test

Sun Java System Access Manager 7.1 Release Notes

Configuration Issues

Incorrect console redirection behind a load balancer (6480354)

If you have Access Manager instances deployed behind a load balancer, login to the Access Manager Console may be redirected to one of the Access Manager instances rather than to the load balancer. The URL in the browser also changes to the Access Manager instance. For example, this problem can occur if you login into the Console using this URL:

http://loadbalancer.example.com/amserver/realm

This redirection can occur in both Realm mode and Legacy mode deployments.

There are two workarounds for this issue. You can use either one:

  1. Login with either of the following URLs:

    http://loadbalancer/amserver/UI/Login

    http://loadbalancer/amserver

  2. In AMConfig.properties, set the com.sun.identity.loginurl property to the name of the loadbalancer. This needs to be done on each Access Manager Instance behind the load balancer.

Notification URL needs to be updated for Access Manager SDK installation without web container (6491977)

If you install the Access Manager SDK without a web container by running the Java ES 5 installer with the Configure Now option, the com.iplanet.am.notification.url property in the AMConfig.properties file is set to NOTIFICATION_URL. If you don't perform any additional web container configuration, users will not receive notifications from the remote Access Manager server.

Workaround: Reset this property as follows: com.iplanet.am.notification.url=""

Password Reset service reports notification errors when a password is changed (6455079)

When a password is changed, Access Manager submits the email notification using an unqualified sender name Identity-Server, which results in errors entries in the amPasswordReset logs. For example:


07/19/2006 10:26:04:010 AM PDT: Thread[service-j2ee,5,main] 
ERROR: Could not send email to user [Ljava.lang.String;@999262
com.sun.mail.smtp.SMTPSendFailedException: 553 5.5.4 <Identity-Server>... 
Domain name required for sender address Identity-Server

Workaround: The following workaround is for Solaris systems. For other platforms such as Linux, Windows, or HP-UX, adjust the base installation directory for the specific platform.

  1. In /opt/SUNWam/locale/amPasswordResetModuleMsgs.properties, change fromAddress.label=<Identity-Server> to fromAddress.label=<IdentityServer@myhost.company.com>.

  2. In /opt/SUNWam/locale/amAuth.properties, change the lockOutEmailFrom property from Password-Administrator to Password-Administrator@myhost.company.com.

  3. Restart Access Manager server.

Account Locking feature fails to send email notification when the user's account is locked (6760137)

If the Account Locking feature is enabled and a user is locked out after a defined number of failures, an email notification is not sent.

Workaround. Change the lockOutEmailFrom property as described in Step 2 of the workaround for Password Reset service reports notification errors when a password is changed (6455079) and then restart Access Manager server.

Platform server list and FQDN alias attribute are not updated (6309259, 6308649)

In a multiple server deployment, the platform server list and FQDN alias attribute are not updated if you install Access Manager on the second (and subsequent) servers.

Workaround: Add the Realm/DNS aliases and platform server list entries manually. For the steps, see the section Adding Additional Instances to the Platform Server List and Realm/DNS Aliases in Sun Java System Access Manager 7.1 Postinstallation Guide.

Data validation for required attributes in the services (6308653)

Access Manager 7.1 enforces required attributes in service XML files to have default values.

Workaround: If you have services with required attributes that do not have values, add values for the attributes and then reload the service.

Document workaround for deployment on a secure WebLogic 8.1 instance (6295863)

If you deploy Access Manager 7.1 into a secure (SSL enabled) BEA WebLogic 8.1 SP4 instance, an exception occurs during the deployment of each Access Manager web application.

Workaround: Follow these steps:

  1. Apply the WebLogic 8.1 SP4 patch JAR CR210310_81sp4.jar, which is available from BEA.

  2. In the /opt/SUNWam/bin/amwl81config script, (Solaris systems) or /opt/sun/identity/bin/amwl81config script (Linux systems), update the doDeploy function and the undeploy_it function to prepend the path of the patch JAR to the wl8_classpath, which is the variable that contains the classpath used to deploy and un-deploy the Access Manager web applications.

    Find the following line containing the wl8_classpath:

    wl8_classpath= ...

  3. Immediately after the line you found in Step 2, add the following line:

    wl8_classpath=path-to-CR210310_81sp4.jar:$wl8_classpath

The amconfig script does not update the realm/DNS aliases and platform server list entries (6284161)

In a multiple server deployment, the amconfig script does not update the realm/DNS aliases and platform server list entries for additional Access Manager instances.

Workaround: Add the Realm/DNS aliases and platform server list entries manually. For the steps, see the section Adding Additional Instances to the Platform Server List and Realm/DNS Aliases in Sun Java System Access Manager 7.1 Postinstallation Guide.

Default Access Manager mode is realm in the configuration state file template (6280844)

By default, the Access Manager mode (AM_REALM variable) is enabled in the configuration state file template.

Workaround: To install or configure Access Manager in Legacy mode, reset the variable in the state file:

AM_REALM = disabled