequisites
29
Section 4.1, "Prerequisites
29
Section 4.2, "Limitations with 64-Bit Software
29
Installing ESP-Enabled SSL VPN
30
Deployment Scenarios
30
Section 4.3, "Installing ESP-Enabled SSL VPN
30
Installing the ESP-Enabled SSL VPN
33
Installing the Traditional Novell SSL VPN
34
Deployment Scenarios
34
Section 4.4, "Installing the Traditional Novell SSL VPN
34
Installing the Traditional Novell SSL VPN
38
Installing the RPM Containing Key for High Bandwidth SSL VPN
41
Section 4.5, "Installing the RPM Containing Key for High Bandwidth SSL VPN
41
Section 4.6, "Uninstalling the RPM Containing Key for High Bandwidth SSL VPN
42
Section 4.7, "Verifying that Your SSL VPN Service Is Installed
42
Uninstalling the RPM Containing Key for High Bandwidth SSL VPN
42
Verifying that Your SSL VPN Service Is Installed
42
5 Upgrading Ssl VPN Servers
43
Prerequisites
43
Section 5.1, "Prerequisites
43
Section 5.2, "Upgrade Scenarios
44
Upgrade Scenarios
44
Section 5.3, "Upgrading SSL VPN Installed on a Separate Machine
45
Upgrading SSL VPN Installed on a Separate Machine
45
Migrating a Traditional SSL VPN Server to the ESP-Enabled Version
46
Section 5.4, "Migrating a Traditional SSL VPN Server to the ESP-Enabled Version
46
Upgrade Scenarios
47
Migrating Traffic Policies from Traditional SSL VPN to ESP- Enabled SSL VPN
48
Section 5.5, "Upgrading Clustered SSL VPN Servers
49
Section 5.6, "Updating Configuration Changes to the Upgraded Server
49
Updating Configuration Changes to the Upgraded Server
49
Upgrading Clustered SSL VPN Servers
49
Configuration Changes to the SSL VPN Server Installed with the Linux Access Gateway
50
Section 5.7, "Configuration Changes to the SSL VPN Server Installed with the Linux Access Gateway
50
6 Preinstalling the SSL VPN Client Components
53
Installing Client Components for Linux
53
Installing Client Components for Macintosh
53
Installing Client Components for Windows
53
7 Uninstalling the SSL VPN Server
55
Deleting the Server from the Administration Console and from the Cluster
55
Uninstalling the Server
55
8 Deploying SSL VPN
57
Installing ESP-Enabled SSL VPN on a Single Machine
57
Prerequisites
58
Deployment Procedure
59
Deploying a Cluster of Single-Machine SSL Vpns
59
Deployment Scenario
60
Prerequisites
60
Deployment Procedure
60
Deploying the Traditional Novell SSL VPN
62
Prerequisites
62
Deployment Procedure
62
Part III Configuring SSL VPN
65
9 Configuring Authentication for ESP-Enabled Novell SSL VPN
67
10 Accelerating the Traditional Novell SSL VPN
69
Configuring the Default Identity Injection Policy
69
Injecting the SSL VPN Header
70
11 Configuring the IP Address, Port, and NAT
75
Configuring the SSL VPN Gateway Behind NAT or L4
75
Configuring the SSL VPN Gateway Without NAT or L4
77
12 Configuring Route and Source NAT for Enterprise Mode
81
Configuring the Openvpn Subnet in Routing Tables
81
Configuring Source NAT for SSL VPN
81
Configuring SNAT for Enterprise Mode
81
Ordering SNAT Entries
83
13 Configuring DNS Servers and Certificates
85
Configuring DNS Servers
85
Configuring DNS Servers for Enterprise Mode
85
Configuring DNS Servers for Kiosk Mode
86
Configuring Certificate Settings
86
14 Configuring End-Point Security and Access Policies for SSL VPN
89
Configuring Policies to Check the Integrity of Client Machine
90
Selecting the Operating System
90
Configuring the Category
91
Configuring Applications for a Category
92
Configuring Attributes for an Application
92
Exporting and Importing Client Integrity Check Policies
95
Configuring Client Security Levels
95
Configuring Traffic Policies
97
Rule Ordering
99
Exporting and Importing Traffic Policies
100
15 Configuring How Users Connect to SSL VPN
101
Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode
101
Allowing Users to Select the SSL VPN Mode
102
Configuring SSL VPN to Download the Java Applet on Internet Explorer
103
Configuring a Custom Login Policy for SSL VPN
103
Customizing SSL VPN User Interface
104
Customizing the Home Page and Exit Page
104
Customizing Error Messages
105
Modifying Help Pages for the Customized Error Messages
105
16 Configuring Full Tunneling
107
17 Configuring SSL VPN to Connect through a Forward Proxy
109
Understanding How SSL VPN Connects through a Forward Proxy
109
Creating the Proxy.conf File
110
18 Configuring SSL VPN for Citrix Clients
111
Prerequisites
111
How It Works
111
Configuring a Custom Login Policy for Citrix Clients
112
Configuring the Access Gateway to Protect the Citrix Server
113
Configuring Single Sign-On between Citrix and SSL VPN
114
19 Additional Configurations
117
Creating DH Certificates with Different Key Sizes
117
Creating a Configuration File to Add Additional Configuration Changes
117
Disconnecting Active SSL VPN Connections
118
Modifying SSL VPN Server Details
118
Part IV Clustering the High Bandwidth SSL VPN Servers
121
20 Overview of SSL VPN Clusters
123
Cluster Overview
123
Prerequisites
123
Limitations
124
21 Creating a Cluster of SSL VPN Servers
125
Adding an SSL VPN Server to a Cluster
126
Removing an SSL VPN Server from a Cluster
127
22 Clustering SSL VPN by Using L4
129
Configuring a Cluster of ESP-Enabled SSL Vpns
129
Configuring a Cluster of Traditional SSL Vpns by Using L4
131
23 Clustering SSL Vpns by Using Access Gateway and Without L4
133
Configuring the Access Gateway
133
Installing the Scripts
133
Testing the Scripts
134
24 Configuring SSL VPN to Monitor Health of Cluster
135
Services of the Real Server
135
A Note about Alteon Switches
135
Real Server Settings Example
135
Virtual Server Settings Example
136
Monitoring the SSL VPN Server Health
136
Part V Monitoring the SSL VPN Servers
139
25 Enabling SSL VPN Audit Events
141
26 Viewing SSL VPN Statistics
143
Viewing Statistics of SSL VPN Server
143
Viewing Statistics of SSL VPN Server Cluster
144
Viewing the Bytes Graphs
145
27 Monitoring Health of SSL VPN Servers
147
Monitoring Health of Single Server
147
Monitoring Health of SSL VPN Cluster
148
28 Viewing the Command Status of the SSL VPN Server
149
Viewing Command Information
149
29 Monitoring SSL VPN Alerts
151
Configuring SSL VPN Alerts
151
Viewing SSL VPN Alerts
152
Viewing SSL VPN Cluster Alerts
153
Part VI Troubleshooting SSL VPN
155
30 Troubleshooting SSL VPN Installation
157
Manually Uninstalling the Enterprise Mode Thin Client
157
SSL VPN Health Status Is Yellow after an Upgrade
157
31 Troubleshooting SSL VPN Configuration
159
Successfully Connecting to the Server
159
Connection Problems with Mozilla Firefox
160
Connection Problems with Internet Explorer
161
The SSL VPN Server Is in a Pending State
161
SSL VPN Connects in Kiosk Mode, but There Is no Data Transfer
162
The TFTP Application and Groupwise Notify Do Not Work in Enterprise Mode
162
SSL VPN Not Reporting
162
Verifying and Restarting JCC
162
Verifying and Restarting the SSL VPN Server
162
Verifying SSL VPN Components
163
SSL VPN Server
163
SSL VPN Linux Client
163
SSL VPN Macintosh Client
163
SSL VPN Windows Client
163
Unable to Contact the SSL VPN Server
164
Unable to Get Authentication Headers
164
The SSL VPN Connection Is Successful but There Is no Data Transfer
164
Unable to Connect to the SSL VPN Gateway
165
Multiple Instances of SSL VPN Are Running
165
Issue with the Preinstalled Enterprise Mode Client
165
Socket Exception Error after Upgrading SSL VPN
165
SSL VPN Server Is Unable to Handle the Session
166
Embedded Service Provider Status Is Red
166
Connection Manager Log Does Not Display the Client IP Address
166
SSL VPN Full Tunnel Connection Disconnects on Vmware
166
Clustering Issues
166
Bringing up the Server if a Cluster Member Is down
167
Bringing up a Binary if It Is down
167
Debugging a Cluster if Session Sharing Doesn't Properly Happen
167
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Manual (144 pages)
Event Codes
Brand:
NOVELL
| Category:
Software
| Size: 1.95 MB
Table of Contents
Table of Contents
5
About this Guide
7
Event Code Overview
7
Event Code Overview
9
Administration Console (009)
11
Identity Server (001)
51
Linux Access Gateway Appliance(045)
91
SSL VPN Server (005)
93
J2EE Agents (006)
97
Server Communications (JCC) (007)
103
Policy Engine (008)
125
SOAP Policy Enforcement Point (011)
131
Backup and Restore (010)
137
Novell Modular Authentication Class (012)
143
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Installation Manual (42 pages)
Linux Access Gateway on Red Hat
Brand:
NOVELL
| Category:
Software
| Size: 3.17 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
7
1 Installing and Configuring Linux Access Gateway on RHEL
9
System Requirements
9
Hardware Requirements
9
Linux Access Gateway Network Requirements
9
Installing and Configuring the Linux Access Gateway on RHEL
10
2 Upgrading the Linux Access Gateway on RHEL
13
3 Additional Information on
15
3 Additional Information on Installing and Configuring
15
Before You Begin
15
Installation and Disk Layout
15
Section 3.1, "Before You Begin
15
Section 3.2, "Installation and Disk Layout
15
Installing the Linux Access Gateway
16
Section 3.3, "Installing the Linux Access Gateway
16
Configuring Hardware and System Services
27
Section 3.4, "Configuring Hardware and System Services
27
Verifying the Linux Access Gateway Installation on RHEL
34
Section 3.5, "Verifying the Linux Access Gateway Installation on RHEL
34
Configuring the Linux Access Gateway to Boot from RHEL
35
Section 3.6, "Configuring the Linux Access Gateway to Boot from RHEL
35
Starting the Linux Access Gateway from RHEL
36
Section 3.7, "Starting the Linux Access Gateway from RHEL
36
Configuring the Linux Access Gateway after It Is Installed on RHEL
37
Configuring the New Network Interface
37
Section 3.8, "Configuring the Linux Access Gateway after It Is Installed on RHEL
37
Configuring a Secondary IP Address
38
4 Troubleshooting
39
Health Status Displays NTP Check Failed Error
39
A Additional Information
41
Differences between the Linux Access Gateway on RHEL and the Linux Access Gateway
41
Appliance
41
Configuring the Linux Access Gateway to Load the Red hat Boot Loader
41
NOVELL ACCESS MANAGER 3.1 SP1 - ADMINISTRATION Quick Start Manual (24 pages)
Brand:
NOVELL
| Category:
Software
| Size: 0.56 MB
Table of Contents
Table of Contents
5
About this Guide
7
1 Installation Quick Start
9
System Requirements
9
Administration Console
10
Linux Administration Console
10
Windows Administration Console
10
Identity Server
10
Linux Identity Server
10
Windows Identity Server
10
Linux Access Gateway
11
Verifying the Installation
11
2 Configuration Quick Start
13
New Identity Server Cluster Configuration
13
First Reverse Proxy Configuration
16
Configuring the Protected Resource for Authentication
17
3 SSL Configuration Quick Start
19
Configuring a New Identity Server Cluster with SSL
19
Configuring a New Access Gateway for SSL
22
Advertisement
Related Products
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
Novell Access Manager 3.1 SP 1
Novell Access Manager 3.1 SP2 Beta 1
Novell Access Manager 3.1 SP 2
NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5
Novell 3.6 05-2008
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL