Access Manager release notes

Tivoli® Access Manager for e-businessVersion 6.1.1

Release Notes

GC23-6501-01

��

NoteBefore using this information and the product it supports, read the information in “Notices,” on page 41.

Edition notice

This edition applies to version 6, release 1, modification 1 of IBM Tivoli Access Manager (product number5724-C87) and to all subsequent releases and modifications until otherwise indicated in new editions.

All rights reserved.

© Copyright IBM Corporation 2005, 2010.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Chapter 1. About this release . . . . . 1New features . . . . . . . . . . . . . . 1Download page for Tivoli Access Manager . . . . 1Backward compatibility. . . . . . . . . . . 2

Compatibility with earlier versions of Web ADK . 2Product compatibility . . . . . . . . . . . 2

Chapter 2. Installation, configuration,upgrade, and migration information. . . 3Operating systems . . . . . . . . . . . . 4

Supported operating systems and required patches 4Tivoli Access Manager components by operatingsystems. . . . . . . . . . . . . . . 21Single or cluster IBM WebSphere ApplicationServer . . . . . . . . . . . . . . . 23

Software requirements . . . . . . . . . . . 24Tivoli Access Manager software prerequisites . . 24Tivoli Access Manager supported Web browsers 25

Installation and configuration notes . . . . . . 26Upgrade notes . . . . . . . . . . . . . 26Supported registries . . . . . . . . . . . 26

IBM Tivoli Directory Server . . . . . . . . 26

IBM z/OS LDAP Server . . . . . . . . . 27IBM Lotus Domino Server . . . . . . . . 27Microsoft Active Directory Application Mode(ADAM) . . . . . . . . . . . . . . 27Microsoft Active Directory . . . . . . . . 27Novell eDirectory . . . . . . . . . . . 27Sun Java System Directory Server . . . . . . 28

Disk space requirements . . . . . . . . . . 29Memory requirements . . . . . . . . . . . 31

Chapter 3. Known limitations,problems, and workarounds . . . . . 33Limitations, known problems, and workarounds . . 33

Chapter 4. Documentation updates . . 37

Chapter 5. Contacting software support 39

Appendix. Notices . . . . . . . . . . 41Trademarks . . . . . . . . . . . . . . 43

© Copyright IBM Corp. 2005, 2010 iii

iv Release Notes

Chapter 1. About this release

IBM Tivoli Access Manager for e-business, version 6.1.1, builds on previous versions of Tivoli AccessManager and Tivoli® SecureWay™ Policy Director to provide a complete authentication and authorizationsolution for corporate e-business environments.

New featuresThis version provides the following enhancements:

Tivoli Access Manager Reverse Proxy (WebSEAL)

v Improved HTTP 1.1 support that includes persistent HTTP connections to junctioned serversand chunked transfer coding from client connections.

v Enhanced junction-specific configuration options such as HTTP connection timeout,junction-specific error pages, and login pages.

v Flexible health check configuration options per junction.v Enhanced server-side cookie management.v New combined TCP and SSL junction type.v Per user inactivity timeout using External Authentication Interface (EAI).v Improved junction recovery support.v Integration with the Tivoli Federated Identity Manager Security Token Service (STS) for

additional XML security token types that can be passed to junctioned applications.v Highly customizable HTTP logs.v X.509 Certificate authentication now supported using the EAI.v Enhanced CDAS certificate-based authentication that permits configuration-based mapping of

identity information from the given X.509 certificate.

Enhanced registry support

v New user and group Java™ administration API for LDAP registries.v New Java authentication API for LDAP registries.v Ability to track the last login time of a user and make it available using Command Line

Interface (CLI) and Application Development Kits (ADKs).v Added WebSphere® Application Server Federated Repository plug-in for Tivoli Access Manager

LDAP registries.

Ease of deployment and process management

v Replication of WebSEAL environment:– Support for importing and exporting WebSEAL configuration.– Configuration replication using pdadmin command.

v Role support added to Web Portal Manager (WPM).

Download page for Tivoli Access ManagerLinks to supplemental downloads for Tivoli products are at:

http://www.ibm.com/software/sysmgmt/products/support/IBMTivoliAccessManagerfore-business.html

© Copyright IBM Corp. 2005, 2010 1



Click Downloads and select IBM Tivoli Access Manager for e-business. Enter your registered user nameand password when prompted.

Backward compatibilityThe following Tivoli Access Manager components can communicate with version 6.1.1 of the policyserver and authorization server:v Tivoli Access Manager Runtime versions 6.1.1, 6.1, 6.0, and 5.1v Tivoli Access Manager Runtime for Java versions 6.1.1, 6.1, 6.0, and 5.1

The binary compatibility with earlier version supported by Tivoli Access Manager version 6.1.1, 6.1, 6.0,and 5.1 is as follows:v Tivoli Access Manager Runtime version 6.1.1 supports applications compiled against Tivoli Access

Manager version 6.0 and 5.1 ADKs for all operating systems.

Notes:

1. The authorization servers use the runtime for communication, and are compatible with authorizationserver versions older than 6.1.1.

2. All components on a single computer must have the same version.3. When using Active Directory or Lotus® Domino® as the user registry, all Tivoli Access Manager

components must be version 6.1.1.4. When using IBM Tivoli Directory Server as the user registry, you do not have to upgrade all Tivoli

Access Manager components in your secure domain to version 6.1.1.

Compatibility with earlier versions of Web ADKIBM Tivoli Access Manager WebSEAL versions 6.1.1, 6.1, 6.0, and 5.1 support:v IBM® Tivoli Access Manager.v IBM Tivoli Web runtime versions 6.1.1, 6.1, 6.0, and 5.1 support applications compiled using the Tivoli

Access Manager Web ADK versions 6.1.1, 6.1, 6.0, and 5.1.

Product compatibilityIBM Tivoli Access Manager 6.1.1 is compatible with the following products:v IBM Lotus Dominov IBM Tivoli Access Manager for Operating Systemsv IBM Tivoli Configuration Managerv IBM Tivoli Directory Serverv IBM Tivoli Federated Identity Managerv IBM Tivoli Identity Managerv IBM WebSphere Portal Serverv IBM Tivoli Directory Integratorv Tivoli Compliance Insight Managerv Tivoli Security Operations Managerv Tivoli Security Information and Event Manager

2 Release Notes

Chapter 2. Installation, configuration, upgrade, and migrationinformation

This section is organized based on the following industry-standard definitions:

InstallationThe process of adding a program, program option, or piece of hardware to an existing system ina manner such that it runs and interacts properly with all affected parts of the system.

MigrationThe process of replacing a component with another component.

ConfigurationConfiguration is the process of implementing software and hardware such that it permits thesystem as a whole to operate as expected. For a software product, configuration includes taskssuch as selecting the appropriate settings, setting up communication protocols, or setting up aprinter. For hardware, configuration might include setting up the hardware to optimize itsperformance for a particular system.

UpgradeThe process of changing from one version of a product to a later or improved version of the sameproduct.

Installation information describes what you must do to start or run the program or machine.Configuration information describes what you must do to make the program or machine operateappropriately now that the program or machine is running.


Operating systemsThe following sections provide:v Tables that list supported operating systems and required patches.v Tables that list operating systems supported by specific Tivoli Access Manager components.

Supported operating systems and required patches

Attention: Apply the changes for daylight saving time (DST) 2007 and later for your operating system.

AIXTivoli Access Manager components for AIX® are supported on 32-bit and 64-bit kernels in 32-bitcompatibility mode.

Table 1. AIX: Supported Tivoli Access Manager components

ArchitectureSupported operating

systemsTivoli Access Manager systems Required patches

RS/6000® AIX 5.2v Attribute Retrieval Service

v Authorization server

v Development (ADK)

v Plug-in for Apache Web Server 2.0.x and 2.2.x

v Plug-in for IBM HTTP Server 2.0.x, 6.x, 7.0

v Plug-in for Sun Java Systems Web Server 6.1,SP1

v Plug-in for WebSphere Edge ComponentsCaching Proxy

v Policy server

v Policy proxy server

v Runtime

v Runtime for Java

v Session management command line

v Session management server

v Web Portal Manager

v Web Security development (ADK)

v Web Security runtime

v WebSEAL

v Service Pack (SP) 5200-08-2 or later

v Technology Level (TL) 5200-08 orlater

4 Release Notes

Table 1. AIX: Supported Tivoli Access Manager components (continued)



AIX 5.3v Attribute Retrieval Service


v Development (ADK)

v Plug-in for Apache Web Server 2.0.x and 2.2.x




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v Service Pack (SP) 5200-04-02 orlater

v Technology Level (TL) 5300-04 orlater

AIX 6.1v Attribute Retrieval Service


v Development (ADK)

v Plug-in for Apache Web Server 2.0.x, 2.2.x




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

None

Chapter 2. Installation, configuration, upgrade, and migration information 5

HP-UXTable 2. HP-UX: Supported Tivoli Access Manager components



PA-RISC HP-UX 11iv2 (B.11.23)v Attribute Retrieval Service


v Development (ADK)

v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v PHSS_33449

v PHSS_33450

v PHSS_33405

HP-UX 11iv3 (B.11.31)v Authorization server

v Attribute Retrieval Service

v Development (ADK)

v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v PHSS_33449

v PHSS_33450

v PHSS_33405

HP-UX onIntegrity


v Development (ADK)

v Policy server


v Runtime

v Runtime for Java




v WebSEAL

v PHSS_34859

v PHSS_35978


v Development (ADK)

v Policy server


v Runtime

v Runtime for Java




v WebSEAL

v PHSS_34859

v PHSS_35978

6 Release Notes

Linux on x86Table 3. Linux on x86: Supported Tivoli Access Manager components



x86 Red Hat EnterpriseLinux® Server 4.0



v Development (ADK)

v Plug-in for IBM HTTP Server 2.0.x, 6.x, and 7.0

v Plug-in- for WebSphere Edge ComponentsCaching Proxy

v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Update 5

Red Hat EnterpriseLinux Server 5.0



v Development (ADK)


v Plug-in for WebSphere Edge Components CachingProxy

v Policy server


v Runtime

v Runtime for Java






v WebSEAL


Table 3. Linux on x86: Supported Tivoli Access Manager components (continued)



SUSE LinuxEnterprise Server 9



v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Service Pack 2





v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

8 Release Notes

Linux on x86-64Tivoli Access Manager components for Linux on x86–64 are supported on 64-bit AMD64/EM64T systems.

Table 4. Linux on x86–64: Supported Tivoli Access Manager components



x86-64 Red Hat EnterpriseLinux Server 4.0



v Development (ADK)

v Plug-in for IBM HTTP Server 2.0.x, 6.x, and7.0


v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Update 5




v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL


Table 4. Linux on x86–64: Supported Tivoli Access Manager components (continued)






v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Service Pack 1





v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

10 Release Notes

Linux on System zTivoli Access Manager components for Linux on System z® are supported on 64-bit System z kernels in31-bit compatibility mode.

Table 5. Linux on System z: Supported Tivoli Access Manager components



System z Red Hat EnterpriseLinux Server 4.0



v Development (ADK)

v Plug-in for Apache Web Server 2.0.x and2.2.x


v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v Update 5 or later

v compat-libstdc++-295-2.95.3-81.s390.rpm or later version

v compat-libstdc++-295-2.95.3-81.s390x.rpm or later version

v compat-libstdc++-33-3.2.3-47.3.s390.rpm or later version

v compat-libstdc++-33-3.2.3-47.3.s390x.rpm or later version




v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v compat-libstdc++-295-2.95.3-81.s390.rpm or later version

v compat-libstdc++-295-2.95.3-81.s390x.rpm or later version

v compat-libstdc++-33-3.2.3-47.3.s390.rpm or later version

v compat-libstdc++-33-3.2.3-47.3.s390x.rpm or later version


Table 5. Linux on System z: Supported Tivoli Access Manager components (continued)






v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v Service Pack 3 or later

v compat-2004.7.1-1.2.s390x.rpm or laterversion

v compat-32bit-9-200407011411.s390x.rpmor later version




v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v compat-2006.1.25-11.2.s390x.rpm orlater version

v compat-32bit-2006.1.25-11.2.s390x.rpmor later version

12 Release Notes

Table 5. Linux on System z: Supported Tivoli Access Manager components (continued)






v Development (ADK)



v Policy server


v Runtime

v Runtime for Java






v WebSEAL


Linux on POWERTivoli Access Manager components for Linux on POWER® are supported on 64-bit kernels in 32-bitcompatibility mode.

Table 6. Linux on POWER: Supported Tivoli Access Manager components

ArchitectureSupported

operating systemsTivoli Access Manager systems Required patches

Power Red Hat EnterpriseLinux Server 4.0


v Development (ADK)

v Policy server


v Runtime

v Runtime for Java


Update 5 or later



v Development (ADK)

v Policy server


v Runtime

v Runtime for Java


SUSE LINUXEnterprise Server 9


v Development (ADK)

v Policy server


v Runtime

v Runtime for Java


Service Pack 1



v Development (ADK)

v Policy server


v Runtime

v Runtime for Java




v Development (ADK)

v Policy server


v Runtime

v Runtime for Java


14 Release Notes

SolarisThe following table lists patches that Tivoli Access Manager 6.1.1 requires to run on Solaris systems.

Table 7. Solaris: Supported Tivoli Access Manager components



Solaris 9v Attribute Retrieval Service


v Development (ADK)

v Plug-in for Apache Web Server 2.0.x and2.2.x (Apache compiled in 31-bit mode only)


v Plug-in for Sun Java System Web Server (6.1SP1 and 7.0)


v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Patch cluster of December 2007

Solaris 10v Attribute Retrieval Service


v Development (ADK)

v Plug-in for Apache Web Server 2.0.xand2.2.x (Apache compiled in 31-bit mode only)


v Plug-in for Sun Java System Web Server (6.1SP1 and 7.0)


v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Patch cluster of December 2007


Table 7. Solaris: Supported Tivoli Access Manager components (continued)



x86-64 Solaris 10v Authorization server

v Development (ADK)

v Policy server


v Runtime

v Runtime for Java




v WebSEAL

16 Release Notes

Windows clientThe following table lists patches that Tivoli Access Manager 6.1.1 requires to run on Windows clients.

Table 8. Windows client: Supported Tivoli Access Manager components

Architecture Tivoli Access Manager systems Required patches

Windows® XPv Development (ADK)

v Runtime

v Runtime for Java

Professional version Service Pack 2

Windows Vista,Windows 7

v Development (ADK)

v Runtime

v Runtime for Java

Windows ServerThe following table lists patches that Tivoli Access Manager 6.1.1 requires to run on Windows servers.

Table 9. Windows Server x86: Supported Tivoli Access Manager components



x86-32v Windows 2003

Standard Serverv Attribute Retrieval Service


v Development (ADK)

v Plug-in for Internet Information Services 6.0



v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Service Pack 2


Table 9. Windows Server x86: Supported Tivoli Access Manager components (continued)



v Windows 2008Standard Server



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v Windows 2003Enterprise Server



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Service Pack 2

18 Release Notes

Table 9. Windows Server x86: Supported Tivoli Access Manager components (continued)



v Windows 2008Enterprise Server



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

Windows 64-bitThe following table lists patches that Tivoli Access Manager 6.1.1 requires to run on Windows 64-bitsystems.

Table 10. Windows 64-bit: Supported Tivoli Access Manager components



x86-64v Windows Server

2003 EnterpriseEdition

v Windows Server2003 StandardEdition



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java




v Web security development (ADK)

v Web security runtime

v WebSEAL

Service Pack 2


Table 10. Windows 64-bit: Supported Tivoli Access Manager components (continued)



v Windows Server2008 EnterpriseEdition

v Windows Server2008 StandardEdition



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

v Windows Server2008 R2 StandardEdition

v Windows Server2008 R2 EnterpriseEdition



v Development (ADK)




v Policy server


v Runtime

v Runtime for Java






v WebSEAL

20 Release Notes

Tivoli Access Manager components by operating systemsThe following sections provide tables that identify operating systems supported by the Tivoli AccessManager components.

Base components

AIX5.2,5.3,6.1

HP-UX11iV2,11iV3

HP-UXonIntegrity11iV2,11iV3

LinuxonSystemz

LinuxonPOWER

Linuxonx86

Linuxonx86-64

Solaris9, 10

Solarisonx86_6410

Windows2003 Adv,Ent

WindowsXP, Vista,Windows7

Windows2003ServerAdv, Enton x86Windows2008Server:Std, Enton x86_32

Windows2003Server:Adv, Enton x86_64Windows2008Server:Std, Ent onx86_64

Access ManagerRuntime

U U U U U U U U U U U U U

Access ManagerRuntime forJava


Access ManagerPolicy Server

U U U U U U U U U U U U

Access ManagerPolicy ProxyServer


Access ManagerAuthorizationServer


Access ManagerApplicationDevelopmentKit


Access ManagerWeb PortalManager


Access ManagerAttributeRetrievalService

U U U U U U U U U U


Web security components

AIX5.2,5.3,6.1

HP-UX11iV2,11iV3


LinuxonSystemz

LinuxonPOWER

Linuxon x86

Linuxonx86_64

Solaris9, 10

Solaris10 onx86_64


Windows2003 ServerAdv, Enton x86Windows2008Server:Std, Ent onx86_32

Windows2003Server:Adv, Enton x86_64Windows2008Server:Std, Enton x86_64

Access ManagerWeb Securityruntime

U U U U U U U U U U

Access Managerplug-in for EdgeServer

U U U U U U

Access ManagerWebSEAL

U U U U U U U U U U

Access ManagerWeb SecurityApplicationDevelopment Kit

U U U U U U U U U U

Plug-in for Web Servers

AIX5.2,5.3,6.1

HP-UX11iV2,11iV3


Linuxon x86

Linuxonx86-64

LinuxonSystemz

Linux onPOWER

Solaris9, 10

Solaris onx86_64 9and 10

WindowsXP, Vista,Windows 7

Windows2003 ServerAdv, Ent onx86Windows2008 Server:Std, Ent onx86_32

Windows2003Server:Adv, Enton x86_64Windows2008Server:Std, Enton x86_64

Apache WebServer 2.0.xand 2.2.x

U U U

IBM HTTPServer 2.0.x6.0, 6.1, and 7.0

U U U U U U U

Sun JavaSystem WebServer 6.1

U U

Sun JavaSystem WebServer 7.0.

U

Microsoft®

InternetInformationServices (IIS)6.0.x

U U

MicrosoftInternetInformationServices (IIS)7.0

U U

MicrosoftInternetInformationServices (IIS)7.5

U

22 Release Notes

Session management components

AIX5.2,5.3,6.1

HP-UX11iV2,11iV3,

HP-UXonIntegrity11iV2,11iV3,

LinuxonSystemz

Linux onPOWER

Linuxon x86

Linuxonx86_64

Solaris9, 10

Solarisonx86_6410


Windows 2003Server Adv, Enton x86Windows 2008Server: Std, Enton x86_32

Windows 2003Server: Adv,Ent on x86_64Windows 2008Server: Std, Enton x86_64

AccessManagerSessionManagementServer

U U U U U U U U

AccessManagerSessionManagementCommandLine

U U U U U U U U

Single or cluster IBM WebSphere Application ServerThe following section provide tables that identify which WebSphere environments (single server orcluster) are supported for Session Management Server and Web Portal Manager.

Session Management Server on IBM WebSphere Application Server

Single server Cluster

IBM WebSphere Application Server U

IBM WebSphere Network Deployment U U

The Session Management Server uses the IBM WebSphere eXtreme Scale product to handle thedistribution of session information between nodes within a WebSphere cluster. This product is providedwith the Tivoli Access Manager distribution, but has only been licensed for usage with the SessionManagement Server. If you want to use the product within your own WebSphere applications, contactIBM Sales to procure an additional license.

Minimum version requirement of WebSphere Application Server and WebSphere eXtreme Scale

The Tivoli Access Manager Session Management Server requires:v WebSphere Application Server 6.1.0.25 or 7.0.0.5 andv WebSphere eXtreme Scale 7.0.0.0 cumulative fix 3 or later

Web Portal Manager on IBM WebSphere Application Server

Single server Cluster

IBM WebSphere Application Server U

IBM WebSphere Network Deployment U U (dmgr node only)


Software requirementsThis section includes information about the IBM Tivoli Access Manager software prerequisites and theWeb browsers supported by IBM Tivoli Access Manager 6.1.1.

Tivoli Access Manager software prerequisitesThe software and their versions required by Tivoli Access Manager are provided in the following table:

Software Version

IBM DB2 Universal Database™ Enterprise ServerEdition

9.1 fix pack 2 or later, or 9.5

IBM Tivoli Directory Server (client and server) 6.0, 6.1, or 6.2; 1.8 for z/OS

IBM Global Security Kit (GSKit) 7.0.4.28

IBM Java Runtime 1.5.0 SR5

IBM WebSphere Application Server 6.1.0.25 or 7.0.0.5

IBM WebSphere eXtreme Scale 7.0.0.0 cumulative fix 3 or later

IBM WebSphere Application Server NetworkDeployment

6.1.0.25 or 7.0.0.5

IBM WebSphere Network Deployment Edgecomponent

7.0

Microsoft Internet Information Services (IIS) 6.0, 7.0.x, and 7.5.x

Sun Java System Web Server 6.1 (Solaris and AIX) and 7.0 (Solaris)

IBM HTTP Server 2.0, 6.0, 6.1.x, and 7.0.x

Apache Web Server 2.0.x and 2.2.x

24 Release Notes

Tivoli Access Manager supported Web browsersIBM Tivoli Access Manager 6.1.1 supports at least the following Web browsers:v AIX: Mozilla 1.5 and 1.7.8, Firefox 3.0 and 3.5v HP-UX : Mozilla 1.5 and 1.7.8, Firefox 3.0 and 3.5v Linux: Mozilla 1.5 and 1.7.8, Firefox 3.0 and 3.5v Solaris : Mozilla 1.5 and 1.7.8, Firefox 3.0 and 3.5v Windows : Mozilla 1.7.8, Firefox 3.0 and 3.5, Internet Explorer versions 6.0, 7.0, 8.0, and any

modifications and fix packs.

Note: If you are using the Mozilla browser on AIX, Linux on x86, Solaris, or HP-UX operating systems,you might see incorrect results when using the keyboard in the Web Administration Tool. See thesystems requirements for IBM Tivoli Directory Server 6.1 for more information.


Installation and configuration notesThis section provides additional details about the Tivoli Access Manager 6.1.1 installation andconfiguration.

Upgrade notesv If you have a version of DB2® that is not supported, you must upgrade to a supported version. On

AIX, you must upgrade to a 64-bit version.v Migrating WebSEAL to 6.1.1 on AIX versions 5.1 and later is supported only with an LDAP registry

and Active Directory registry.v Upgrade of a previous Web Portal Manager system is not supported. You must install Web Portal

Manager 6.1.1.v Access Manager Runtime requires the Tivoli Directory Server client 6.1. Use GSKit 7.0.4.28 for all

operating systems unless the directory server is Lotus Domino or Microsoft Active Directory. For LotusDomino, the Notes® client is required and it is only available on Windows. For Microsoft ActiveDirectory, Tivoli Directory Server client 6.1 is required for all servers except the policy server, whichmust be on a Windows server.

Supported registriesTivoli Access Manager supports the following user registries, their supported operating systems, and anynecessary prerequisite software:v Microsoft Active Directoryv IBM Lotus Domino Enterprise Serverv Supported Lightweight Directory Access protocol (LDAP) servers.

The following servers are supported LDAP servers that use LDAP for storing user and groupinformation:– IBM Tivoli Directory Server– IBM z/OS® LDAP Server– Novell eDirectory– Sun Java System Directory Server (Sun ONE Directory Server)– Microsoft Active Directory Application Mode (ADAM)

Special support is available for the following:v IBM Tivoli Directory Server multidomain operations.v Enabling Tivoli Access Manager for e-business to import Sun ONE Directory Server dynamic groups.

IBM Tivoli Directory ServerTivoli Access Manager supports the use of IBM Tivoli Directory Server 6.1.1, 6.1, 6.0, and 5.2.

Notes:

1. IBM Tivoli Directory Server 6.1 is included with Tivoli Access Manager 6.1.1.2. Only a single version of Tivoli Directory Server can exist on a system at a time.3. The Tivoli Directory Server client is required when an LDAP type of user registry is selected during

installation.4. You can install the Tivoli Directory Server client 6.1 on the same system with previous Tivoli

Directory Server client versions.5. If you have an existing Tivoli Directory Server that you want to use for Tivoli Access Manager, ensure

that you upgrade the server to a supported level. For upgrade instructions, see the IBM Tivoli AccessManager for e-business: Upgrade Guide.

26 Release Notes

6. If you already have a version of an LDAP client from a vendor other than IBM, remove it beforeinstalling the IBM Tivoli Directory Server client provided with IBM Tivoli Access Manager. If youattempt to install the Tivoli Directory Server client without removing the existing version, theresulting file name conflicts might prevent either version from working.

IBM z/OS LDAP ServerTivoli Access Manager supports the use of z/OS Security Server LDAP Server version 1.4, z/OSIntegrated Security Services LDAP Server (ISS) 1.6, and IBM Tivoli Directory Server for z/OS 1.8.

For product information, see the z/OS Internet Library Web site at:

http://www.ibm.com/servers/eserver/System z/zos/bkserv/

You can also obtain softcopy publications on the CD-ROM z/OS: Collection, SK3T-4269.

IBM Lotus Domino ServerTivoli Access Manager supports the use of IBM Lotus Domino versions 6.5, 7.0.1, 7.0.2, 8.0, and 8.5 asuser registries only on Windows. The Domino server runs on all supported Domino systems.

Attention: When you use Lotus Domino as the registry:v The IBM Tivoli Directory Server client is not required.v If you want to use a Lotus Notes® client, install the client before installing the Access Manager

Runtime.v Tivoli Access Manager supports the Lotus Notes client 6.5, 7.0.1, 7.0.2, and 8.0.

Microsoft Active Directory Application Mode (ADAM)Tivoli Access Manager supports the use of Microsoft Active Directory Application Mode (ADAM) as auser registry. ADAM is also called Active Directory Lightweight Directory Services (AD LDS) onWindows Server versions 2008 and 2008 R2.

ADAM users can run Tivoli Access Manager with Windows Server 2003 Standard Edition, WindowsServer 2003 Enterprise Edition, Windows 2008, Windows 2008 R2, Windows XP Professional Edition andWindows Vista. See Microsoft documentation for the complete list of supported operating systems.

Microsoft Active DirectoryTivoli Access Manager supports the use of Active Directory for Windows 2003 Enterprise Server,Windows 2008, and Windows 2008 R2 as a user registry.

Active Directory users can run Tivoli Access Manager on all Windows, UNIX®, or Linux supported by theTivoli Access Manager.

UNIX and Linux operating systems use the Tivoli Directory Server client to communicate with ActiveDirectory. The Active Directory, which is an LDAP client for the Tivoli Directory Server, is also used incases where the policy server domain differs from the domain of the local host name.

Tivoli Access Manager policy server is supported only on Windows 2003.

Novell eDirectoryTivoli Access Manager supports the use of Novell eDirectory 8.7.x and 8.8.x as user registries.

For installation information, consult the product documentation that came with your Novell eDirectoryserver. Novell eDirectory product documentation is available at:


http://www.ibm.com/servers/eserver/zseries/zos/bkserv

http://www.novell.com/documentation/a-z.html

The latest patches to these products are available at:

http://support.novell.com/filefinder/5069/index.html

Attention:

v If you have an existing Novell eDirectory server that you want to use for Tivoli Access Manager,ensure that you upgrade the server to a supported level.

v The Novell eDirectory server has built-in SSL capability. You must install GSKit onto the directoryserver system only if the Access Manager Runtime component is installed on the same system.

v The IBM Tivoli Directory Server client is required.

Sun Java System Directory ServerTivoli Access Manager supports Sun Java System Directory Server 6.1 and 7.0, or SunONE DirectoryServer 5.1 as a user registry.

For installation information, consult the product documentation that comes with your server.

Attention:

v If you have an existing iPlanet Directory Server or a Sun ONE Directory Server that you want to usefor Tivoli Access Manager, ensure that you upgrade the server to a supported level.

v The Sun Java System Directory Server and Sun ONE Directory Server have built-in SSL capability. Youmust install GSKit onto the directory server system only if the Access Manager Runtime is installed onthe same system.

28 Release Notes

http://www.novell.com/documentation/a-z.html

http://support.novell.com/patches.html

Disk space requirementsTivoli Access Manager installation files require a large amount of disk space. Ensure that there is enoughdisk space to install these files. Each Tivoli Access Manager component requires additional disk spacebecause each component is added to a secure domain. Ensure that enough disk space is available topermit future installations of Tivoli Access Manager.

Note: This table only specifies the disk space requirement for Tivoli Access Manager components. Youmust consider additional requirements such as operating system or Web server estimates (ifinstalling a plug-in.)

Table 11. Disk space requirements

Component Required Disk Space(MB)

Disk Space for ACLdatabase (MB)

Add Disk Space forLog Files (MB)

Tivoli Access Manager prerequisite software

Global Security Kit 20 — —

IBM Tivoli Directory Server client 10 — —

Tivoli Security Utilities 20 — —

IBM Java Runtime Solaris 200non-Solaris 100

— —

Tivoli Access Manager base components

Access Manager Runtime 60 — —

Access Manager Runtime for Java 4 — —

Access Manager Policy Server 2 5 1, 2 10

Access Manager Policy Proxy Server 1 — 10

Access Manager AuthorizationServer

2 15 2 10

Access Manager ApplicationDevelopment Kit

5 — —

Access Manager Web Portal Manager 15 — —

Tivoli Access Manager—provided servers

IBM Tivoli Directory Server(including prerequisite software)

650–1000 4 — 10

IBM WebSphere Application Server 1200 — —

Tivoli Access Manager Web security components

Access Manager Web Securityruntime

3 —

Access Manager WebSEAL 20 15 2 200 3

Access Manager Web SecurityApplication Development Kit

3 — —

Access Manager plug-in for IBMHTTP Server

25 15 2 10

Access Manager plug-in for ApacheWeb Server

25 15 2 10

Access Manager plug-in for Sun JavaSystem Web Server

25 15 2 10

Access Manager plug-in for InternetInformation Services

25 15 2 10


Table 11. Disk space requirements (continued)

Component Required Disk Space(MB)

Disk Space for ACLdatabase (MB)

Add Disk Space forLog Files (MB)

Access Manager plug-in for EdgeServer

15 — —

Access Manager Attribute RetrievalService

5 — —

Tivoli Access Manager session management components

Access Manager SessionManagement Command Line

2 — 10

Access Manager SessionManagement Server

5 5 — 10

Common Auditing and Reporting Service

Common Auditing and ReportingService Server

30 6 — 15 GB 7

Notes:1 The size is only for the default domain. For each additional domain, increase the required disk spaceby this amount.2 This number is based on the approximate requirement for an ACL database with 10,000 objects,equally spread across 10 object spaces and about 30 ACLs attached to 20% of the objects. Except thepolicy server, the size is tripled to account for a backup copy and an additional copy created duringreplication.3 This number includes Web server request logs. The WebSEAL Web server request logs are notautomatically pruned by WebSEAL. The logs grow until manually pruned or the file system in whichthey are placed is full. The specified disk space is sufficient to record about a million requests.4 IBM Tivoli Directory Server estimates include an empty database. Add an additional 10 KB per TivoliAccess Manager user.5 This number does not include disk space for the SMS user login and session information, whichvaries depending upon the configurations options selected. At a minimum, the SMS user logininformation takes about 100 bytes per Tivoli Access Manager user. If you select a database for sessioninformation, the disk requirements grow to approximately 15 KB per logged-in user.6 Make additional disk space (2 GB) available to install the IBM WebSphere and DB2 prerequisites forthe Common Auditing and Reporting Service Server, if not already installed.7 This number (15 GB) is the additional disk space needed for every 10 million events that are stored.

30 Release Notes

Memory requirementsThis table only lists memory requirements for Tivoli Access Manager components. You must consideradditional requirements such as operating system or Web server estimates (if installing a plug-in.)

Table 12. Memory requirements

Component Minimum Memory(MB)

Required Memory (MB) Memory per additionaldomain

Tivoli Access Manager prerequisite software

Global Security Kit 3 3 —

Tivoli Directory Server client 3 3 —

Tivoli Security Utilities 3 3 —

IBM Java Runtime 3 3 —

Tivoli Access Manager base components

Access Manager Runtime 3 3 —

Access Manager Runtime for Java 3 3 —

Access Manager Policy Server 40 50 5

Access Manager Policy Proxy Server 40 50 —

Access Manager AuthorizationServer

40 50 —

Access Manager ApplicationDevelopment Kit

— — —

Access Manager Web PortalManager

64 1 128 1 —

Tivoli Access Manager—provided servers

IBM Tivoli Directory Server(including prerequisite software)

768 2 2048 2 —

IBM WebSphere Application Server 512 1024 —

Tivoli Access Manager Web security components

Access Manager Web SecurityRuntime

3 3 —

Access Manager WebSEAL 100 300 4 —

Access Manager Web SecurityApplication Development Kit

— — —

Access Manager plug-in for IBMHTTP Server

75 5 150 5 —

Access Manager plug-in for ApacheWeb Server

75 5 150 5 —

Access Manager plug-in for Sun JavaSystem Web Server

75 5 150 5 —

Access Manager plug-in for InternetInformation Services

200 5 250 5 —

Access Manager plug-in for EdgeServer

15 30 —

Access Manager Attribute RetrievalService

10 15 —

Tivoli Access Manager distributive session management components


Table 12. Memory requirements (continued)

Component Minimum Memory(MB)

Required Memory (MB) Memory per additionaldomain

Access Manager SessionManagement Command Line

3 3 —

Access Manager SessionManagement Server

6 6 —

Common Auditing and Reporting Service

Common Auditing and ReportingService Server

1 GB7 2–4 GB —

Notes:1 The WPM memory requirements are in addition to those for WebSphere Application Server.2 768 MB (minimum) and 2 GB (required) memory are for less than one million Tivoli Access Manager

users. For more than one million users, increase this amount to 2 GB (minimum) and 4 GB (required)memory.

3 Memory requirements for these components are part of the memory requirements of the servers thatuse them.

4 This number includes memory for maximum default cache growth. Increase this amount if cacheparameters increase.

5 This is in addition to the memory required for the Web server into which you configure the plug-in.6 This table does not include memory for SMS session information, which varies depending upon the

configurations options set. At a minimum, the SMS session information is configured to reside on thedisk, such as in a DB2 or Cloudscape database, and takes no additional memory. If the sessioninformation is configured to reside in the memory, the memory requirements grow to 40 KB per usersession.

7 This number includes memory required to run both CARS and its prerequisites.

32 Release Notes

Chapter 3. Known limitations, problems, and workarounds

The following problems and limitations are known to exist in Tivoli Access Manager. Workarounds areprovided if available. Report any other problems to IBM Support for Tivoli products.

Note: If you are using a non-English version of IBM Tivoli Access Manager for e-business, upgrade yourlanguage package.

Limitations, known problems, and workaroundsWebSphere Application Server does not support bidirectional locale

The IBM WebSphere Application Server does not support bidirectional locales. Due to thislimitation, the navigation bar in the Tivoli Access Manager user interface does not get mirrored.The English text in the link names does not appear on the left side of the Arabic text.

Installation wizard fails with an unhandled error when searching for Java Virtual MachineIf an installation wizard fails with an unhandled error when searching for Java Virtual Machine,ensure that IBM Java Runtime 1.5.0 SR5 is set in the PATH environment variable.

Note: To determine if IBM Java Runtime 1.5.0 SR5 is already in the path, use the java –versioncommand.

Errors occur with Java 2 security enabledErrors might occur at application startup when Java 2 security is enabled. On startup, TivoliAccess Manager for Java ensures that the JVM is properly configured for refreshing certificateexpirations. If Java 2 security is enabled, invoke some security methods with privileged securityenabled.

Workaround: Update the JVM java.policy file (or was.policy file if running in a WebSphereapplication server) with the following entries:permission java.security.SecurityPermission "insertProvider.IBMJCE";permission java.security.SecurityPermission "putProviderProperty.IBMJCE";

Error occurs during IBM Tivoli Directory Server White Pages installationIf an error occurs during installation of IBM Tivoli Directory Server White Pages on Solaris fromCD, run the installation program using the following path:# /cdrom/cdrom0/solaris/itds_whitepages/install_SolarisWp.bin

WebSEAL fails to start when configured to use hardware cryptographic devices

WebSEAL fails to start when configured to use hardware cryptographic devices on SUSE LinuxEnterprise Server Version 9 for IBM System z. A similar error can occur if gsk7ikm fails to openthe CMS Cryptographic Token when running on the same platform. A message like the followingis written to the WebSEAL log:

DPWIV1210W Function call, gsk_environment_init, failed error: 000001af GSK_ERROR_PKCS11_TOKEN_NOTPRESENT.

A message like the following is written to /var/log/messages:

openCryptokiModule[4422]: DL_Load: dlload of [/usr/lib/

pkcs11/stdll/PKCS11_ICA.so] failed; dlerror = [/usr/lib/libica.so: undefined sym

bol: AES_set_decrypt_key].


This problem occurs because of conflicting cryptographic libraries (/usr/lib/libcrypto.so.0.9.7)that are used by GSKit versions 7.0 through 7.4 and openSSL, and because SUSE Linux EnterpriseServer Version 9 permits the GSKit version to be used by other libraries, even though the files areloaded for local use.

Workaround: To avoid this problem, when starting a WebSEAL instance that is configured to usehardware cryptographic devices on SUSE Linux Enterprise Server Version 9 for IBM System z,specify LD_PRELOAD as follows:

LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 pdweb start default

On a 64-bit SUSE Linux Enterprise Server Version 9 system, several messages like the followingexamples appear. You can ignore these messages:

ERROR: ld.so: object ’/usr/lib/libcrypto.so.0.9.7’ from LD_PRELOAD cannot be pre loaded:ignored.

An alternative is to start WebSEAL by specifying the webseald binary directly:

# LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 /opt/pdweb/bin/webseald -configetc/webseald-default.conf

For the GSKit IKEYMAN program, the workaround is to specify LD_PRELOAD when starting:

# LD_PRELOAD=/usr/lib/libcrypto.so.0.9.7 gsk7ikm

xmllogviewer installation error on Solaris or Solaris on x86_64During the installation of xmllogviewer on Solaris or Solaris on x86_64, the following error mightoccur:ERROR: cannot find product /product.xml

Workaround: Perform the following steps:v Solaris:

Go to the /cdrom/cdrom0/solaris/xmllogviewer directory. Run the Java command with thefully qualified path to the setup.jar file, for example:#pwd/cdrom/cdrom0/solaris/xmllogviewer#java -cp /cdrom/cdrom0/solaris/xmllogviewer/setup.jar run

v Solaris on x86_64Go to the /cdrom/cdrom0/solaris_x86/xmllogviewer directory. Run the Java command withthe fully qualified path to the setup.jar file, for example:#pwd/cdrom/cdrom0/solaris_x86/xmllogviewer#java -cp /cdrom/cdrom0/solaris_x86/xmllogviewer/setup.jar run

Unable to run scripts on mount point of Red Hat Enterprise Linux 5

You cannot run any scripts such as install_ldap_server or install_ammgr on the mount point ofa Red Hat Enterprise Linux 5 system. Irrespective of the permissions observed on the media, RedHat Enterprise Linux 5 automount has a default setting to revoke execute permissions onremovable media.

Workaround: Change the default automount setting or unmount and try to mount the CD again.

Errors occur during Access Manager Runtime configuration

During Access Manager Runtime configuration, error messages do not appear in the correct localeeven after installing the appropriate language packs.

Workaround: Complete these steps:1. Install and configure Access Manager Runtime.2. Run pdconfig utility and the Access Manager Runtime for Java.

34 Release Notes

3. Specify the path for Access Manager Runtime for Java in the Java runtime environment forWebSphere Application Server.

Incorrect installation wizard panel help text for Session Management Server command-line SSLconfiguration

During a wizard installation of the session management server command line, you mightencounter a wizard panel that permits you to configure Secure Sockets Layer (SSL)communication between the IBM Tivoli Access Manager session management command line andthe Web service. The panel is titled Configuring SSL communication. The help text associatedwith the Configuring SSL communication panel is incorrect. The following list is the correctreproduction of the help text:

Configuring SSL communicationSet the configuration options for Secure Sockets Layer (SSL) communication between theIBM Tivoli Access Manager session management command line and the Web service.Complete these fields. An asterisk by the field name indicates a mandatory field.

SSL key file with full pathThe fully qualified path where the existing SSL client key file is located. The key fileholds the client-side certificates that are used in SSL communication. The key file is usedwhen communicating with the IBM Tivoli Access Manager session management server.The file extension is always .kdb, for example, c:\keytab\mykeys.kdb

If you plan to enable SSL, copy the SSL key file to any directory on your local system.Obtain this key file from the Web service, such as the IBM WebSphere Application Server.To specify the SSL client key file, perform one of the following tasks:v Type the fully qualified path and file name for the key file. The key file must exist.v Browse and select an existing key file.

Default: None

SSL stash file with full pathThe fully qualified path where the existing SSL client key stash file is located. Typically,the stash file has the same location and file name as the key file. The file extension isalways.sth, for example, c:\keytab\mykeys.sth

If a password stash file is associated with the key file, the password is obtained from thepassword stash file. A stash file can be used by some applications so that the applicationneed not know the password to use the key file. To specify the SSL stash file, performone of the following tasks:v Type a new installation path location and file name for the stash file. The stash file

must exist.v Browse for and select an existing stash file.

Default: None

Certificate labelThe label for the SSL client certificate. This label is valid only when SSL is used and whenthe Web service is configured to require client authentication. The certificate label is anyalphanumeric, case-sensitive string that you select. String values must be characters thatare part of the local code set, for example, PDSMS.

Use a certificate label to distinguish between multiple certificates within the SSL key fileor when using a certificate other than the default certificate in the key file. Otherwise,leave this field blank.

Default: None

Navigation buttons:

Chapter 3. Known limitations, problems, and workarounds 35

BrowseClick to go to the Select a directory window to select an existing directory.

Back Click to return to the previous installation window. Information is maintainedwhen you return to this window.

Next Click to accept the configuration settings and continue the installation.

CancelClick to stop the installation and exit the installation wizard. No settings aresaved.

Help Click to get help on your current task.

36 Release Notes

Chapter 4. Documentation updates

The installation and configuration problems and workarounds specific to the Common Auditing andReporting Service are described in the IBM Tivoli Access Manager for e-business: Auditing Guide.

The release notes and Information Center for IBM Tivoli Directory Server 6.1 are available at:

http://www-306.ibm.com/software/tivoli/products/directory-server/platforms.html

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc= /com.ibm.IBMDS.doc/toc.xml

The required hardware and software for IBM WebSphere Application Server can be found at:

http://www-306.ibm.com/software/webservers/appserv/doc/latest/prereq.html

To find tech notes specific to Tivoli Access Manager 6.1.1, use this URL:

http://www-01.ibm.com/support/search.wss?word=aw&wfield=&nw=&apar=include&tc1=&atrn=SWVersion&atrv=6.1.1&atrn1=&atrv1=&atrwcs=on&lang=all&dr=all&r=40&ibm-submit=Submit&cc=us&from=advs&loc=en_US&rs=0&cs=utf-8

To access generic tech notes, use this URL:

http://www-947.ibm.com/support/entry/portal/All_documentation_links/Software/Tivoli/Tivoli_Access_Manager_for_e-business


http://www-306.ibm.com/software/tivoli/products/directory-server/platforms.html

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc=/com.ibm.IBMDS.doc/toc.xml

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc=/com.ibm.IBMDS.doc/toc.xml

http://www-306.ibm.com/software/webservers/appserv/doc/latest/prereq.html






38 Release Notes

Chapter 5. Contacting software support

Before contacting IBM Tivoli Software Support with a problem, see the IBM Tivoli Software Support siteby clicking the Tivoli support link at the following Web address:

http://www.ibm.com/software/support

If you need additional help, contact software support by using the methods described in the IBM SoftwareSupport Guide at the following Web address:

http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html

The guide provides the following information:v Registration and eligibility requirements for receiving supportv Telephone numbers, depending on the country in which you are locatedv A list of information you must gather before contacting customer support


http://www.ibm.com/software/tivoli/support

http://techsupport.services.ibm.com/guides/handbook.html

40 Release Notes

Appendix. Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer theproducts, services, or features discussed in this document in other countries. Consult your local IBMrepresentative for information about the products and services currently available in your area. Anyreference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the user'sresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not give you any license to these patents. You can sendlicense inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual PropertyDepartment in your country or send inquiries, in writing, to:

IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106, Japan

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore,this statement might not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:


IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some casespayment of a fee.

The licensed program described in this document and all licensed material available for it are providedby IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement orany equivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, theresults obtained in other operating environments may vary significantly. Some measurements may havebeen made on development-level systems and there is no guarantee that these measurements will be thesame on generally available systems. Furthermore, some measurement may have been estimated throughextrapolation. Actual results may vary. Users of this document should verify the applicable data for theirspecific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal withoutnotice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subject to change withoutnotice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject to change before theproducts described become available.

This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platform forwhich the sample programs are written. These examples have not been thoroughly tested under allconditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. You may copy, modify, and distribute these sample programs in any form without payment toIBM for the purposes of developing, using, marketing, or distributing application programs conformingto IBM‘s application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, must include a copyrightnotice as follows:

© (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. ©Copyright IBM Corp. _enter the year or years_. All rights reserved.

42 Release Notes

If you are viewing this information in softcopy form, the photographs and color illustrations might not bedisplayed.

TrademarksIBM, the IBM logo, AIX, DB2, IBMLink, Informix®, OS/2, OS/390®, OS/400®, Tivoli, Tivoli EnterpriseConsole®, and TME are trademarks or registered trademarks of International Business MachinesCorporation in the United States, other countries, or both.

Adobe®, Acrobat, PostScript® and all Adobe-based trademarks are either registered trademarks ortrademarks of Adobe Systems Incorporated in the United States, other countries, or both.

Cell Broadband Engine™ and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in theUnited States, other countries, or both and is used under license therefrom.

Intel®, Intel logo, Intel Inside®, Intel Inside logo, Intel Centrino®, Intel Centrino logo, Celeron®, IntelXeon®, Intel SpeedStep®, Itanium®, and Pentium® are trademarks or registered trademarks of IntelCorporation or its subsidiaries in the United States and other countries.

IT Infrastructure Library® is a registered trademark of the Central Computer and TelecommunicationsAgency which is now part of the Office of Government Commerce.

ITIL® is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.

Java and all Java-based trademarks and logos are trademarks or registered trademarksof Sun Microsystems, Inc. in the United States, other countries, or both.

Linux is a trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT®, and the Windows logo are trademarks of Microsoft Corporation inthe United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Other company, product, and service names may be trademarks or service marks of others.

Appendix. Notices 43

44 Release Notes

��

Printed in USA

GC23-6501-01

Access Manager release notes

Documents

Transcript of Access Manager release notes