NetIQ Secure API Manager 2.2 includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Secure API Manager forum on our Communities page, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ Secure API Manager Documentation page. To download this product, see the Software Licenses and Downloads portal.
The following sections outline the key features and functions provided by this version, as well as issued resolved in this release:
This patch includes operating system updates for the appliance.
This patch includes many security updates.
Secure API Manager is an add-on solution for Access Manager. It is an appliance, and has the following system requirements:
Access Manager 5.0 or Access Manager 5.0 SP4 or later
Virtual platform
Appliance - VMware 7.0.3 or later
Docker container - Base must be SUSE Linux Enterprise Server 15 SP5
Minimum requirements per node:
60 GB of disk space
12 GB of RAM
4 processors
One of the following browsers:
Google Chrome (latest version)
Microsoft browsers (latest version)
Mozilla Firefox (latest version)
For more information, see Meeting the Deployment Requirements of Secure API Manager
in the NetIQ Secure API Manager 2.2 Installation Guide.
Installing Secure API Manager is a multi-step process. You must first deploy the Secure API Manager appliance. using the OVF file that NetIQ provides. After you deploy the appliance, nothing has changed in Access Manager. You must install the Secure API Manager license through the Access Manager Administration Console before you can view the configuration options for Secure API Manager. You then configure Secure API Manager in the Access Manager Administration Console.
To install and configure Secure API Manager:
Obtain the appliance and the license for Secure API Manager. For more information, see Obtaining Secure API Manager and the License
in the NetIQ Secure API Manager 2.2 Installation Guide.
Deploy Secure API Manager. We provide two different deployment options: the appliance or the Docker container. Choose one of the following items to deploy Secure API Manager:
Deploy the appliance. You must deploy a minimum of two appliances to cluster Secure API Manager. For more information, see Deploying the Secure API Manager Appliance
in the NetIQ Secure API Manager 2.2 Installation Guide.
Deploy the Docker container. You must deploy a minimum of two Docker containers to cluster Secure API Manager. For more information, see Deploying Secure API Manager Using Docker
in the NetIQ Secure API Manager 2.2 Installation Guide.
(Conditional) If you deployed the appliance, set a password for vaadmin to allow secure communication between Secure API Manager and Access Manager. For more information, see Set the vaadmin User Password for the Appliance
in the NetIQ Secure API Manager 2.2 Administration Guide.
Install the Secure API Manager license and activation key.
Install the Secure API Manager license in the Access Manager Administration Console. For more information, see Install a Full License
in the NetIQ Secure API Manager 2.2 Administration Guide.
(Conditional) If you deployed the appliance, you must install the activation key to register the appliance and receive all security patches and updates for Secure API Manager. For more information, see Install the Activation Key
in the NetIQ Secure API Manager 2.2 Administration Guide.
(Conditional) If you used the Docker deployment, you must register the SUSE Linux Enterprise server to have the deployment work. For more information, see Registering SUSE Linux Enterprise and Managing Modules.
Configure Secure API Manager to make it functional by completing the following steps:
Configure the API Gateway cluster. For more information, see Create the API Gateway Cluster
in the NetIQ Secure API Manager 2.2 Administration Guide.
Configure the API Gateway. For more information, see Create the API Gateway
in the NetIQ Secure API Manager 2.2 Administration Guide.
Create rate-limiting policies and throttling policies for the APIs. For more information, see Configure the Limiting Policies for the APIs
in the NetIQ Secure API Manager 2.2 Administration Guide.
Grant access to the Publisher and the Store for the API developers and partners who will use these consoles to create and consume the APIs. For more information, see Grant Access to the Publisher and the Store
in the NetIQ Secure API Manager 2.2 Administration Guide.
Upgrades from Secure API Manager 1.x to 2.0 are not supported. Also, you cannot upgrade from an appliance deployment to a Docker deployment. For both of these scenarios, you must deploy Secure API Manager 2.2 as a new installation. For more deployment information, see Deploying Secure API Manager
in the NetIQ Secure API Manager 2.2 Installation Guide.
You can upgrade from Secure API Manager 2.1.1 to 2.2. There is an Upgrade option in the appliance administration console that walks you through the upgrade process and an upgrade script for the Docker deployment.
Appliance:
For more information, see Upgrade the Appliance
in the NetIQ Secure API Manager 2.2 Appliance Administration Guide.
Docker Deployment:
For more information, see Upgrading Secure API Manager
in the NetIQ Secure API Manager 2.2 Installation Guide.
After you complete the upgrade on all of the nodes in the cluster, log in to Access Manager as an administrator and perform an Update All on the identity provider. If you do not perform Update All the configuration for Secure API Manager is not updated.
Micro Focus strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need assistance with any issue, visit Micro Focus Support, then select the appropriate product category.
Issue: After upgrading the appliance or the Docker deployment, the failed2ban configuration is not updated. (ISSUE: OCTCR56A556084)
Solution: After you complete the upgrades for all of the nodes in the cluster, log in to Access Manager as an administrator, and then perform an Update All on the identity provider.
Issue: The Docker deployment fails to install fail2ban and other components during the deployment.
Solution:
Ensure that you do not have the PackageKit installed and running on the server where you are deploying Secure API Manager using Docker. The PackageKit is a tool that automatically updates the GUI. The PackageKit conflicts with the zypper commands and makes the deployment fail. Remove PackageKit from the server where you are deploying Secure API Manager using Docker. For more information, see Prerequisites for the Docker Deployment of Secure API Manager
in the NetIQ Secure API Manager 2.2 Installation Guide.
Issue: When you create an API, you add the certificate for the backend service’s server in PEM format. Secure API Manager validates the SSL certificate chain for you when you save the API and it returns a 404 error. The issue is that the backend service server is not using a well-known certificate authority and that the Trusted Root is not configured properly. (Defect 319146)
Solutions:
If the backend service server is using a well-known certificate authority, you do not have to configure a Trusted Root for the API. If the certificate authority for the backend service is not well known, you must configure a Trusted Root for the backend service in the API. Secure API Manager requires that the Trusted Root be configured in one of three specific ways. If the Trusted Root is not configured properly, the Validate SSL Chain option returns a 404 error. For details about the specific ways to configure the Trusted Root, see Define the Backend Service
in the NetIQ Secure API Manager 2.2 API Help.
Issue: Secure API Manager requires unique API endpoints to work properly. If you add the same API Gateway to a second API Gateway cluster, Secure API Manager does not work. (Defect 314243)
Solution: Ensure that you add the API Gateway only once to an API Gateway cluster. Also, ensure that you either use an IP address or a DNS name. Do not use both options when you configure the API Gateway.
Issue: Sometimes errors occur when applying changes to the Deny List. (Defect 359025)
Workaround: When the errors occur, the Access Manager Administration Console displays the issue in the Apply results text box. Resolve the problem listed and reapply the changes to the Deny List.
Issue: Changes to existing Limiting Policies in the Access Manager Administration Console are not appearing in the subscribed APIs. (Defect 377063)
Workaround:
For the changes to take effect, the API developers must unsubscribe and resubscribe to all of the APIs that contain the changed Limiting Policy. For more information, see Unsubscribe from an API
and Subscribe to an API
in the NetIQ Secure API Manager 2.2 API Help.
Issue: Currently, Secure API Manager does not support IPv6 for the API Gateway or the backend services. (Defects 317278 and 317215)
Workaround: Use IPv4 for the network configuration of Secure API Manager and the backend services.
Issue: If the evaluation license for Secure API Manager expires and you purchase a full license, you cannot add the full license to the Access Manager Administration Console. (Defect 377128)
Workaround: If the evaluation license for Secure API Manager expires, the only way to add the full license is to use the REST API for Access Manager to apply the license. Use the following format to apply the full license through the Access Manager REST API using the CURL utility:
curl --user <NAM_ADMIN_DN>:<NAM_ADMIN_PASSWORD> -H 'Accept:application/json' -F 'fileContent=@<SAPIM LICENSE>' -k https://<ADMIN_CONSOLE_IP>:<ADMIN_CONSOLE_PORT>/nps/rest/autopass/uploadLicenseFromFile/sapim
Example:
curl --user cn=admin,o=myorganization:password -H 'Accept:application/json' -F 'fileContent=@Secure_API_Manager_X_X_X_X.dat' -k https://10.1.1.1:8443/nps/rest/autopass/uploadLicenseFromFile/sapim
Issue: Adding the parameter formData to an API send the information as a header instead of a form to the external endpoint. (Defect 383038)
Workaround: There is not a workaround. NetIQ recommends that you do not use the formData parameter for this release.
Issue: If you are running the Access Manager on a single server with the Administration Console and Identity Server on the same server, and you click OK on a Session Timed Out message, you are redirected back to the Administration Console instead of the Identity Server portal. (Defect 377130)
Workaround: You only see this issue if your session times out and you click OK. Otherwise, there is no issue.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
© Copyright 2019-2021 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors ("Micro Focus") are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see https://www.microfocus.com/about/legal/.