Resumen del contenido incluido en la página 1
SunJavaSystemAccessManager
7.1ReleaseNotes
SunMicrosystems,Inc.
4150NetworkCircle
SantaClara,CA95054
U.S.A.
PartNo:819–4683–10
March2007����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Resumen del contenido incluido en la página 2
Copyright2007SunMicrosystems,Inc. 4150NetworkCircle,SantaClara,CA95054U.S.A. Allrightsreserved. SunMicrosystems,Inc.hasintellectualpropertyrightsrelatingtotechnologyembodiedintheproductthatisdescribedinthisdocument.Inparticular,andwithout limitation,theseintellectualpropertyrightsmayincludeoneormoreU.S.patentsorpendingpatentapplicationsintheU.S.andinothercountries. U.S.GovernmentRights–Commercialsoftware.GovernmentusersaresubjecttotheSunMicrosystems,Inc.standardlicenseagreementandapplicableprovi
Resumen del contenido incluido en la página 3
Contents SunJavaSystemAccessManager7.1ReleaseNotes .......................................................................5 RevisionHistory .....................................................................................................................................6 AboutSunJavaSystemAccessManager7.1........................................................................................6 What’sNewinThisRelease ..............................................................................
Resumen del contenido incluido en la página 4
Contents AMSDKIssues..............................................................................................................................27 SSLIssue ........................................................................................................................................28 SamplesIssue ................................................................................................................................29 LinuxOSIssues .............................................
Resumen del contenido incluido en la página 5
SunJavaSystem AccessManager7.1ReleaseNotes March2007 PartNumber819-4683-10 TM TheSunJava SystemAccessManager7.1ReleaseNotescontainimportantinformation availablefortheSunJavaEnterpriseSystem(JavaES)release,includingnewAccessManager featuresandknownissueswithworkarounds,ifavailable.Readthisdocumentbeforeyou installandusethisrelease. ToviewtheJavaESproductdocumentation,includingtheAccessManagercollection,see http://docs.sun.com/prod/entsys.05q4. Checkthissitepriortoinstallingandsettingupyoursoftwar
Resumen del contenido incluido en la página 6
RevisionHistory RevisionHistory ThefollowingtableshowstheAccessManager7.1ReleaseNotesrevisionhistory. TABLE1 RevisionHistory Date DescriptionofChanges July2006 Betarelease. March2007 JavaEnterpriseSystem5release AboutSunJavaSystemAccessManager7.1 SunJavaSystemAccessManagerispartoftheSunIdentityManagementinfrastructurethat allowsanorganizationtomanagesecureaccesstoWebapplicationsandotherresourcesboth withinanenterpriseandacrossbusiness-to-business(B2B)valuechains. AccessManagerprovidesthesemainfu
Resumen del contenido incluido en la página 7
What’sNewinThisRelease devices,applications,andservice-drivennetworks.TypicalusesoftheJMXtechnologyinclude: consultingandchangingapplicationconfiguration,accumulatingstatisticsaboutapplication behavior,notificationofstatechangesanderroneousbehaviors.Dataisdeliveredtocentralized monitoringconsole. AccessManager7.1usestheJavaESMonitoringFrameworktocapturestatisticsand service-relateddatasuchasthefollowing: ■ Numberofattempted,successful,andfailedauthentications ■ Policycachingstatistics ■ Policyev
Resumen del contenido incluido en la página 8
What’sNewinThisRelease ■ Numberofsuccessfulauthentications ■ Numberoffailedauthentications ■ Numberofsuccessfullogoutoperations ■ Numberoffailedlogoutoperations ■ Transactiontimeforeachmoduleifpossible(runningandwaitingstates) 2. Sessions ■ Sizeofthesessiontable(hencemaximumnumberofsessions) ■ Numberofactivesessions(incrementalcounter) 3. ProfileService ■ Maximumcachesize ■ Transactiontimeforoperations(runningandwaiting) 4. Policy ■ Policyevaluationinandoutrequests ■ Policyconnectionpoolstatisti
Resumen del contenido incluido en la página 9
What’sNewinThisRelease ■ AnewpolicyconditionAuthenticateToRealmConditionadded,toenforcetheuseris authenticatedtoaspecificrealm. ■ AnewpolicyconditionLDAPFilterConditionisadded,toenforcetheusermatchesthe specifiedldapfilter. ■ Supportforonelevelwildcardcomparetofacilitateprotectingthecontentsofthedirectory withoutprotectingsub-directory. ■ Policiescanbecreatedinsubrealmswithoutexplicitreferralpoliciesfromparentrealmif organizationaliasreferralisenabledinglobalpolicyconfiguration. ■ AuthLevelCondi
Resumen del contenido incluido en la página 10
HardwareandSoftwareRequirements ■ SupportJCEBasedSecureLogHelper-makingitpossibletouseJCE(inadditiontoJSS)as asecurityproviderforSecureLoggingimplementation DeprecationNotificationandAnnouncement SunJava(TM)SystemAccessManager7.1identitymanagementAPIsandXMLtemplates enablesystemadministratorstocreate,delete,andmanageidentityentriesinSunJavaSystem DirectoryServer.AccessManageralsoprovidesAPIsforidentitymanagement.Developersuse thepublicinterfacesandclassesdefinedinthecom.iplanet.am.sdkpackagetoin
Resumen del contenido incluido en la página 11
HardwareandSoftwareRequirements TABLE2 HardwareandSoftwareRequirements Component Requirement TM ■ Operatingsystem(OS) Solaris 10onSPARC,x86,andx64based systems,includingsupportforwholerootlocal andsparserootzones. ■ Solaris9onSPARCandx86basedsystems. TM ■ RedHat EnterpriseLinux3and4,allupdates AdvancedServer(32and64–bitversions)and EnterpriseServer(32and64–bitversions) ■ Windows Windows2000AdvancedServer,DataCenter ServerversionSP4onx86 Windows2003Standard(32and64–bitversions), Enterprise(32and6
Resumen del contenido incluido en la página 12
HardwareandSoftwareRequirements TABLE2 HardwareandSoftwareRequirements (Continued) Component Requirement Webcontainers SunJavaSystemWebServer7.0Onsupported platform/OScombinationsyoumayelecttorunthe WebServerinstanceina64bitJVM.Support platforms:Solaris9/SPARC,Solaris10/SPARC,Solaris 10/AMD64,RedHatASorES3.0/AMD64,RedHat ASorES4.0/AMD64 SunJavaSystemApplicationServerEnterprise Edition8.2 BEAWebLogic8.1SP4 IBMWebSphereApplicationServer5.1.1.6 RAM Basictesting:512Mbytes Actualdeployment:1Gbytefort
Resumen del contenido incluido en la página 13
GeneralCompatibilityInformation TABLE3 SupportedBrowsers (Continued) Browser Platform TM Mozilla 1.7.12 SolarisOS,versions9and10 WindowsXP Windows2000 RedHatLinux3and4 MacOSX TM Netscape Communicator8.0.4 WindowsXP Windows2000 NetscapeCommunicator7.1 SolarisOS,versions9and10 GeneralCompatibilityInformation ■ “AMSDKintersystemincompatibilitywithAccessManagerserver”onpage13 ■ “UpgradenotsupportedforAccessManagerHPUXversion”onpage13 ■ “AccessManagerLegacyMode”onpage14 ■ “AccessManagerPolicyAgents”o
Resumen del contenido incluido en la página 14
GeneralCompatibilityInformation AccessManagerLegacyMode IfyouareinstallingAccessManagerwithanyofthefollowingproducts,youmustselectthe AccessManagerLegacy(6.x)mode: ■ SunJavaSystemPortalServer ■ SunJavaSystemCommunicationsServicesservers,includingMessagingServer,Calendar Server,InstantMessaging,orDelegatedAdministrator YouselecttheAccessManagerLegacy(6.x)mode,dependingonhowyouarerunningtheJava ESinstaller: ■ “JavaESSilentInstallationUsingaStateFile”onpage14 ■ ““ConfigureNow”InstallationOptioninGr
Resumen del contenido incluido en la página 15
GeneralCompatibilityInformation “ConfigureLater”InstallationOption IfyourantheJavaESInstallerwiththe“ConfigureLater“option,youmustruntheamconfig scripttoconfigureAccessManagerafterinstallation.ToselectLegacy(6.x)mode,setthe followingparameterinyourconfigurationscriptinputfile(amsamplesilent): ... AM_REALM=disabled ... FormoreinformationaboutconfiguringAccessManagerbyrunningtheamconfigscript,refer totheSunJavaSystemAccessManager7.1AdministrationGuide. DeterminingtheAccessManagerMode Todeterminewh
Resumen del contenido incluido en la página 16
KnownIssuesandLimitations KnownIssuesandLimitations Thissectiondescribesthefollowingknownissuesandworkarounds,ifavailable,atthetimeof theAccessManager7.1release. ■ “InstallationIssues”onpage16 ■ “UpgradeIssues”onpage16 ■ “CompatibilityIssues”onpage16 ■ “ConfigurationIssues”onpage19 ■ “AccessManagerConsoleIssues”onpage21 ■ “CommandLineIssue”onpage22 ■ “SDKandClientIssues”onpage23 ■ “AuthenticationIssues”onpage23 ■ “SessionandSSOIssues”onpage25 ■ “PolicyIssues”onpage26 ■ “ServerStartupIssues”onpag
Resumen del contenido incluido en la página 17
KnownIssuesandLimitations ■ “Incompatibilitiesexistincoreauthenticationmoduleforlegacymode(6305840)”onpage 18 ■ “DelegatedAdministratorcommadminutilitydoesnotcreateauser(6294603)”onpage18 ■ “DelegatedAdministratorcommadminutilitydoesnotcreateanorganization(6292104)” onpage18 AccessManagerSingleSign-OnfailsonUniversalWebClient(6367058, 6429573) TheproblemoccursafteryouinstallAccessManager,MessagingServer,andCalendarServer andconfigurethemtoworktogether,andtheninstalltheJES5120955-01patch.Theuser
Resumen del contenido incluido en la página 18
KnownIssuesandLimitations Incompatibilitiesexistincoreauthenticationmoduleforlegacymode (6305840) AccessManager7.1legacymodehasthefollowingincompatibilitiesinthecoreauthentication modulefromAccessManager62005Q1: ■ OrganizationAuthenticationModulesareremovedinlegacymode. ■ Thepresentationofthe“AdministratorAuthenticationConfiguration”and“Organization AuthenticationConfiguration”haschanged.IntheAccessManager7.1Console,the drop-downlisthasldapServiceselectedbydefault.IntheAccessManager62005Q1 Conso
Resumen del contenido incluido en la página 19
KnownIssuesandLimitations ConfigurationIssues ■ “NotificationURLneedstobeupdatedforAccessManagerSDKinstallationwithoutweb container(6491977)”onpage19 ■ “PasswordResetservicereportsnotificationerrorswhenapasswordischanged(6455079)” onpage19 ■ “PlatformserverlistandFQDNaliasattributearenotupdated(6309259,6308649)”onpage 20 ■ “Datavalidationforrequiredattributesintheservices(6308653)”onpage20 ■ “DocumentworkaroundfordeploymentonasecureWebLogic8.1instance(6295863)” onpage20 ■ “Theamconfigscriptdoesn
Resumen del contenido incluido en la página 20
KnownIssuesandLimitations PlatformserverlistandFQDNaliasattributearenotupdated (6309259,6308649) Inamultipleserverdeployment,theplatformserverlistandFQDNaliasattributearenot updatedifyouinstallAccessManageronthesecond(andsubsequent)servers. Workaround:AddtheRealm/DNSaliasesandplatformserverlistentriesmanually.Forthe steps,seethesection“AddingAdditionalInstancestothePlatformServerListandRealm/DNS Aliases”inSunJavaSystemAccessManager7.1PostinstallationGuide. Datavalidationforrequiredattributesinth
