Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
ACCESS MANAGER 3.1 SP2 - README 2010
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manuals
Manuals and User Guides for NOVELL ACCESS MANAGER 3.1 SP2 - README 2010. We have
6
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 manuals available for free PDF download: Manual, User Manual
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manual (374 pages)
Identity Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 6.22 MB
Table of Contents
Legal Notices
2
Table of Contents
5
About this Guide
13
Additional Documentation
14
1 Configuring an Identity Server
15
Managing a Cluster Configuration
15
Creating a Cluster Configuration
16
Assigning an Identity Server to a Cluster Configuration
21
Configuring a Cluster with Multiple Identity Servers
21
Configuring Session Failover
22
Editing Cluster Details
24
Removing a Server from a Cluster Configuration
25
Enabling and Disabling Protocols
25
Modifying the Base URL
26
Enabling Role-Based Access Control
27
Configuring Secure Communication on the Identity Server
27
Viewing the Services that Use the Signing Key Pair
28
Viewing Services that Use the Encryption Key Pair
29
Managing the Keys, Certificates, and Trust Stores
29
Security Considerations
32
Federation Options
32
Authentication Contracts
33
Forcing 128-Bit Encryption
33
Securing the Identity Server Cookie
34
Configuring the Encryption Method for the SAML Assertion
35
Configuring SAML 2.0 to Sign Messages
35
Blocking Access to Identity Server
36
Translating the Identity Server Configuration Port
36
Changing the Port on a Windows Identity Server
36
Changing the Port on a Linux Identity Server
37
Using Nethsm for the Signing Key Pair
41
Server
42
Configuring the Identity Server for Nethsm
44
2 Customizing Login Pages, Logout Pages, and Messages
59
Customizing the Identity Server Login Page
59
Selecting the Login Page and Modifying It
60
Configuring the Identity Server to Use Custom Login
72
Troubleshooting Tips for Custom Login
77
Customizing the Identity Server Logout
78
Rebranding the Logout Page
78
Replacing the Logout Page with a Custom Page
78
Configuring for Local Rather than Global Logout
79
Customizing Identity Server Messages
80
Customizing Messages
80
Customizing the Branding of the Error Page
82
Customizing Tooltip Text for Authentication Contracts
84
Sample Custom Login
85
Modified Login.jsp File for Credential Prompts
85
Custom Nidp.jsp File with Custom Credentials
88
Custom 3.1 Login.jsp File
95
Custom 3.0 Login.jsp File
98
3 Configuring Local Authentication
103
Configuring Identity User Stores
104
Using more than One LDAP User Store
104
Configuring the User Store
105
Configuring an Admin User for the User Store
109
Configuring a User Store for Secrets
109
Creating Authentication Classes
117
Creating Basic or Form-Based Authentication Classes
119
Specifying Common Class Properties
120
Configuring Authentication Methods
122
Configuring Authentication Contracts
124
Using a Password Expiration Service
127
Using Activity Realms
129
Specifying Authentication Defaults
130
Specifying Authentication Types
131
Creating a Contract for a Specific Authentication Type
132
Managing Direct Access to the Identity Server
133
Logging in to the User Portal
133
Specifying a Target
134
Blocking Access to the User Portal Page
135
Blocking Access to the WSDL Services Page
136
4 Configuring Advanced Local Authentication Procedures
139
Configuring for RADIUS Authentication
139
Configuring Mutual SSL (X.509) Authentication
140
Configuring Attribute Mappings
142
Setting up Mutual SSL Authentication
145
Creating an Ored Credential Class
145
Configuring for Openid Authentication
147
Configuring Password Retrieval
148
Configuring Access Manager for NESCM
149
Prerequisites
150
Creating a User Store
150
Creating a Contract for the Smart Card
152
Assigning the NESCM Contract to a Protected Resource
156
Verifying the User's Experience
156
Troubleshooting
157
5 Configuring for Kerberos Authentication
159
Prerequisites
160
Configuring Active Directory
161
Installing the Spn and the Ktpass Utilities for Windows Server 2003
161
Creating and Configuring the User Account for the Identity Server
162
Configuring the Keytab File
163
Adding the Identity Server to the Forward Lookup Zone
163
Configuring the Identity Server
164
Enabling Logging for Kerberos Transactions
164
Configuring the Identity Server for Active Directory
164
Creating the Authentication Class, Method, and Contract
165
Creating the Bcslogin Configuration File
168
Verifying the Kerberos Configuration
169
Configuring the Clients
169
Configuring the Access Gateway for Kerberos Authentication
171
6 Defining Shared Settings
173
Configuring Attribute Sets
173
Editing Attribute Sets
176
Configuring User Matching Expressions
176
Adding Custom Attributes
178
Creating Shared Secret Names
178
Creating LDAP Attribute Names
179
Adding Authentication Card Images
180
Creating an Image Set
181
7 Configuring SAML and Liberty Trusted Providers
183
Understanding the Trust Model
183
Identity Providers and Consumers
183
Embedded Service Providers
184
Configuration Overview
185
Configuring General Provider Options
186
Configuring the General Identity Provider Options
186
Configuring the General Identity Consumer Options
187
Configuring the Introductions Class
188
Configuring the Trust Levels Class
189
Managing Trusted Providers
189
Creating a Trusted Provider for Liberty or SAML 2.0
190
Creating a Trusted Service Provider for SAML 1.1
192
Creating a Trusted Identity Provider for SAML 1.1
194
Modifying a Trusted Provider
195
Configuring Communication Security
196
Configuring Communication Security for Liberty and SAML 1.1
197
Configuring Communication Security for a SAML 2.0 Identity Provider
197
Configuring Communication Security for a SAML 2.0 Service Provider
199
Selecting Attributes for a Trusted Provider
199
Configuring the Attributes Obtained at Authentication
200
Configuring the Attributes Sent with Authentication
201
Sending Attributes to the Embedded Service Provider
202
Managing Metadata
203
Viewing and Reimporting a Trusted Provider's Metadata
203
Viewing Trusted Provider Certificates
203
Editing a SAML 1.1 Identity Provider's Metadata
204
Editing a SAML 1.1 Service Provider's Metadata
205
Configuring an Authentication Request for an Identity Provider
207
Configuring a Liberty Authentication Request
207
Configuring a SAML 2.0 Authentication Request
209
Configuring an Authentication Response for a Service Provider
212
Configuring the Liberty Authentication Response
212
Configuring the SAML 2.0 Authentication Response
213
Configuring the SAML 1.1 Authentication Response
215
Managing the Authentication Card of an Identity Provider
216
Modifying the Authentication Card for Liberty or SAML 2.0
216
Modifying the Authentication Card for SAML 1.1
216
Using the Intersite Transfer Service
217
Understanding the Intersite Transfer Service URL
217
Specifying the Intersite Transfer Service URL for the Login URL Option
219
Using Intersite Transfer Service Links on Web
220
Configuring an Intersite Transfer Service Target for a Service Provider
221
8 Configuring Cardspace
223
Overview of the Cardspace Authentication Process
223
Prerequisites for Cardspace
225
Enabling High Encryption
225
Configuring the Client Machines for Cardspace
226
Cardspace Configuration Scenarios
228
Authenticating with a Personal Card
228
Authenticating with a Managed Card
230
Authenticating with a Managed Card Backed by a Personal Card
234
Configuring the Identity Server as a Relying Party
235
Defining an Authentication Card and Profile
235
Defining a Trusted Provider
237
Cleaning up Identities
239
Defederating after User Portal Login
239
Configuring the Identity Server as an Identity Provider
239
Replacing the Signing Certificate
240
Configuring STS
240
Creating a Managed Card Template
241
Using Cardspace Cards for Authentication to Access Gateway Protected Resources
242
Managing Cardspace Trusted Providers
242
Cardspace Identity Provider Wizard
243
Renaming the Cardspace Provider
243
Updating the Metadata of the Cardspace Provider
243
Managing Card Templates
244
General Template Details
244
Template Attributes
245
Configuring Authentication Cards
245
Configuring the General Details of a Card Profile
246
Configuring Attribute Claims
247
Configuring User Identification
247
Cleaning up Identities
248
9 Configuring STS
249
Configuring STS Attribute Sets
249
Configuring Authentication Methods
249
Configuring the Authentication Request
250
10 Configuring WS Federation
251
Using the Identity Server as an Identity Provider for ADFS
251
Configuring the Identity Server
252
Configuring the ADFS Server
257
Logging in
260
Troubleshooting
260
Configuring the Identity Server Ass as Service Provider
262
Configuring the ADFS Server to be an Identity Provider
266
Logging in
267
Additional WS Federation Configuration Options
267
Managing WS Federation Providers
268
Creating an Identity Provider for WS Federation
268
Creating a Service Provider for WS Federation
269
Modifying a WS Federation Identity Provider
269
Renaming the Trusted Provider
269
Configuring the Attributes Obtained at Authentication
270
Modifying the User Identification Method
270
Viewing the WS Identity Provider Metadata
271
Editing the WS Identity Provider Metadata
272
Modifying the Authentication Card
272
Modifying a WS Federation Service Provider
273
Renaming the Service Provider
273
Configuring the Attributes Sent with Authentication
273
Modifying the Authentication Response
274
Viewing the WS Service Provider Metadata
275
Editing the WS Service Provider Metadata
275
11 Configuring User Identification Methods for Federation
277
Defining User Identification for Liberty and SAML 2.0
277
Selecting a User Identification Method for Liberty or SAML 2.0
277
Configuring the Attribute Matching Method for Liberty or SAML 2.0
279
Defining User Identification for SAML 1.1
280
Selecting a User Identification Method for SAML 1.1
280
Configuring the Attribute Matching Method for SAML 1.1
281
Defining the User Provisioning Method
282
User Provisioning Error Messages
286
12 Configuring Communication Profiles
287
Configuring a Liberty Profile
287
Configuring a SAML 1.1 Profile
288
Configuring a SAML 2.0 Profile
288
13 Configuring Liberty Web Services
291
Configuring the Web Services Framework
291
Managing Web Services and Profiles
292
Modifying Service and Profile Details for Employee, Custom, and Personal
293
Profiles
293
Modifying Details for Authentication, Discovery, LDAP, and User Interaction
295
Profiles
295
Editing Web Service Descriptions
296
Editing Web Service Policies
297
Create Web Service Type
300
Configuring Credential Profile Security and Display Settings
300
Customizing Attribute Names
302
Configuring the Web Service Consumer
303
Mapping LDAP and Liberty Attributes
304
Configuring One-To-One Attribute Maps
305
Configuring Employee Type Attribute Maps
308
Configuring Employee Status Attribute Maps
309
Configuring Postal Address Attribute Maps
311
Configuring Contact Method Attribute Maps
312
Configuring Gender Attribute Maps
314
Configuring Marital Status Attribute Maps
315
Advertisement
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manual (264 pages)
Access Gateway Guide
Brand:
NOVELL
| Category:
Software
| Size: 5.08 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
11
Additional Documentation
12
Configuring the Access Gateway to Protect Web Resources
13
Managing Reverse Proxies and Authentication
14
Creating a Proxy Service
17
Configuring a Proxy Service
19
Configuring Advanced Options for a Domain-Based Proxy Service
21
Configuring the Web Servers of a Proxy Service
22
Configuring Protected Resources
24
Setting up a Protected Resource
25
Configuring an Authentication Procedure for Non-Redirected Login
29
Assigning an Authorization Policy to a Protected Resource
31
Assigning an Identity Injection Policy to a Protected Resource
32
Assigning a Form Fill Policy to a Protected Resource
33
Assigning a Timeout Per Protected Resource
35
Assigning a Policy to Multiple Protected Resources
37
Configuring Protected Resources for Specific Applications
38
Configuring Protected Resource for a Sharepoint Server
38
Configuring a Protected Resource for a Sharepoint Server with an ADFS Server
39
Configuring a Protected Resource for Outlook Web Access
42
Configuring a Protected Resource for a Novell Teaming 2.0 Server
44
Configuring HTML Rewriting
49
Understanding the Rewriting Process
49
Specifying the DNS Names to Rewrite
51
1.5.3 Defining the Requirements for the Rewriter Profile
54
Default Word Profile
54
Defining the Requirements for the Rewriter Profile
54
Types of Rewriter Profiles
54
Custom Character Profile
55
Custom Word Profile
55
Page Matching Criteria for Rewriter Profiles
55
Possible Actions for Rewriter Profiles
56
String Replacement Rules for Word Profiles
58
String Tokens
58
String Replacement Rules for Character Profiles
59
Using $Path to Rewrite Paths in Javascript Methods or Variables
60
Configuring the HTML Rewriter and Profile
61
Creating or Modifying a Rewriter Profile
64
Disabling the Rewriter
67
Configuring Connection and Session Limits
69
Configuring TCP Listen Options for Clients
69
Configuring TCP Connect Options for Web Servers
70
Configuring Connection and Session Persistence
72
2 Server Configuration Settings
73
Configuration Overview
73
Section 2.1, "Configuration Overview
73
Saving, Applying, or Canceling Configuration Changes
75
Section 2.2, "Saving, Applying, or Canceling Configuration Changes
75
Managing Access Gateways
76
Section 2.3, "Managing Access Gateways
76
Viewing and Updating the Configuration Status
79
Scheduling a Command
81
Managing General Details of the Access Gateway
81
Section 2.4, "Managing General Details of the Access Gateway
81
Changing the Name of an Access Gateway and Modifying Other Server Details
82
Upgrading the Access Gateway Software
83
Exporting and Importing an Access Gateway Configuration
83
Section 2.5, "Setting up a Tunnel
88
Setting up a Tunnel
88
Section 2.6, "Setting the Date and Time
90
Setting the Date and Time
90
Customizing Error Pages on the Access Gateway Appliance
91
Section 2.7, "Customizing Error Pages on the Access Gateway Appliance
91
Customizing the Error Pages by Using the Default Template
92
Customizing and Localizing Error Messages
93
Customizing the Error Pages of the Access Gateway Service
95
Section 2.8, "Customizing the Error Pages of the Access Gateway Service
95
Configuring Network Settings
97
Viewing and Modifying Adapter Settings
97
Section 2.9, "Configuring Network Settings
97
Viewing and Modifying Gateway Settings
99
Viewing and Modifying DNS Settings
102
Configuring Hosts
103
Adding New Network Interfaces to the Access Gateway Appliance
104
Adding a New IP Address to the Access Gateway Service
105
Customizing Logout Requests
105
Customizing Applications to Use the Access Gateway Logout Page
105
Section 2.10, "Customizing Logout Requests
105
Customizing the Access Gateway Logout Page
106
Configuring the Logout Disconnect Interval
107
Configuring X-Forwarded-For Headers
108
Section 2.11, "Configuring X-Forwarded-For Headers
108
3 Configuring the Access Gateway
109
Configuring the Access Gateway for SSL and Other Security Features
109
Using SSL on the Access Gateway Communication Channels
109
Section 3.1, "Using SSL on the Access Gateway Communication Channels
109
Prerequisites for SSL
110
Section 3.2, "Prerequisites for SSL
110
Gateway
111
Servers
111
Configuring SSL Communication with the Browsers and the Identity Server
112
Section 3.3, "Configuring SSL Communication with the Browsers and the Identity Server
112
Configuring SSL between the Proxy Service and the Web Servers
115
Section 3.4, "Configuring SSL between the Proxy Service and the Web Servers
115
Enabling Secure Cookies
117
Section 3.5, "Enabling Secure Cookies
117
Securing the Embedded Service Provider Session Cookie
117
Securing the Proxy Session Cookie
119
Managing Access Gateway Certificates
119
Section 3.6, "Managing Access Gateway Certificates
119
Managing Embedded Service Provider Certificates
