Novell Access Manager 3.1 SP2 Beta 1 Manual Download Page 14 | Manualshive

Page: 14 / 22

background image

14

Access Manager 3.1 SP2 Beta 1 Scenarios

no

vd

ocx

(e

n)

17

Sep

te

m

be

r 20

09

3

In the

Client Cleanup Options

section, configure default values and configure whether the user

can modify the default.
By default

Java Cache Cleanup

and

Clear Browser Private Data

options are enabled and the

Allow User to Override

option is enabled for all options.

For this beta scenario, allow the user to override the default setting for some of the options. For
more information on the options, click the help (?) icon.

4

Click

OK

.

5

Update the SSL VPN server.

6

Log in as an SSL VPN client.

7

Click

Logout

.

Based on the configuration in the Administration Console, you can select some cleanup
options, but others are disabled.

4.2.4 Test Results

Your selection for the cleanup options should be available when you log out as an SSL VPN client.

4.3 Configuring for HMAC (Hash-Based Message
Authentication Code)

HMAC is an option provided by OpenVPN* to authenticate the client before OpenVPN negotiation
is initiated. It means that the first packet from the OpenVPN client to the OpenVPN server contains
the HMAC signature. This beta scenario verifies that the client gets the HMAC key from the server
and uses it to authenticate.

You generate the HMAC key by using the Administration Console. This beta scenario verifies that
any ongoing client connections are torn down with an OpenVPN error and that subsequent
connections are successful.

4.3.1 Assumptions

The HMAC key is applicable only for Enterprise mode clients.

4.3.2 Known Issues

None.

4.3.3 Procedure

1

Log in to the Administration Console.

2

Click

Devices > SSL VPNs > Edit > Basic Configuration

.

3

In the Other Configuration section, set the

Authentication Hardening

option to

On

.

The

Re-generate

button appears beside the option with the current time stamp.

4

Click

OK

.

5

Update the SSL VPN server.

6

As an Enterprise client, connect to SSL VPN server by using the published SSL VPN URL.

7

In the Administration Console, click

Devices > SSL VPNs > Basic Configuration

.

«
...
12
13
14
15
16
...
»

Summary of Contents for Access Manager 3.1 SP2 Beta 1

Page 1: ...The SLES 11 version of the Access Gateway Appliance supports newer hardware and SLES 11 is a supported operating system that provides security updates The previous version of the Access Gateway Appli...

Page 2: ...cess Gateway Appliances in a cluster from 3 0 SP4 to 3 1 SP2 and use the timeout per protected resource feature 1 2 1 Assumptions Your current Access Manager setup has a 3 0 SP4 IR4 version of the Adm...

Page 3: ...figuration at the Identity Server 4b Apply the changes to the Linux Access Gateway Appliance cluster The timeout per protected resource feature is enabled on the Linux Access Gateway Appliances 5 If y...

Page 4: ...ce from the network 4 Install the SLES 11 version of the Access Gateway Appliance For installation instructions see Installing the Linux Access Gateway Appliance http www novell com documentation beta...

Page 5: ...C1 using the Name Password Form method Set the authentication timeout value to 15 minutes and set the Activity realm to test 2 At the Access Gateway create protected resource PR1 and assign C1 to it 3...

Page 6: ...signing a Timeout Per Protected Resource http www novell com documentation beta novellaccessmanager31 accessgatehelp data prlist html bmn94qo 2 1 2 Known Issues None 2 1 3 Procedure 1 Create a new aut...

Page 7: ...13 Go back to the page on protected resource PR1 Access should still be allowed The user has not been inactive so the activity has kept the session to PR1 active 14 Access the page on protected resou...

Page 8: ...t confusion all authentication contracts should be assigned the default session timeout if the Any Contract option is used 2 2 Unique Activity Realms The purpose of this scenario is to introduce you t...

Page 9: ...e PR2 9 Update the Access Gateway 10 Access a page on protected resource PR1 from a client browser You should be prompted to authenticate 11 Access a page on protected resource PR2 with the same brows...

Page 10: ...ct option To prevent authentication timeout confusion all authentication contracts should be assigned the default session timeout if the Any Contract option is used 3 Access Gateway Service Scenarios...

Page 11: ...s use one of the basic configuration scenarios from the Setup Guide http www novell com documentation beta novellaccessmanager31 basicconfig data bookinfo html To use an existing Web server see Config...

Page 12: ...edure 1 Log in to the Administration Console then click Devices SSL VPNs Edit 2 Click Client Integrity Check Policies 3 Create new policies for different operating systems For example 3a Select Window...

Page 13: ...ager 3 1 SP2 provides an option in the Administration Console to control the desktop cleanup options for the SSL VPN users You can configure the following client cleanup options Clear Browser Private...

Page 14: ...ption provided by OpenVPN to authenticate the client before OpenVPN negotiation is initiated It means that the first packet from the OpenVPN client to the OpenVPN server contains the HMAC signature Th...

Page 15: ...ell sslvpn hmac key file holds the same HMAC key as in the config xml file After regenerating the key the time stamp should change appropriately The config xml file and the hmac key file should be upd...

Page 16: ...following A single host IP address such as 192 168 45 1 A range of IP addresses in the same subnet such as 192 168 46 8 192 168 46 21 A network or mask such as 192 168 47 0 255 255 255 0 A full tunnel...

Page 17: ...bookinfo html Kiosk mode is not supported on 64 bit Windows clients 4 5 2 Known Issues In a Windows 7 32 bit client the Internet Explorer 8 browser cannot be used in the Kiosk mode to access HTTP dat...

Page 18: ...session and verify that the client cleanup options are enforced by verifying the browser private data and Java cache 4 5 4 Test Results for New Client Operating Systems In each of the clients the brow...

Page 19: ...ity check enforcement for the application definition type of AbsoluteFile has been extended to use MD5 checksum With this change you can now use the file name as well as the MD5 checksum value of the...

Page 20: ...e file on the client is the same as the definition on the SSL VPN server 4 6 6 Troubleshooting Tips If you initially had a file whose MD5 checksum was calculated on the SSL VPN server then the file wa...

Page 21: ...4 Specify details of the Embedded Service Provider Base URL For this beta scenario select HTTP and specify port 80 5 Select the Enable Port Translation option 6 In the To field specify the port Tomcat...

Page 22: ...r import deliverables You agree not to export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agre...

Reviews:

No comments

Related manuals for Access Manager 3.1 SP2 Beta 1

Brand: IBM Pages: 34

Brand: Yamaha Pages: 30

SECURITY MANAGEMENT CENTER 2.5

Brand: AVIRA Pages: 39

PRIVILEGED USER MANAGER 2.2

Brand: Novell Pages: 37

Brand: Creative Pages: 84

CERTIFICATE 7.3 RELEASE NOTES

Brand: Red Hat Pages: 24

CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE

Brand: Red Hat Pages: 512

Brand: Tascam Pages: 210

Doctor Pro 3 TM-9501

Brand: A&D Pages: 85

CREATIVE 4D EXPRESS MONOGRAM WIZARD

Brand: Pfaff Pages: 2

Brand: Mackie Pages: 20

Brand: Cabletron Systems Pages: 36

CONTRIBUTE 3 - DEPLOYING AND PUBLISHING...

Brand: MACROMEDIA Pages: 66

LogiCORE 1000BASE-X

Brand: Xilinx Pages: 230

IMAQ Vision for Measurement Studio

Brand: National Instruments Pages: 114

Digital Wave Player VN-120PC

Brand: Olympus Pages: 4

Brand: Sun Microsystems Pages: 32

MOTOwi4 - RFS7000 - Network Management Device

Brand: Motorola Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands