Session Failover: If you have a cluster of two or more Identity Servers, you can configure the Identity Servers so that the user experiences no interruption of services when the Identity Server that created the user’s session goes offline. For configuration information, see Configuring Session Failover in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Session-Based Logging: This feature allows the administrator to enable file logging for an individual user. All of the user’s interaction with the Identity Server and the embedded service provider are logged to a single file, which can be used to analyze the cause of the user’s problem. For configuration information, see Configuring Session-Based Logging in the Novell Access Manager 3.1 SP2 Identity Server Guide

ORing of Contacts: You can now let the user select an authentication method from a list of methods. You do this by ORing two or three contracts together. You can OR the name/password, X.509, and RADIUS contracts together. For configuration information, see Creating an ORed Credential Class in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Non-Redirected Login: For applications that use basic authentication to reauthenticate users before they can access specific resources or for their own session timeouts, you can configure the Identity Server to verify this type of authentication without using a redirect (which is unsupported by these types of applications). This allows for better integration with Microsoft SharePoint and Microsoft Outlook Web Access. For configuration information, see Configuring an Authentication Procedure for Non-Redirected Login in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Security Configuration for 128-bit Authentication: You can now force all client communication to use 128-bit encryption when communicating with the Identity Server. For configuration information, see Forcing 128-Bit Encryption in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Reusing Modified 3.0 Login JSP Pages: Changes were made in Access Manager 3.1 to simplify the JSPs that need to be created by authentication class developers. These changes have made JSPs used in version 3.0 incompatible with version 3.1. Additional changes have been made so that modified 3.0 JSP pages can be manually converted so that they work with Access Manager 3.1 SP1. For information about the modifications you need to make, see Customizing the Identity Server Login Page in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Active Directory Account Checks: The Identity Server now checks for user account errors from Active Directory user stores and can display appropriate messages for wrong username or password, expired passwords, intruder lockout, and account disabled.

Support for Novell Teaming and Conferencing: The Linux Access Gateway can now accelerate Novell Teaming and Conferencing servers. For more information, see Configuring a Protected Resource for a Novell Teaming 2.0 Server in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Better Integration with Microsoft SharePoint Servers and Outlook Web Access: The Linux Access Gateway now comes with better integration with Microsoft SharePoint Server and Outlook Web Access. For more information, see Configuring the Access Gateway to Protect Web Resources in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Faster File Uploads: The file uploads are two times faster than the previous releases of the Linux Access Gateway.

Support for iChain Cookie: The Linux Access Gateway now provides support for iChain cookies with the help of a touch file. This touch file forwards a proxy session cookie to a back-end application. For more information, see Using Log Files and Touch Files to Troubleshoot the Access Gateway Appliance in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Disable Caching Option: This option allows you to globally disable caching so that the Access Gateway also retrieves fresh content from the Web server. For configuration information, see Configuring Caching Options in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Proxy Settings: These options for secure cookies and the Via header, which were formerly available as touch files, can now be configured from the Administration Console for all Access Gateways. See Managing Reverse Proxies and Authentication in the Novell Access Manager 3.1 SP2 Access Gateway Guide.

Enable Full Tunneling: With this release, SSL VPN supports full tunneling of traffic in both Enterprise as well as Kiosk mode running on Windows and Linux platforms. When you configure SSL VPN for full tunneling, all traffic to the protected network as well as the public network passes through the tunnel, thereby making the SSL VPN connection more secure. But any session management information between the client and the Identity Server or the Linux Access Gateway (in the case of traditional SSL VPN) and the SSL VPN server is exchanged outside the SSL VPN tunnel. You can configure full tunneling for both Kiosk mode and Enterprise mode SSL VPN. For more information, see, Configuring Full Tunneling in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide.

Disconnecting Active SSL VPN Connections: The Administration Console now contains options that allow you to disconnect SSL VPN users. You can either disconnect one user at a time or select and delete multiple users. For more information, see Disconnecting Active SSL VPN Connections in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide.

UI Option to Configure SNAT Entry: You can now configure the source NAT (SNAT) entries through the Administration Console to change the dynamically assigned client addresses to the address of the SSL VPN server before sending them to the application server. For more information, see Configuring SNAT for Enterprise Mode in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide.

Configuration File to Add Additional Enterprise Mode Configurations: SSL VPN has many extended configuration options for both the SSL VPN Enterprise client and the Enterprise server that can be saved and executed from a configuration file. For more information, see Creating a Configuration File to Add Additional Configuration Changes in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide.

Cluster Support on All Application Servers: With this release, you can cluster the WebLogic J2EE agent, thus providing the ability to cluster J2EE agents on the JBoss, WebSphere, and WebLogic Application servers. You can also cluster multiple instances of J2EE agents residing on a single WebSphere server.

Authentication Contract per Resource: The Novell J2EE Agent now comes with the ability to configure different authentication contracts to protect different applications that reside on the same application server instance. You can also configure additional authentication contracts for applications that require them. For more information, see Configuring Authentication Contracts in the Novell Access Manager 3.1 SP2 J2EE Agent Guide.