Release Notes
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
This document includes release notes for BEA AquaLogic Enterprise Security 2.1 and 2.1 Service Pack 1:
This section describes features and changes in Service Pack 1 for BEA AquaLogic Enterprise Security 2.1. Be sure to see Release Notes for AquaLogic Enterprise Security 2.1 for information about features and changes, issues fixed, and known issues in that release.
This section covers the following topics:
AquaLogic Enterprise Security 2.1 Service Pack 1 includes the following new features:
All platforms supported by AquaLogic Enterprise Security 2.1 are supported by this Service Pack. In addition:
This section provides information about installing AquaLogic Enterprise Security 2.1 Service Pack 1. Service Pack 1 requires uninstalling your previous version of ALES and making a fresh installation.
If you have any previous versions of ALES installed and you want to keep your current ALES policy, export it using the ALES Policy Export tool.
Uninstall any previous versions of ALES you have installed.
To install ALES 2.1 SP1, run the appropriate installation program for your platform and the ALES product component. For installation instructions, see the following documentation:
ALES 2.1 SP1 includes files for use with each ALES 2.1 product and each supported operating system.
ales211admin_rhas21_IA32.bin
ales211admin_rhas3_IA32.bin
ales211admin_solaris32.bin
ales211admin_win32.exe
ales211ssm_rhas21_IA32.bin
ales211ssm_rhas3_IA32.bin
ales211ssm_solaris32.bin
ales211ssm_aix32.jar
ales211ssm_win32.exe
If you exported a previous ALES policy using the ALES Policy Export tool, after you complete the installation you can import it into ALES 2.1 sp1 using the ALES Policy Import tool.
The following instructions are needed only if the SCM needs to bind to a configurable IP address.
<public-soap-server>
<listener host="<
MachineIP
>" port="7015" protocol="https">
...
local-soap-server
from 127.0.0.1
to your <
MachineIP
>
so that it looks as follows:<local-soap-server>
<listener host="<
MachineIP
>" port="7013" protocol="https">
...
scmHostname <
MachineIP
>
For any SSM instances already created the following file will also need this property.
BEA_HOMEales21-ssm/<
ssm-type
>/instance/<instance-name
>/conf/WLESarme.conf
ales21-admin/config/WLESWebLogic.conf
and add the following Java System property to the correct place as follows:wrapper.java.additional.26=-Dwles.scm.hostname=<
MachineIP
>
If you are using Tomcat as the web server to host the admin console app then you need to make the same edit to the WLESTomcat.conf file.
BEA_HOME/ales21-admin/bin/WLESadmin.sh/bat
and replace port 7013 with 7015 in the start()
and init()
functions.BEA_HOME/ales21-ssm/webservice-ssm/instance/<
instance-name
>/config/security.properties
to add the following Java property at the end as follows:wles.scm.hostname=<
MachineIP
>
BEA_HOME/ales21-ssm/webservice-ssm/instance/<
instance-name
>/bin/set-env.sh/bat
to add the following Java property at the correct place as follows:set WLES_JAVA_OPTIONS=%WLES_JAVA_OPTIONS% -Dwles.scm.hostname=<
MachineIP
>
ales21-ssm/wls-ssm/instance/<
instance-name
>/bin/set-wls-env.sh/bat
to add the following Java property at the correct place as follows:set WLES_JAVA_OPTIONS=%WLES_JAVA_OPTIONS% -Dwles.scm.hostname=<
MachineIP
>
ales21-ssm/java-ssm/instance/<
instance-name
>/bin/set-env.sh/bat
to add the following Java property at the correct place as follows:set WLES_JAVA_OPTIONS=%WLES_JAVA_OPTIONS% -Dwles.scm.hostname=<
MachineIP
>
ales21-admin/bin
directory. Run either BEA_HOME/ales21-admin/bin/install_schema_oracle.sh/bat
or BEA_HOME/ales21-admin/bin/install_schema_sybase.sh/bat
depending on your database.Note: The default domain name during install was asi
and hence if you have not changed it then enter asi
when the install schema scripts ask for domain instead of the default, which is the database user ID.
Table 1 lists the known issues fixed in this Service Pack 1 for AquaLogic Enterprise Security 2.1.
SCM should be able to bind to a configurable IP address or Hostname. |
||
SCM or startup script deletes SCM cache on startup. See Binding SCM to a Configurable IP Address. |
||
The following topics are covered is this section:
For information about Service Pack 1 for AquaLogic Enterprise Security 2.1, see Release Notes for AquaLogic Enterprise Security 2.1 Service Pack 1.
Welcome to BEA AquaLogic Enterprise Security 2.1! As the world's leading application infrastructure company, BEA® supplies a complete platform for building, integrating, and extending J2EE applications to provide business solutions. Companies select the BEA WebLogic® PlatformTM as their underlying software foundation to decrease the cost of information technology, leverage current and future assets, and improve productivity and responsiveness.
Now, BEA is extending its Application Security Infrastructure by offering the BEA AquaLogic Enterprise SecurityTM product line—a family of security solutions that provide enhanced application security and includes: policy-based delegated administration, authentication with single sign-on, consolidated auditing, and dynamic-role and policy-based authorization with delegation.
BEA AquaLogic Enterprise Security products are designed with an open and flexible standards-based framework that enforces security through a set of security services. You can protect you applications and other resources by customizing these services to meet the specific requirements of your business.
This section covers the following topics:
The following topics describe what is new in this release:
The following sections describe management enhancements:
The BLM API has been enhanced to included configuration management operations so that the BLM supports all of the functionality offered by the Administration Console.
This BLM API provides programmatic access to the AquaLogic Enterprise Security policy management infrastructure. This is a Java API that uses SOAP to communicate with the central management services. In addition to using this API to create and manage of users, groups, roles, resources, and resource policies, you can now use it to define security configurations and to distribute those configurations to SSMs—all of the same functions supported by the Administration Console.
The Web Services API offers management interfaces to provide functionality similar to the Administration Console and BLM.
IIS and Apache SSMs implement SAML POST profile that is fully conformant to SAML 1.1 specifications. Also applications can invoke SAML Credential Mapper and SAML Identity Assertion to generate and verify SAML 1.1 compliant assertions.
In this release, the ALES identity asserter supports for single sign-on (SSO) between ALES and the WebLogic Server Security Framework such that SSO can be achieved between Web Servers protected by ALES and regular WebLogic Server/WebLogic Portal. With this support, user authenticated on ALES do not have to be re-authenticated to log into on WebLogic Server or WebLogic Portal.
In this release of AquaLogic Enterprise Security, the following additional support has been added:
In this release, AquaLogic Enterprise Security can be used to protect AquaLogic Data Services Platform (ALDSP) data. You can use AquaLogic Enterprise Security to create and enforce a set of policies to control access to an entire data service or to individual fields returned by a data service. Integration with AquaLogic Data Services Platform v8.5 is supported.
The policy analysis tool has been enhanced to include role and group membership information.
The BEA AquaLogic Enterprise Security Version 2.1 is certified as compatible with WebLogic Server 8.1, Service Pack 4 and Service Pack 5 (Service Packs 1, 2, and 3 are not supported).
The Policy Export tool provided by the Administration Server now allows you to export policy data in XACML 2.0 format.
Users of WebLogic Enterprise Security (WLES) 4.2 Sp2 can migrate to ALES 2.1 and export, modify, and import policy data written for WLES to ALES. For instructions, see Upgrading an Administration Server to AquaLogic Enterprise Security 2.1 in the Policy Managers Guide.
Table 3 lists the releases of BEA AquaLogic Enterprise Security for each platform BEA supports. The BEA AquaLogic Enterprise Security products can used on the following platforms:
Note: Windows XP is supported only as a platform to run the Administration Console. The Windows XP system display should be run in Classic Style to achieve compatibility with the Administration Console.
Table 2 lists the platform on which each AquaLogic Enterprise core component is supported.
Sun Solaris 8, 9, 10(32-bit) |
||
Microsoft Active Directory1 |
AquaLogic Enterprise Security 2.1 does not provide support for localization, either to support specific GUI languages or character code-sets. AquaLogic Enterprise Security 2.1 has not been certified on internationalized operating systems or databases.
Table 4 lists the known issues fixed in this release of AquaLogic Enterprise Security 2.1.
This section describes known limitations in BEA AquaLogic Enterprise Security, Version 2.1 and may include a possible workaround or fix, where applicable. If an entry includes a CR (Change Request) number, a possible solution may be provided in a future BEA AquaLogic Enterprise Security 2.1 release where BEA will provide vendor specific code to fix the problem. Refer to the CR number to conveniently track the solution as problems are resolved.
Please contact your BEA Technical Support for assistance in tracking any unresolved problems. For contact information, see the section Contacting BEA Customer Support.
Table 5 lists the known issues in this release of AquaLogic Enterprise Security 2.1.
Your feedback on the product documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the product documentation.
In your e-mail message, please indicate that you are using the documentation for the BEA AquaLogic Enterprise Security Version 2.1 release.
If you have any questions about this version of the BEA AquaLogic Enterprise Security product, or if you have problems installing and running the product, contact BEA Customer Support through BEA Web Support at http://support.bea.com. You can also contact Customer Support by using the contact information provided on the Customer Support Card, which is included in the product package.
When contacting Customer Support, be prepared to provide the following information:
![]() |
![]() |
![]() |