120
Managing Reverse Proxy and Web Server Certificates
120
Access Gateway Maintenance
123
Access Gateway Appliance Logs
123
Configuring Log Levels
123
Section 4.1, "Access Gateway Appliance Logs
123
Interpreting Log Messages
124
Configuring Logging of SOAP Messages and HTTP Headers
125
Access Gateway Service Logs
126
Configuring a Log Profile
126
Managing Access Gateway Service Logging
126
Section 4.2, "Access Gateway Service Logs
126
Managing Log Filters
128
Configuring a Log Filter
129
Configuring a Log File for Troubleshooting Form Fill
130
Configuring Logging for a Proxy Service
131
Section 4.3, "Configuring Logging for a Proxy Service
131
Calculating Rollover Requirements
132
Determining Logging Requirements
132
Configuring Common Log Options
135
Enabling Logging
135
Configuring Extended Log Options
137
Configuring the Size of the Log Partition
140
Server Activity Statistics
140
Viewing Access Gateway Statistics
140
Server Benefits Statistics
145
Service Provider Activity Statistics
145
Incoming Http Requests
147
Outgoing Http Requests
148
Viewing Cluster Statistics
150
Monitoring Access Gateway Alerts
150
Viewing Access Gateway Alerts
151
Viewing Access Gateway Cluster Alerts
151
Managing Access Gateway Alert Profiles
152
Configuring an Alert Profile
153
Configuring a Log Profile
155
SNMP Profile
155
Configuring a Syslog Profile
156
Configuring an E-Mail Profile
156
Enabling Access Gateway Audit Events
156
Managing Server Health
157
Health States
158
Monitoring the Health of an Access Gateway
158
Viewing the Health of an Access Gateway Cluster
162
Viewing the Command Status of the Access Gateway
163
Viewing the Status of Current Commands
163
Viewing Detailed Command Information
164
Tuning the Access Gateway for Performance
165
5 Configuring the Content Settings
169
Configuring Caching Options
170
Section 5.1, "Configuring Caching Options
170
Controlling Browser Caching
172
Section 5.2, "Controlling Browser Caching
172
Configuring Custom Cache Control Headers
173
Section 5.3, "Configuring Custom Cache Control Headers
173
Understanding How Custom Cache Control Headers Work
173
Enabling Custom Cache Control Headers
174
Configuring a Pin List
175
Section 5.4, "Configuring a Pin List
175
Configuring a Purge List
178
Section 5.5, "Configuring a Purge List
178
Purging Cached Content
179
Section 5.6, "Purging Cached Content
179
Advanced Access Gateway Service Options
180
Section 5.7, "Advanced Access Gateway Service Options
180
Protecting Multiple Resources
181
Setting up a Group of Web Servers
182
Using Multi-Homing to Access Multiple Resources
183
Domain-Based Multi-Homing
183
Path-Based Multi-Homing
185
Virtual Multi-Homing
188
Creating a Second Proxy Service
189
Configuring a Path-Based Multi-Homing Proxy Service
190
Configuring Advanced Options for Path-Based Multi-Homing
192
Managing Multiple Reverse Proxies
193
Managing Entries in the Reverse Proxy List
194
Changing the Authentication Proxy Service
195
Managing a Cluster of Access Gateways
196
Creating a New Cluster
196
Managing the Servers in the Cluster
197
Editing Cluster Details
198
Managing Cluster Details
198
Applying Changes to Cluster Members
199
Changing the Primary Cluster Server
199
Troubleshooting the Access Gateway Appliance
201
Useful Tools for Troubleshooting the Access Gateway Appliance
201
Useful Tools
202
Using the Access Gateway Appliance Console
203
Using the Linux Access Gateway Monitor Service
203
Viewing Configuration Information
206
Using Log Files and Touch Files to Troubleshoot the Access Gateway Appliance
206
Viewing Log Files
206
Using Touch Files
207
Protected Resource Issues
214
HTML Frames Are Lost
215
Troubleshooting HTTP 1.1 and GZIP
216
Error AM#300101010 and Missing Resources
217
Protected Resource Configuration Changes Are Not Applied
217
Protected Resources Reference Non-Existent Policies
217
Redirection Issue with Internet Explorer 7
218
Unable to View Contents of Mail When Outlook Web Access Is Protected by the Access Gateway
218
Hardware and Machine Resource Issues
218
Error: Novell-VMC-Chroot Failed to Start
218
Mismatched SSL Certificates in a Cluster of Access Gateways
218
Recovering from a Hardware Failure on an Access Gateway Machine
219
Reinstalling a Failed Access Gateway
219
COS Related Issues
220
Memory Issues
222
Rewriter Issues
223
Discovering the Issue
223
Links Are Broken Because the Rewriter Sends the Request to the Wrong Proxy Service
223
Rewriting Fails on a Page with Numerous Hrefs
223
Reading Configuration Files
224
Rewriter Does Not Rewrite Content in Files with a Non-Default Extension
224
An Additional DNS Name Without a Scheme Is Not Rewritten
225
Rewriting a URL
225
The Access Gateway Rewrites a Host Header with a Port Number
226
Troubleshooting Crashes and Hangs
227
Enable the Access Gateway Monitor Service for the Core Dump Logic to Work Correctly
228
The Access Gateway Hangs When the Audit Server Comes Back Online
228
The Access Gateway Crashes When Log Files Are Removed
229
Troubleshooting a Access Gateway Crash
229
Troubleshooting a Failed Access Gateway Configuration
229
Access Gateway Dumps Core after 10 Minutes When Non-Redirected Login Is Enabled
233
Access Gateway Not Responding
233
Connection and Authentication Issues
234
Connection Details
234
Network Socket Issues
234
Authentication Issues
235
Form Fill Issues
237
