Novell ACCESS MANAGER 3.1 SP1 - ADMINISTRATION manuals
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- Table Of Contents
- About This Guide
- Event Code Overview
- Administration Console (009)
- Identity Server (001)
- Linux Access Gateway Appliance(045)
- SSL VPN Server (005)
- J2EE Agents (006)
- Server Communications (JCC) (007)
- Policy Engine (008)
- SOAP Policy Enforcement Point (011)
- Backup and Restore (010)
- Novell Modular Authentication Class (012)
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- legal notices
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- additional documentation
- Administration Console
- Configuration Store
- Administration Console Conventions
- Changing the Administration Console Session Timeout
- Multiple Administrators, Multiple Sessions
- Managing Delegated Administrators
- Enabling Auditing
- Configuring Access Manager for Novell Auditing
- Querying Data and Generating Reports in Novell Audit
- Backing Up and Restoring Components
- Backing Up the Administration Console
- Restoring an Administration Console Configuration
- Traditional SSL VPN Server
- Restoring the Configuration with an Identity Server on the Same Machine
- Restoring the Configuration with an ESP-Enabled SSL VPN Server
- Restoring an Identity Server
- Single Access Gateway
- Running the Diagnostic Configuration Export
- Security and Certificate Management
- Process Flow
- Access Manager Trust Stores
- Access Manager Keystores
- Managing Certificates
- Managing Certificates and Keystores
- Managing Trusted Roots and Trust Stores
- Security Considerations for Certificates
- Importing a Trusted Root to the LDAP User Store
- Replacing Identity Server SSL Certificates
- Assigning Certificates to an Access Gateway
- Assigning Certificates to J2EE Agents
- Changing a Non-Secure (HTTP) Environment to a Secure (HTTPS) Environment
- Reviewing the Command Status for Certificates
- Access Manager Logging
- HTTP Transaction Logging for Proxy Services
- Using the Log Files for Troubleshooting
- Sample Authentication Traces
- Changing the IP Address of Access Manager Devices
- Changing the IP Address of the Access Gateway Appliance
- Changing the IP Address of an Audit Server
- Troubleshooting the Administration Console
- Logging
- Event Codes
- Converting a Secondary Console into a Primary Console
- Shutting Down the Administration Console
- Restoring CA Certificates
- Performing Component-Specific Procedures
- Enabling Backup on the New Primary Administration Console
- Orphaned Objects in the Trust/Configuration Store
- Repairing the Configuration Datastore
- Linux) Exception Processing IdentityService_ServerPage.JSP
- A Certificates Terminology
- B.1 Resolving Certificate Import Issues
- Trusted Root
- B.2 Mutual SSL with X.509 Produces Untrusted Chain Messages
- B.5 When a User Accesses a Resource, the Browser Displays Certificate Errors
- C.1 Modifying a Configuration That References a Removed Object
- C.2 Configuration UI Writes Incorrect Information to the Local Configuration Store
- D.1 NIDS: Sent a Federate Request (002e0001)
- D.2 NIDS: Received a Federate Request (002e0002)
- D.4 NIDS: Received a Defederate Request (002e0004)
- D.6 NIDS: Received a Register Name Request (002e0006)
- D.8 NIDS: Logged out a Local Authentication (002e0008)
- D.10 NIDS: User Session Was Authenticated (002e000a)
- D.11 NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b)
- D.13 NIDS: Received an Attribute Query Request (002e000d)
- D.15 NIDS: Failed to Provision a User Account (002e000f)
- D.16 NIDS: Web Service Query (002e0010)
- D.18 NIDS: Connection to User Store Replica Lost (002e0012)
- D.19 NIDS: Connection to User Store Replica Reestablished (002e0013)
- D.21 NIDS: Server Stopped (002e0015)
- D.23 NIDS: Intruder Lockout (002e0017)
- D.25 NIDS: Warning Component Log Entry (002e0019)
- D.27 Access Gateway: PEP Configured (002e0301)
- D.29 J2EE Agent: JACC Authorization PEP Configured (002e0306)
- D.30 Roles Assignment Policy Evaluation (002e0320)
- D.32 Access Gateway: Form Fill Policy Evaluation (002e0322)
- D.34 J2EE Agent: Web Service Authorization Policy Evaluation (002e0324)
- D.36 J2EE Agent: Startup (002e0401)
- D.38 J2EE Agent: Reconfigure (002e0403)
- D.40 J2EE Agent: Authentication Failed (002e0405)
- D.41 J2EE Agent: Web Resource Access Allowed (002e0406)
- D.43 J2EE Agent: Clear Text Access Denied (002e0408)
- D.45 J2EE Agent: EJB Access Allowed (002e040a)
- D.46 J2EE Agent: EJB Access Denied (002e040b)
- D.48 Access Gateway: URL Not Found (0x002e0508)
- D.49 Access Gateway: System Started (0x002e0509)
- D.51 Access Gateway: Identity Injection Parameters (0x002e050c)
- D.52 Access Gateway: Identity Injection Failed (0x002e050d)
- D.54 Access Gateway: Form Fill Authentication Failed (0x002e050f)
- D.55 Access Gateway: URL Accessed (0x002e0512)
- D.56 Access Gateway: IP Access Attempted (0x002e0513)
- D.58 Access Gateway: All WebServers for a Service is Down (0x002e0516)
- D.59 Management Communication Channel: Health Change (0x002e0601)
- D.61 Management Communication Channel: Device Deleted (0x002e0603)
- D.62 Management Communication Channel: Device Configuration Changed (0x002e0604)
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- legal notices
- Table Of Contents
- About This Guide
- Installing and Configuring Linux Access Gateway on RHEL
- Installing and Configuring the Linux Access Gateway on RHEL
- Upgrading the Linux Access Gateway on RHEL
- Additional Information on Installing And Configuring
- Installing the Linux Access Gateway
- Configuring Hardware and System Services
- Verifying the Linux Access Gateway Installation on RHEL
- Configuring the Linux Access Gateway to Boot from RHEL
- Starting the Linux Access Gateway from RHEL
- Configuring the Linux Access Gateway after It Is Installed on RHEL
- Configuring a Secondary IP Address
- Troubleshooting
- A Additional Information
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- legal notices
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- additional documentation
- Configuring the Access Gateway to Protect Web Resources
- Creating a Reverse Proxy and Proxy Service
- Configuring a Proxy Service
- Configuring the Web Servers of a Proxy Service
- Configuring Protected Resources
- Setting Up a Protected Resource
- Understanding URL Path Matching
- Modifying Authentication Procedures
- Assigning an Authorization Policy to a Protected Resource
- Assigning an Identity Injection Policy to a Protected Resource
- Assigning a Form Fill Policy to a Protected Resource
- Assigning a Policy to Multiple Protected Resources
- Configuring Protected Resources for Specific Applications
- Configuring a Protected Resource for a SharePoint Server with an ADFS Server
- Configuring a Protected Resource for Outlook Web Access
- Configuring a Protected Resource for a Novell Teaming 2.0 Server
- Configuring HTML Rewriting
- Understanding the Rewriting Process
- Specifying the DNS Names to Rewrite
- Defining the Requirements for the Rewriter Profile
- Configuring the HTML Rewriter and Profile
- Disabling the Rewriter
- Configuring Connection and Session Limits
- Configuring TCP Connect Options for Web Servers
- Configuring Connection and Session Persistence
- Configuring the Access Gateway for SSL
- Prerequisites for SSL
- Configuring SSL Communication with the Browsers and the Identity Server
- Configuring SSL between the Proxy Service and the Web Servers
- Enabling Secure Cookies
- Securing the Proxy Session Cookie
- Managing Access Gateway Certificates
- Server Configuration Settings
- Saving, Applying, or Canceling Configuration Changes
- Starting and Stopping the Access Gateway
- Updating the Access Gateway
- Starting the Access Gateway Service Provider
- Stopping the Access Gateway Appliance
- Changing the Name of an Access Gateway and Modifying Other Server Details
- Setting the Date and Time
- Customizing Error Pages on the Gateway Appliance
- Customizing the Error Pages by Using the Default Template
- Customizing and Localizing Error Messages
- Configuring Network Settings
- Viewing and Modifying Gateway Settings
- Viewing and Modifying DNS Settings
- Configuring Hosts
- Adding New Network Interfaces to the Gateway Appliance
- Customizing Logout Requests
- Configuring X-Forwarded-For Headers
- Exporting the Configuration
- Importing the Configuration
- Cleaning Up and Verifying the Configuration
- Access Gateway Maintenance
- Interpreting Log Messages
- Configuring Logging of SOAP Messages and HTTP Headers
- Configuring Proxy Service Logging
- Calculating Rollover Requirements
- Enabling Logging
- Configuring Common Log Options
- Configuring Extended Log Options
- Configuring the Size of the Log Partition
- Viewing Cluster Statistics
- Monitoring Access Gateway Alerts
- Configuring Access Gateway Alerts
- Enabling Access Gateway Audit Events
- Managing Server Health
- Monitoring the Health of an Access Gateway
- Viewing the Health of an Access Gateway Cluster
- Viewing the Command Status of the Access Gateway
- Viewing Detailed Command Information
- Configuring the Content Settings
- Controlling Browser Caching
- Configuring Custom Cache Control Headers
- Understanding How Custom Cache Control Headers Work
- Enabling Custom Cache Control Headers
- Configuring a Pin List
- URL Mask
- Pin Type
- Purging Cached Content
- Protecting Multiple Resources
- Setting Up a Group of Web Servers
- Using Multi-Homing to Access Multiple Resources
- Path-Based Multi-Homing
- Virtual Multi-Homing
- Creating a Second Proxy Service
- Configuring a Path-Based Multi-Homing Proxy Service
- Managing Multiple Reverse Proxies
- Changing the Authentication Proxy Service
- Managing a Cluster of Access Gateways
- Managing the Servers in the Cluster
- Changing the Primary Cluster Server
- Troubleshooting the Linux Access Gateway
- Useful Tools
- The Linux Access Gateway Console
- Viewing Configuration Information
- Useful Files for Troubleshooting the Access Gateway Appliance
- Using Touch Files
- Protected Resource Issues
- Troubleshooting HTTP 1.1 and GZIP
- Protected Resources Referencing Non-Existent Policies
- Gateway
- Recovering from a Hardware Failure on an Access Gateway Machine
- COS Related Issues
- Memory Issues
- Rewriter Issues
- Reading Configuration Files
- Additional DNS Name Without a Scheme Is Not Rewritten
- The Access Gateway Hangs When the Audit Server Comes Back Online
- Troubleshooting a Failed Linux Access Gateway Configuration
- Linux Access Gateway Not Responding
- Connection and Authentication Issues
- Authentication Issues
- Form Fill Issues
- Form Fill Error Messages
- Authorization and Identity Injection Issues
- Identity Injection Failures
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- legal notices
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- additional documentation
- Configuring an Identity Server
- Creating a Cluster Configuration
- Assigning an Identity Server to a Cluster Configuration
- Removing a Server from a Cluster Configuration
- Managing a Cluster with Multiple Identity Servers
- Enabling and Disabling Protocols
- Customizing Identity Server Messages
- Customizing the Branding of the Error
- Customizing Tooltip Text for Authentication Contracts
- Customizing the Identity Server Login
- Selecting the Login Page and Modifying It
- Configuring the Identity Server to Use Custom Login
- Troubleshooting Tips for Custom Login
- Customizing the Identity Server Logout
- Enabling Role-Based Access Control
- Server
- Configuring the Identity Server for netHSM
- Configuring Secure Communication on the Identity Server
- Viewing the Services That Use the Signing Key Pair
- Viewing Services That Use the Encryption Key Pair
- Security Considerations
- Authentication Contracts
- Configuring Local Authentication
- Configuring Identity User Stores
- Configuring the User Store
- Configuring an Admin User for the User Store
- Creating Authentication Classes
- Specifying Common Class Properties
- Configuring Authentication Methods
- Configuring Authentication Contracts
- Using a Password Expiration Service
- URL Parameters
- Grace Logins
- Managing Direct Access to the Identity Server
- Logging In to the User Portal
- Specifying a Target
- Configuring Advanced Local Authentication Procedures
- Configuring Mutual SSL (X.509) Authentication
- Setting Up Mutual SSL Authentication
- Configuring for Kerberos Authentication
- Prerequisites
- Configuring Active Directory
- Configuring the Identity Server
- Configuring the Clients
- Configuring the Access Gateway for Kerberos Authentication
- Configuring Access Manager for NESCM
- Creating a Contract for the Smart Card
- Assigning the NESCM Contract to a Protected Resource
- Troubleshooting
- Defining Shared Settings
- Editing Attribute Sets
- Configuring User Matching Expressions
- Adding Custom Attributes
- Creating LDAP Attribute Names
- Adding Authentication Card Images
- Configuring SAML and Liberty Trusted Providers
- Embedded Service Providers
- High-Level Steps
- Configuring General Provider Options
- Configuring the General Identity Consumer Options
- Modifying a Trusted Provider
- Using the Intersite Transfer Service
- Selecting Attributes for a Trusted Provider
- Managing Metadata
- Configuring an Authentication Request for an Identity Provider
- Configuring an Authentication Response for a Service Provider
- Managing the Authentication Card of an Identity Provider
- Configuring CardSpace
- Prerequisites for CardSpace
- Enabling High Encryption
- Authenticating with a Personal Card
- Authenticating with a Managed Card
- Creating and Installing a Managed Card
- Configuring the Relying Party to Trust an Identity Provider
- Logging In with the Managed Card
- Authenticating with a Managed Card Backed by a Personal Card
- Configuring the Identity Server as a Relying Party
- Defining a Trusted Provider
- Cleaning Up Identities
- Configuring STS
- Creating a Managed Card Template
- Using CardSpace Cards for Authentication to Access Gateway Protected Resources
- Configuring WS Federation
- Configuring the ADFS Server
- Logging In
- Configuring the ADFS Server to Be an Identity Provider
- Additional WS Federation Configuration Options
- Modifying the User Identification Method
- Managing the Metadata
- Modifying the Authentication Card
- Modifying the Authentication Response
- Configuring User Identification Methods for Federation
- Selecting a User Identification Method for SAML 1.1
- Configuring the Attribute Matching Method
- Defining the User Provisioning Method
- User Provisioning Error Messages
- Configuring Communication Profiles
- Configuring a SAML 1.1 Profile
- Configuring Liberty Web Services
- Configuring the Web Services Framework
- Editing Web Service Descriptions
- Configuring Credential Profile Security and Display Settings
- Configuring Service and Profile Details
- Customizing Attribute Names
- Configuring the Web Service Consumer
- Mapping LDAP and Liberty Attributes
- Configuring One-to-One Attribute Maps
- Configuring Employee Type Attribute Maps
- Configuring Employee Status Attribute Maps
- Configuring Postal Address Attribute Maps
- Configuring Contact Method Attribute Maps
- Configuring Gender Attribute Maps
- Configuring Marital Status Attribute Maps
- Maintaining an Identity Server
- Updating an Identity Server Configuration
- Restarting the Identity Server
- Editing Server Details
- Managing Log File Size
- Configuring Session-Based Logging
- Creating the Logging Session Class, Method, and Contract
- Enabling Basic Logging
- Monitoring the Health of an Identity Server
- Monitoring Identity Server Statistics
- Application
- Incoming HTTP Requests
- Outgoing HTTP Requests
- SAML 1.1
- Clustering
- LDAP
- Enabling Identity Server Audit Events
- Monitoring Identity Server Alerts
- Troubleshooting the Identity Server and Authentication
- The Metadata
- DNS Name Resolution
- Certificate Names
- Certificates in the Required Trust Stores
- Certificates in the Correct Certificate Store
- Enabling Debug Logging
- Testing Whether the Provider Can Access the Metadata
- Authentication Classes and Duplicate Common Names
- Slow Authentication
- Browser Hangs in an Authentication Redirect
- A Simple Redirect Script
- Configuring iptables for Multiple Components
- Problems Reading Keystores after Identity Server Re-installation
- A Sample Custom Login
- A.2 Custom nidp.jsp File with Custom Credentials
- A.2.2 The Modified main.jsp File
- A.2.3 The Method and the Contract
- A.3.2 The Method and the Contract
- A.4.1 Modifying the File
- A.4.2 The Method and the Contract
- B About Liberty
- C Understanding How Access Manager Uses SAML
- C.2 Trusted Provider Reference Metadata
- C.6 Identity Provider Process Flow
- C.7 SAML Service Provider Process Flow
- D Data Model Extension XML
- D.2 Writing Data Model Extension XML
ACCESS MANAGER 3.1 SP1 - ADMINISTRATION
Table of contents
- legal notices
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Part I Overview of SSL VPN
- SSL VPN Features
- Traditional and ESP-Enabled SSL VPNs
- Traditional Novell SSL VPN
- High and Low Bandwidth SSL VPNs
- SSL VPN Client Modes
- Prerequisites
- Kiosk Mode
- Installing the SSL VPN Server
- Installing ESP-Enabled SSL VPN
- Installing the ESP-Enabled SSL VPN
- Installing the Traditional Novell SSL VPN
- Installing the RPM Containing Key For High Bandwidth SSL VPN
- Uninstalling the RPM Containing Key For High Bandwidth SSL VPN
- Upgrading SSL VPN Servers
- Upgrade Scenarios
- Upgrading SSL VPN Installed on a Separate Machine
- Migrating a Traditional SSL VPN Server to the ESP-Enabled Version
- Migrating Traffic Policies from Traditional SSL VPN to ESP- Enabled SSL VPN
- Upgrading Clustered SSL VPN Servers
- Configuration Changes to the SSL VPN Server Installed with the Linux Access Gateway
- Preinstalling the SSL VPN Client Components
- Uninstalling the SSL VPN Server
- Deploying SSL VPN
- Deployment Procedure
- Deployment Scenario
- Deploying the Traditional Novell SSL VPN
- Configuring Authentication for ESP-Enabled Novell SSL VPN
- Accelerating the Traditional Novell SSL VPN
- Injecting the SSL VPN Header
- Configuring the IP Address, Port, and NAT
- Configuring the SSL VPN Gateway Without NAT or L4
- Configuring Route and Source NAT for Enterprise Mode
- Ordering SNAT Entries
- Configuring DNS Servers and Certificates
- Configuring DNS Servers for Kiosk Mode
- Configuring End-Point Security and Access Policies for SSL VPN
- Configuring Policies to Check the Integrity of Client Machine
- Configuring the Category
- Configuring Applications for a Category
- Exporting and Importing Client Integrity Check Policies
- Configuring Traffic Policies
- Rule Ordering
- Exporting and Importing Traffic Policies
- Configuring How Users Connect to SSL VPN
- Allowing Users to Select the SSL VPN Mode
- Configuring SSL VPN to Download the Java Applet on Internet Explorer
- Customizing SSL VPN User Interface
- Customizing Error Messages
- Configuring Full Tunneling
- Configuring SSL VPN to Connect through a Forward Proxy
- Creating the proxy.conf File
- Configuring SSL VPN for Citrix Clients
- Configuring a Custom Login Policy for Citrix Clients
- Configuring the Access Gateway to protect the Citrix Server
- Configuring Single Sign-On Between Citrix and SSL VPN
- Additional Configurations
- Disconnecting Active SSL VPN Connections
- Overview of SSL VPN Clusters
- Limitations
- Creating a Cluster of SSL VPN Servers
- Adding An SSL VPN Server to a Cluster
- Removing an SSL VPN Server from a Cluster
- Clustering SSL VPN by Using L4
- Configuring a Cluster of Traditional SSL VPNs by Using L4
- Clustering SSL VPNs By Using Access Gateway and Without L4
- Testing the Scripts
- Configuring SSL VPN to Monitor Health of Cluster
- Virtual Server Settings Example
- Enabling SSL VPN Audit Events
- Viewing SSL VPN Statistics
- Viewing Statistics of SSL VPN Server Cluster
- Viewing the Bytes Graphs
- Monitoring Health of SSL VPN Servers
- Monitoring Health of SSL VPN Cluster
- Viewing the Command Status of the SSL VPN Server
- Monitoring SSL VPN Alerts
- Viewing SSL VPN Alerts
- Viewing SSL VPN Cluster Alerts
- Part VI Troubleshooting SSL VPN
- Troubleshooting SSL VPN Installation
- Troubleshooting SSL VPN Configuration
- Connection Problems with Mozilla Firefox
- Connection Problems with Internet Explorer
- SSL VPN Connects in Kiosk Mode, But There Is No Data Transfer
- Verifying SSL VPN Components
- Unable to Contact the SSL VPN Server
- Unable to Connect to the SSL VPN Gateway
- SSL VPN Server Is Unable to Handle the Session
- Bringing Up the Server If a Cluster Member Is Down
manualsdatabase
Your AI-powered manual search engine