Web Containers supported
Sun Java System Web Server 7.0
Sun Java System Application Server 8.2
BEA WL 8.1 SP4
IBM WebSphere 18.104.22.168
Monitoring Framework Integration
Access Manager can use the Java Enterprise System Monitoring Framework to monitor the following:
Number of authentications attempted
Number of remote authentications attempted (optional)
Number of successful authentications
Number of failed authentications
Number of successful logout operations
Number of failed logout operations
Transaction time for each module if possible (running and waiting states)
Size of the session table (hence maximum number of sessions)
Number of active sessions (incremental counter)
Maximum cache size
Transaction time for operations (running and waiting)
Policy evaluation in and out requests
Policy connection pool statistics for the subject's plug-in's LDAP server
Distributed Authentication service not required to stick to one server for load-balanced deployments
Authentication service and server not required to stick to one server for load-balanced deployments
Composite advices support among Authentication service, Policy Agents, and Policy service. Includes AuthenticateToRealm condition, AuthenticateToService condition, and realm qualification to all conditions.
Advising organization (realm qualified Authentication conditions)
Authentication configurations / authentication chains (AuthServiceCondition)
Module-based authentication can now be disallowed if Authentication chaining is enforced
Distributed Authentication service supports Certificate authentication module
Added CertAuth to Distributed Authentication UI to make it a full featured credential extractor presentation
New Datastore authentication module as an out-of-box module which authenticates against the configured datastore for a given realm
Account lockout configuration now persistent across multiple AM server instances
Chaining of post-processing SPI classes
A new policy condition AuthenticateToServiceCondition added, to enforce the user is authenticated to specifc authentication service chain.
A new policy condition AuthenticateToRealmCondition added, to enforce the user is authenticated to a specific realm.
A new policy condition LDAPFilterCondition is added, to enforce the user matches the specified ldap filter.
Support for one level wild card compare to facilitate protecting the contents of the directory without protecting sub-directory.
Policies can be created in subrealms without explicit referral policies from parent realm if organization alias referral is enabled in global policy configuration.
AuthLevelCondition can specify the realm name in addition to authentication level.
AuthSchemeCondition can specify the realm name in addition to authentication module name .
Service Management module
Support for storing Service Management/Policy configuration in Active Directory
Access Manager SDK
Support APIs for authenticating users to a default Identity Repository framework database
Web Services support
Liberty ID-WSF SOAP provider: Authentication provider that encapsulates the Liberty ID-WSF SOAP binding as implemented by Access Manager. This consists of a client and service provider.
HTTP layer SSO provider: HttpServlet layer authentication provider that encapsulates server-side Access Manager-based SSO
Repackaging Access Manager as J2EE Application resulting in a single WAR file to become web deployable
Support for 64-bit SJS Web Server 7.0 - to support the 64-bit JVM
Support for grouping of delegation privileges
Supports upgrade to Access Manager 7.1 from the following versions: Access Manager 7.0 2005Q4, Access Manager 6.3 2005Q1, and Identity Server 6.2 2004Q2.
Support for delegation in logging module - controlling which Identities are authorized to write to or read from the log files.
Support JCE Based SecureLogHelper - making it possible to use JCE (in addition to JSS) as a security provider for Secure Logging implementation