Documentation Issues

• Missing information when configuring Access Manager in SSL mode (6660610)

• Access Manager supports non-ascii character passwords if Directory Server is configured to support them (6661374)

• Document the roles and filtered roles support for LDAPv3 plug-in (6365196)

• Document unused properties in the AMConfig.properties file (6344530)

• Document how to enable XML encryption (6275563)

Missing information when configuring Access Manager in SSL mode (6660610)

In Chapter 8, Configuring Access Manager in SSL Mode, in Sun Java System Access Manager 7.1 Postinstallation Guide, the documentation fails to mention that the port number is changed from 80 to 443 if configure SSL for Access Manager with a secure WebServer and did not select the "Enable SSL" checkbox during installation.

Access Manager supports non-ascii character passwords if Directory Server is configured to support them (6661374)

Access Manager supports non-ascii characters in password fields only if the Directory Server is configured to support them. The Sun Java System Directory Server 7-Bit check plug-in should be disabled to let non-ascii characters to be stored. This flag, by default, is enabled in Directory Server 5.2 and should be disabled if non-ascii characters are needed to be entered in the userPassword entery. The 7-Bit Check Plug-in is disabled by default in Directory Server versions 6.0 and above.

Document the roles and filtered roles support for LDAPv3 plug-in (6365196)

After applying the respective patch, you can configure roles and filtered roles for the LDAPv3 plug-in, if the data is stored in Sun Java System Directory Server (fixes problem ID 6349959). In the Access Manager 7.1 Administration console, in LDAPv3 configuration for the “LDAPv3 Plug-in Supported Types and Operations” field, enter the values as:

role: read,edit,create,delete
filteredrole: read,edit,create,delete

You can enter one or both of the above entries, depending on the roles and filtered roles you plan to use in your LDAPv3 configuration.

Document unused properties in the AMConfig.properties file (6344530)

The following properties in the AMConfig.properties file are not used:

com.iplanet.am.directory.host
com.iplanet.am.directory.port

Document how to enable XML encryption (6275563)

To enable XML encryption for either Access Manager or Federation Manager using the Bouncy Castle JAR file to generate a transport key, follow these steps:

1. If you are using a JDK version earlier than JDK 1.5, download the Bouncy Castle JCE provider from the Bouncy Castle site (http://www.bouncycastle.org/). For example, for JDK 1.4, download the bcprov-jdk14-131.jar file.

2. If you downloaded a JAR file in the previous step, copy the file to the jdk_root/jre/lib/ext directory.

3. For the domestic version of the JDK, download the JCE Unlimited Strength Jurisdiction Policy Files from the Sun site (http://www.oracle.com/technetwork/java/index.html) for your version of the JDK. For IBM WebSphere, go to the corresponding IBM site to download the required files.

4. Copy the downloaded US_export_policy.jar and local_policy.jar files to the jdk_root/jre/lib/security directory.

5. If you are using a JDK version earlier than JDK 1.5, edit the jdk_root/jre/lib/security/java.security file and add Bouncy Castle as one of the providers. For example:

   security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

6. Set the following property in the AMConfig.properties file to true:

   com.sun.identity.jss.donotInstallAtHighestPriority=true

7. Restart the Access Manager web container.

For more information, refer to problem ID 5110285 (XML encryption requires Bouncy Castle JAR file).