Alert: SSO (Form Fill) Failed Due to Malformed HTML
238
Form Fill Does Not Process Forms with Complicated Javascript Functions When Data Is Auto-Submitted
238
Form Fill Error Messages
238
Form Fill Failure Because of Incorrect Policy Configuration
238
Browser Spinning Issues
239
Authorization and Identity Injection Issues
239
Authorization and Identity Injection Error Messages
239
Identity Injection Failures
240
Identity Injection Problems When Using a Password Management Service
240
Incorrect Health Status Is Reported
240
Yast Becomes Non-Responsive When a Partition Is Deleted or Created
241
Using Curl to Download Large Files
241
Linux Access Gateway Crashes When Change Is Applied to the Server
241
Troubleshooting the Access Gateway Service
243
Useful Troubleshooting Files
243
Apache Logging Options for the Gateway Service
244
The Access Gateway Service Log Files
246
Verifying that All Services Are Running
248
Linux
248
Windows
249
Enabling Debug Mode and Core Dumps
250
Starting Apache in Debug Mode
250
Disabling Debug Mode
251
Examining the Debug Information
251
Useful Troubleshooting Tools for the Access Gateway Service
252
Tools for the Windows Access Gateway Service
252
Tools for the Linux Access Gateway Service
253
A few Performance Tips
253
Solving Apache Restart Issues
254
Removing any Advanced Configuration Settings
254
Viewing the Errors as Apache Generates Them
255
Viewing the Logged Apache Errors
255
The Activemq Module Fails to Start
256
Understanding the Authentication Process of the Access Gateway Service
257
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manual (192 pages)
Brand:
NOVELL
| Category:
Software
| Size: 3.17 MB
Table of Contents
Table of Contents
5
About this Guide
9
1 Managing Policies
11
Section 1.1, "Selecting a Policy Type
11
Selecting a Policy Type
11
Managing Policies
12
Policy Performance
12
Section 1.2, "Policy Performance
12
Section 1.3, "Managing Policies
12
Creating Policies
13
Sorting Policies
13
Deleting Policies
13
Renaming or Copying a Policy
13
Importing and Exporting Policies
14
Creating the SSL VPN Default Policy
14
Refreshing Policy Assignments
14
Viewing Policy Information
14
Managing a Rule List
15
Managing Policy Containers
15
Section 1.4, "Managing Policy Containers
15
Section 1.5, "Managing a Rule List
15
Rule Evaluation for Role Policies
16
Rule Evaluation for Authorization Policies
16
Rule Evaluation for Identity Injection and Form Fill Policies
17
Adding Policy Extensions
17
Installing the Extension on the Administration Console
17
Section 1.6, "Adding Policy Extensions
17
Distributing a Policy Extension
20
Managing a Policy Extension Configuration
20
Viewing Extension Details
21
Enabling Policy Logging
21
Section 1.7, "Enabling Policy Logging
21
2 Creating Role Policies
23
Understanding RBAC in Access Manager
23
Assigning All Authenticated Users to a Role
24
Using a Role to Create an Authentication Policy
24
Using Prioritized Rules in an Authorization Policy
26
Creating Roles
27
2.2.1 Selecting Conditions
29
Selecting Conditions
29
Authenticating IDP Condition
30
Authentication Contract Condition
31
Authentication Method Condition
33
Authentication Type Condition
34
Credential Profile Condition
35
LDAP Group Condition
37
LDAP OU Condition
38
2.2.2 Using Multiple Conditions
43
AND Conditions, or Groups
43
Using Multiple Conditions
43
Adding Multiple Conditions
44
OR Conditions, and Groups
44
Using the Not Options
44
Adding New Condition Groups
45
Disabling Conditions and Condition Groups
45
Selecting an Action
45
Example Role Policies
47
Creating an Employee Role
47
Creating a Manager Role
49
Creating a Rule for a Contract with Ored Credentials
51
Creating Access Manager Roles in an Existing Role-Based Policy System
52
Activating Roles from External Sources
53
Using Conditions to Assign Roles
55
Mapping Roles between Trusted Providers
62
Prerequisites
62
Procedure
63
Enabling and Disabling Role Policies
64
Importing and Exporting Role Policies
64
3 Creating Authorization Policies
65
Designing an Authorization Policy
65
Controlling Access with a Deny Rule and a Negative Condition
66
Configuring the Result on Condition Error Option
67
Many Rules or Many Conditions
67
Using Multiple Conditions
67
Controlling Access with Multiple Conditions
69
Using Permit Rules with a Deny Rule
70
Using Deny Rules with a General Permit Rule
72
Public Policies
73
General Design Principles
73
Using the Refresh Data Option
74
Assigning Policies to Resources
75
Creating Access Gateway Authorization Policies
75
Sample Access Gateway Authorization Policies
78
Sample Policy Based on Organizational Rules
78
Sample Workflow Policy
81
Creating Web Authorization Policies for J2EE Agents
84
Creating Enterprise Javabean Authorization Policies for J2EE Agents
85
Conditions
87
Authentication Contract Condition
88
Client IP Condition
90
Credential Profile Condition
91
Current Date Condition
93
Day of Week Condition
94
Current Day of Month Condition
95
Current Time of Day Condition
96
HTTP Request Method Condition
97
LDAP Attribute Condition
99
LDAP OU Condition
100
Liberty User Profile Condition
101
Roles Condition
102
URL Condition
103
URL Scheme Condition
104
URL Host Condition
106
URL Path Condition
107
URL File Name Condition
108
URL File Extension Condition
110
X-Forward-For IP Condition
111
Condition Extension
112
Data Extension
112
Using the URL Dredge Option
113
Edit Button
113
Importing and Exporting Authorization Policies
113
4 Creating Identity Injection Policies
115
Designing an Identity Injection Policy
115
Using the Refresh Data Option
116
Configuring an Identity Injection Policy
117
Configuring an Authentication Header Policy
118
Configuring a Custom Header Policy
122
Configuring a Custom Header with Tags
125
Specifying a Query String for Injection
127
Injecting into the Cookie Header
130
Importing and Exporting Identity Injection Policies
130
Sample Identity Injection Policy
131
5 Creating Form Fill Policies
133
Understanding an HTML Form
133
Creating a Form Fill Policy for the Sample Form
136
Implementing Form Fill Policies
139
Designing a Form Fill Policy
139
Creating a Form Fill Policy
144
Creating a Login Failure Policy
149
Troubleshooting a Form Fill Policy
150
Creating and Managing Shared Secrets
152
Naming Conventions for Shared Secrets
153
Creating a Shared Secret Independent of a Policy
153
Modifying and Deleting a Shared Secret
154
Importing and Exporting Form Fill Policies
154
Configuring a Form Fill Policy for Forms with Scripts
155
Why Does Form Fill Fail with the Default Policy
155
Understanding How a Form Is Submitted
157
Creating a Form Fill Policy for Autosubmission
158
Creating Touch Files for Autosubmission
159
6 Troubleshooting Access Manager Policies
161
Turning on Logging for Policy Evaluation
161
Understanding Policy Evaluation Traces
162
Format
163
Policy Result Values
169
Role Assignment Traces
170
Identity Injection Traces
172
Authorization Traces
174
Form Fill Traces
176
Common Configuration Problems that Prevent a Policy from Being Applied as Expected
181
Enabling Roles for Authorization Policies
181
LDAP Attribute Condition
182
Result on Condition Error Value
183
An External Secret Store and Form Fill
183
The Policy Is Using Old User Data
184
Form Fill and Identity Injection Silently Fail
185
Checking for Corrupted Policies
185
Policy
185
Policy Creation and Storage
185
Policy Distribution
186
Policy Evaluation: Access Gateway Devices
187
Successful Policy Configuration Example
188
No Policy Defined Configuration Example
188
Deny Access Configuration/Evaluation Example
189
Advertisement
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manual (110 pages)
SSL VPN Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 3.06 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
9
Additional Documentation
10
1 Overview of SSL VPN
11
SSL VPN Features
11
Traditional and ESP-Enabled SSL Vpns
14
ESP-Enabled Novell SSL VPN
14
Traditional Novell SSL VPN
15
High-Bandwidth and Low-Bandwidth SSL Vpns
16
SSL VPN Client Modes
16
Enterprise Mode
17
Kiosk Mode
19
2 Basic Configuration for SSL VPN
21
Configuring Authentication for the ESP-Enabled Novell SSL VPN
21
Accelerating the Traditional Novell SSL VPN
23
Configuring the Default Identity Injection Policy
24
Injecting the SSL VPN Header
24
Configuring the IP Address, Port, and Network Address Translation (NAT)
27
Configuring the SSL VPN Gateway Behind NAT or L4
28
Configuring the SSL VPN Gateway Without NAT or an L4 Switch
30
Configuring Route and Source NAT for Enterprise Mode
32
Configuring the Openvpn Subnet in Routing Tables
33
Configuring DNS Servers
33
Configuring DNS Servers for Enterprise Mode
33
Configuring DNS Servers for Kiosk Mode
34
Configuring Certificate Settings
35
3 Configuring End-Point Security and Access Policies for SSL VPN
37
Configuring Policies to Check the Integrity of the Client Machine
38
Selecting the Operating System
38
Configuring the Category
39
Configuring Applications for a Category
39
Configuring Attributes for an Application
40
Exporting and Importing Client Integrity Check Policies
44
Configuring Client Security Levels
45
Client Security Levels
45
Configuring a Security Level
46
Configuring Traffic Policies
46
Configuring Policies
47
Ordering Traffic Policies
49
Exporting and Importing Traffic Policies
50
Configuring Full Tunneling
50
Creating a Full Tunneling Policy
51
Modifying Existing Traffic Policies for Full Tunneling
52
4 Configuring How Users Connect to SSL VPN
55
Preinstalling the SSL VPN Client Components
55
Installing Client Components for Linux
55
Installing Client Components for Macintosh
55
Installing Client Components for Windows
56
Configuring Client Policies
56
Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode
56
Allowing Users to Select the SSL VPN Mode
57
Configuring Client Cleanup Options
58
Configuring SSL VPN to Download the Java Applet on Internet Explorer
59
Configuring a Custom Login Policy for SSL VPN
59
Configuring SSL VPN to Connect through a Forward Proxy
60
Understanding How SSL VPN Connects through a Forward Proxy
61
Creating the Proxy.conf File
61
Configuring SSL VPN for Citrix Clients
62
Prerequisites
62
How It Works
62
Configuring a Custom Login Policy for Citrix Clients
63
Configuring the Access Gateway to Protect the Citrix Server
64
Configuring Single Sign-On between Citrix and SSL VPN
64
5 Clustering the High-Bandwidth
67
5 Clustering the High-Bandwidth SSL VPN Servers
67
Prerequisites
68
Limitations
68
Creating a Cluster of SSL VPN Servers
68
Section 5.1, "Prerequisites
68
Section 5.2, "Limitations
68
Section 5.3, "Creating a Cluster of SSL VPN Servers
68
Creating a Cluster of SSL VPN Servers
69
Adding an SSL VPN Server to a Cluster
70
Removing an SSL VPN Server from a Cluster
70
Clustering SSL VPN by Using an L4 Switch
71
Configuring a Cluster of ESP-Enabled SSL Vpns
71
Section 5.4, "Clustering SSL VPN by Using an L4 Switch
71
Configuring a Cluster of Traditional SSL Vpns by Using an L4 Switch
73
Clustering SSL Vpns by Using the Access Gateway Without an L4 Switch
74
Configuring the Access Gateway
74
Section 5.5, "Clustering SSL Vpns by Using the Access Gateway Without an L4 Switch
74
Installing the Scripts
75
Testing the Scripts
75
Configuring SSL VPN to Monitor the Health of the Cluster
76
Services of the Real Server
76
Section 5.6, "Configuring SSL VPN to Monitor the Health of the Cluster
76
Monitoring the SSL VPN Server Health
77
6 Monitoring the Ssl VPN Servers
79
Section 6.1, "Viewing and Editing SSL VPN Server Details
79
Viewing and Editing SSL VPN Server Details
79
Enabling SSL VPN Audit Events
80
Section 6.2, "Enabling SSL VPN Audit Events
80
Viewing SSL VPN Statistics
81
Viewing the SSL VPN Server Statistics
81
Section 6.3, "Viewing SSL VPN Statistics
81
Viewing the SSL VPN Server Statistics for the Cluster
83
Viewing the Bytes Graphs
84
Disconnecting Active SSL VPN Connections
84
Section 6.4, "Disconnecting Active SSL VPN Connections
84
Monitoring the Health of SSL VPN Servers
85
Monitoring the Health of a Single Server
85
Section 6.5, "Monitoring the Health of SSL VPN Servers
85
Monitoring the Health of an SSL VPN Cluster
86
Section 6.6, "Viewing the Command Status of the SSL VPN Server
87
Viewing Command Information
88
Viewing the Command Status of the SSL VPN Server
87
In the Administration Console, Click Devices > SSL Vpns
89
Viewing SSL VPN Alerts
90
Viewing SSL VPN Cluster Alerts
90
Monitoring SSL VPN Alerts
89
Configuring SSL VPN Alerts
89
Section 6.7, "Monitoring SSL VPN Alerts
89
7 Server Configuration Settings
93
Managing SSL VPN Servers
93
Configuring SSL VPN Servers
95
Modifying SSL VPN Server Details
96
8 Additional Configurations
99
Customizing the SSL VPN User Interface
99
Customizing the Home Page and Exit Page
99
Customizing Error Messages
99
Creating DH Certificates with Different Key Sizes
99
Creating a Configuration File to Add Additional Configuration Changes
100
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 User Manual (58 pages)
SSL VPN
Brand:
NOVELL
| Category:
Software
| Size: 1.12 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
7
1 Overview of SSL VPN
9
Access Modes
9
Kiosk Mode
9
Enterprise Mode
10
Client Machine Requirements
10
Linux Requirements
10
Macintosh Requirements
11
Windows Requirements
11
2 Accessing SSL VPN in Kiosk Mode
13
Accessing the SSL VPN User Portal
13
Switching from Kiosk Mode to Enterprise Mode
15
3 Accessing Ssl VPN in Enterprise
17
3 Accessing SSL VPN in Enterprise Mode
17
Prerequisites
17
Accessing SSL VPN When You Are an Admin or Root User
17
Section 3.1, "Prerequisites
17
Section 3.2, "Accessing SSL VPN When You Are an Admin or Root User
17
Accessing SSL VPN as a Non-Admin User
19
Section 3.3, "Accessing SSL VPN as a Non-Admin User
19
Switching from Enterprise Mode to Kiosk Mode
21
Enabling the Sudo Command for Standard Users in the Mac os
21
Section 3.4, "Switching from Enterprise Mode to Kiosk Mode
21
Section 3.5, "Enabling the Sudo Command for Standard Users in the Mac os
21
4 Accessing Published Citrix Applications through SSL VPN
23
Accessing Published Citrix Applications in Kiosk Mode
23
Accessing Published Citrix Applications in Enterprise Mode
23
5 Using Ssl VPN
25
Section 5.1, "Using the SSL VPN Home Page
25
Using the SSL VPN Home Page
25
Section 5.2, "Using the Policies Page
26
Using the Policies Page
26
Configuring the Cleanup Options
27
Section 5.3, "Configuring the Cleanup Options
27
Section 5.4, "Viewing SSL VPN Logs
28
Viewing SSL VPN Logs
28
Enabling Applications for SSL
29
Enabling Linux Applications for SSL
29
Section 5.5, "Enabling Applications for SSL
29
Enabling Macintosh Applications for SSL
30
Enabling Terminals for SSL
30
Logging out of the Active SSL VPN Session
30
Section 5.6, "Logging out of the Active SSL VPN Session
30
Section 5.7, "Using the Sandbox Feature
30
Using the Sandbox Feature
30
Error
31
Section 5.8, "Error
31
Connecting after the Session Timeout Period
32
Downloading the Applet on Internet Explorer
32
Section 5.10, "Downloading the Applet on Internet Explorer
32
Section 5.9, "Connecting after the Session Timeout Period
32
Error Messages
33
A Error Messages
33
AM.1000: Client Integrity Check Failed. Check Error Logs for more Information
36
AM.1001: Server Is Not Responding
36
AM.1002: Client Is Inactive for more than <X> Minutes. Please Log out
36
Out
36
AM.1004: Problem with One of the Underlying Components/Connection. Please Log out
36
AM.1005: Failed to Find Free Ports on the Client
37
AM.1006: Resource Not Found on the Gateway
37
AM.1007: Failed to Download SSL VPN Files from the Gateway
37
AM.1008: Unable to Fetch Configuration Information from the Gateway
37
AM.1009: Unable to Fetch Policy Information from the Gateway
37
AM.100A: User Denied Access. Please Contact the System Administrator
37
AM.100B: Openssl Needs to be Installed. Please Log out
37
AM.100C: Dependent Components Are Not Available in this System. Please Log out
37
AM.100D: Another Instance of SSL VPN Is Running. Please Close this Browser
38
AM.100E: SSL VPN Session Disconnected as Because the Server Is Not Responding. Please Log out
38
AM.100F: Gateway Internal Error. Please Contact the System Administrator
38
AM.100G: the Enterprise Server Is Down. Please Contact the System Administrator
38
AM.100H: the Kiosk Server Is Down. Please Contact the System Administrator
38
AM.100I: Your SSL VPN Connection was Terminated by the System Administrator. Please Log out
38
AM.100J: Your SSL VPN Connection was Terminated Because of Configuration Changes in the Server or Because the Server was Restarted. Please Log out
39
AM.101A: Failed to Find Free Ports for CIC on the Client
39
AM.101B: Failed to Install the CIC Package
39
AM.101C: Failed to Accept CIC Call
39
AM.101D: Invalid Message Type Received from CIC
39
AM.101E: Connection Closed by CIC
39
AM.101F: Failed to Uninstall the CIC Package
39
AM.101G: Error in CIC Policy Processing
40
AM.1305: Unable to Send Acknowledgment to the Applet for the DNS Message Received
44
AM.1306: Disconnect Message from the Applet was Incorrect (Incorrect Message Length)
44
AM.1307: Unable to Send Acknowledgment to the Applet for the Disconnect Message Received
45
AM.1308: Polresolver Received an Incomplete Message
45
AM.1309: Failed to Allocate Memory for Internal Operation
45
AM.1500: Failed to Send Statistics Request to Stunnel
45
AM.1501: Statistics Response Message from Stunnel was Incorrect (Incorrect Message Length)
45
AM.1502: Unable to Send Disconnect Message from Stunnel
45
AM.1503: Disconnect Acknowledgment Message from Stunnel was Incorrect (Incorrect Length of Message)
45
AM.1504: Incorrect Message from Stunnel (Incorrect Length of Message)
45
AM.1505: Invalid Message from Stunnel (Message Type Unknown)
45
AM.1506: SSL VPN Server Certificate Validation Failed. Please Log out
46
AM.1507: Disconnected Because of Hibernation/Standby. Please Log out
46
AM.1701: Openvpn Authentication Failed. Please Log out
46
AM.1702: Openvpn Connection Error. Please Log out
46
AM.1703: Received a Fatal Error from Openvpn. Please Log out
46
AM.1704: Policy Initialization Failed. Please Log out
47
AM.1705: Tunnel Adapter Interface Is Down. Please Log out
47
AM.1801: Service Is Not Running. Please Log out
47
AM.1801A: Connection to Service Failed
47
AM.1801B: Failed to Run SSL VPN Services
47
AM.1804: Maximum Attempts to Enter Password Reached. Please Close the Browser
48
AM.1805: Timeout Occurred While Entering Credentials. Please Close the Browser
48
AM.1805A: You Have Been Forced to Use the Enterprise Mode. Please Close the Browser
48
AM.1806: Unable to Initialize Browser Cache Cleaner
48
AM.1807: Failed to Update the Thin Client with Policies
48
AM.1808: Pop-Up Window Inactivity Time Is up
48
AM.1809: Error: Failed to Start SSL VPN Desktop Cleanup
49
AM.1810: Please Log out of the Current Session or Close the Browser before Connecting Again
49
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010 Manual (30 pages)
Brand:
NOVELL
| Category:
Software
| Size: 0.56 MB
Table of Contents
Installation Instructions
3
General Issues
11
Table of Contents
15
After Migrating an Identity Server from Windows 2003 to Windows 2008, Personal Cards Cannot be Used for Authentication
16
When You Reinstall the Identity Server on a Windows Machine, Commands Remain in a Pending State
16
Authentication with Other Methods
16
HTML Frames Are Lost after a Redirect
16
The SAML NMAS Method in Access Manager Is Incompatible with 64-Bit Edirectory
17
Problems with Session Timeout
17
Auto Provision X509
17
Gzip Has Been Disabled on the SLES 11 Version of the Access Gateway Appliance
19
Netstorage Only Partially Works with the Access Gateway Appliance
19
After a Change, the Cluster Fails to Return to a Green Status
19
The Time Zone Selection Page Displays both Asia/Calcutta and Asia/Kolkata Options
19
Lotus Domino Webaccess Server Cannot be Configured as a Path-Based Multi-Homing Service
20
The Secondary Network Gateway Address Is Deleted if the Network Interface Is Restarted
20
Reverting to an Earlier Snapshot of the Access Gateway Might Cause Multiple Crashes
21
XML Validation Errors Occur When Applying Changes to the Access Gateway
20
When a Browser Session Terminates, All Origin Web Server Session Cookies Are Not Terminated
20
Incorrect Health Status Is Reported and the Listener Creation Fails if the Port Is Used by Another Process
21
An Error Occurs When a User Tries to Download Access Manager Logs through Internet Explorer 7 and
21
The Enforce 128-Bit Encryption between Access Gateway and Web Server Option Is Not Functional in this Release
21
Unable to Connect to Access Gateway with Low and Medium Ciphers
21
Multiple Sessions Are Created When You Use Openoffice Tools with a Webdav Connection
22
Cookie and Session Issues with Nautilus File Manager and Webdav Connections
22
On a New Install, the Secure Logging Server Is Not Configured Correctly
22
Communication Problems between the Novell Audit Client and the Audit Server Might Crash the Linux Access Gateway
22
Installation on Vmware ESX Works in Text Mode Only
23
Rewriter on and off Flags Are Not Effective in a Character Profile
23
Legal Notices
30
Advertisement
Related Products
NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
Novell Access Manager 3.1 SP 1
Novell Access Manager 3.1 SP2 Beta 1
Novell Access Manager 3.1 SP 2
NOVELL IDENTITY MANAGER 3.6. - INTEGRATION
NOVELL IFOLDER 3 - ADMINISTRATION
Novell Enhanced Smart Card Method 3.0.1
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL