Novell Access Manager 3.1 SP2 Beta 1 Manual Download Page 7 | Manualshive

Page: 7 / 22

background image

Access Manager 3.1 SP2 Beta 1 Scenarios

7

no

vd

ocx

(e

n)

17

Sep

te

m

be

r 20

09

4e

Click

Next

.

4f

Modify the

Text

and

Image

to fit your needs.

4g

Click

Finish

.

5

Update the Identity Server.

6

Make sure the Access Gateway has two protected resources (PR1 and PR2). Create them if
necessary.

7

Assign authentication contract C1 to protected resource PR1.

8

Assign authentication contract C2 to protected resource PR2.

9

Update the Access Gateway.

10

Access a page on protected resource PR1 from a client browser.
You should be prompted to authenticate.

11

Access a page on protected resource PR2 with the same browser session.
You should be prompted to authenticate again. Make sure to use the same user for both logins.

12

Refresh the page on protected resource PR2 at least once a minute over a time period greater
than 5 minutes.

13

Go back to the page on protected resource PR1.
Access should still be allowed. The user has not been inactive, so the activity has kept the
session to PR1 active.

14

Access the page on protected resource PR2 again.

15

Let the browser sit idle for a time period greater than 5 minutes but less than 10 minutes.

16

Refresh the page on protected resource PR2.
The page should refresh without prompting you to authenticate.

17

Access the page on protected resource P1.
You should be prompted to authenticate again. You have been idle longer than the contract’s
timeout limit.

2.1.4 Test Results

Activity on a protected resource with the same realm as other protected resources prevents
authentication timeout on the other protected resources.

Each protected resource can have a different authentication timeout.

2.1.5 Troubleshooting Tips

An authentication contract with an empty realm or a realm of

Any

allows activity from any

protected resource to prevent a timeout on a protected resource that uses that contract.

«
...
5
6
7
8
9
...
»

Summary of Contents for Access Manager 3.1 SP2 Beta 1

Page 1: ...The SLES 11 version of the Access Gateway Appliance supports newer hardware and SLES 11 is a supported operating system that provides security updates The previous version of the Access Gateway Appli...

Page 2: ...cess Gateway Appliances in a cluster from 3 0 SP4 to 3 1 SP2 and use the timeout per protected resource feature 1 2 1 Assumptions Your current Access Manager setup has a 3 0 SP4 IR4 version of the Adm...

Page 3: ...figuration at the Identity Server 4b Apply the changes to the Linux Access Gateway Appliance cluster The timeout per protected resource feature is enabled on the Linux Access Gateway Appliances 5 If y...

Page 4: ...ce from the network 4 Install the SLES 11 version of the Access Gateway Appliance For installation instructions see Installing the Linux Access Gateway Appliance http www novell com documentation beta...

Page 5: ...C1 using the Name Password Form method Set the authentication timeout value to 15 minutes and set the Activity realm to test 2 At the Access Gateway create protected resource PR1 and assign C1 to it 3...

Page 6: ...signing a Timeout Per Protected Resource http www novell com documentation beta novellaccessmanager31 accessgatehelp data prlist html bmn94qo 2 1 2 Known Issues None 2 1 3 Procedure 1 Create a new aut...

Page 7: ...13 Go back to the page on protected resource PR1 Access should still be allowed The user has not been inactive so the activity has kept the session to PR1 active 14 Access the page on protected resou...

Page 8: ...t confusion all authentication contracts should be assigned the default session timeout if the Any Contract option is used 2 2 Unique Activity Realms The purpose of this scenario is to introduce you t...

Page 9: ...e PR2 9 Update the Access Gateway 10 Access a page on protected resource PR1 from a client browser You should be prompted to authenticate 11 Access a page on protected resource PR2 with the same brows...

Page 10: ...ct option To prevent authentication timeout confusion all authentication contracts should be assigned the default session timeout if the Any Contract option is used 3 Access Gateway Service Scenarios...

Page 11: ...s use one of the basic configuration scenarios from the Setup Guide http www novell com documentation beta novellaccessmanager31 basicconfig data bookinfo html To use an existing Web server see Config...

Page 12: ...edure 1 Log in to the Administration Console then click Devices SSL VPNs Edit 2 Click Client Integrity Check Policies 3 Create new policies for different operating systems For example 3a Select Window...

Page 13: ...ager 3 1 SP2 provides an option in the Administration Console to control the desktop cleanup options for the SSL VPN users You can configure the following client cleanup options Clear Browser Private...

Page 14: ...ption provided by OpenVPN to authenticate the client before OpenVPN negotiation is initiated It means that the first packet from the OpenVPN client to the OpenVPN server contains the HMAC signature Th...

Page 15: ...ell sslvpn hmac key file holds the same HMAC key as in the config xml file After regenerating the key the time stamp should change appropriately The config xml file and the hmac key file should be upd...

Page 16: ...following A single host IP address such as 192 168 45 1 A range of IP addresses in the same subnet such as 192 168 46 8 192 168 46 21 A network or mask such as 192 168 47 0 255 255 255 0 A full tunnel...

Page 17: ...bookinfo html Kiosk mode is not supported on 64 bit Windows clients 4 5 2 Known Issues In a Windows 7 32 bit client the Internet Explorer 8 browser cannot be used in the Kiosk mode to access HTTP dat...

Page 18: ...session and verify that the client cleanup options are enforced by verifying the browser private data and Java cache 4 5 4 Test Results for New Client Operating Systems In each of the clients the brow...

Page 19: ...ity check enforcement for the application definition type of AbsoluteFile has been extended to use MD5 checksum With this change you can now use the file name as well as the MD5 checksum value of the...

Page 20: ...e file on the client is the same as the definition on the SSL VPN server 4 6 6 Troubleshooting Tips If you initially had a file whose MD5 checksum was calculated on the SSL VPN server then the file wa...

Page 21: ...4 Specify details of the Embedded Service Provider Base URL For this beta scenario select HTTP and specify port 80 5 Select the Enable Port Translation option 6 In the To field specify the port Tomcat...

Page 22: ...r import deliverables You agree not to export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agre...

Reviews:

No comments

Related manuals for Access Manager 3.1 SP2 Beta 1

DATA SYNCHRONIZER

Brand: Novell Pages: 50

DEEP FREEZE - INTEGRATING WITH ALTIRIS...

Brand: FARONICS Pages: 22

Brand: Bosch Pages: 40

Divar Archive Player

Brand: Bosch Pages: 10

Brand: Bosch Pages: 86

DINION IP 5000 MP

Brand: Bosch Pages: 112

CLUSTER MANAGER - INSTALLATION AND

Brand: Red Hat Pages: 190

ANTI-VIRUS 2011 - REV 2011.11

Brand: AVG Pages: 209

PhaserPrint 2.0

Brand: Tektronix Pages: 2

Brand: UNIBLUE Pages: 3

Brand: Oracle Pages: 130

Brand: FieldServer Pages: 17

Brand: FieldServer Pages: 14

Brand: Picsel Pages: 23

Brand: Symantec Pages: 44

20097684 - Norton Ghost 15.0

Brand: Symantec Pages: 213

BREEZE-FOR MEETING PRESENTERS

Brand: MACROMEDIA Pages: 96

Brand: Cabletron Systems Pages: 90

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands