Environment
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration
Situation
Modify the Access Gateway configuration in the following
manner:
- Access Manager -> Access Gateways -> [my gateway] -> Configuration Edit
- Edit a reverse proxy and add a protected resource
- Select New then give the protected resource the same name as the protected resource in another reverse proxy and click OK. You can now add the protected resource without any errors. Names are unique within reverse proxies.
However, if you try to create a proxy service (instead of a protected resource) and give it the same name as an existing proxy service in another reverse proxy, you receive the following message:
"A Proxy Service by this name already exists. Enter a unique name."
Since the same proxy service cannot be used in multiple reverse proxies, this seems like inconsistent behavior.
- Access Manager -> Access Gateways -> [my gateway] -> Configuration Edit
- Edit a reverse proxy and add a protected resource
- Select New then give the protected resource the same name as the protected resource in another reverse proxy and click OK. You can now add the protected resource without any errors. Names are unique within reverse proxies.
However, if you try to create a proxy service (instead of a protected resource) and give it the same name as an existing proxy service in another reverse proxy, you receive the following message:
"A Proxy Service by this name already exists. Enter a unique name."
Since the same proxy service cannot be used in multiple reverse proxies, this seems like inconsistent behavior.
Resolution
Proxy service names and protected resources are very different from
one another.
Each proxy service spawns a separate set of bindings (TCP ports, addresses, etc) and as a result, each service name must be unique. Attributes of the services must also be unique in many ways eg. you cannot have multiple services listen on the same IP address/port combinations.
The protected resources are specifically tied to the proxy service and therefor cannot clash with one another. Setting up two reverse proxy services on a Linux Access Gateway for example - one called mylag and the other called mylag2. Assign a protected resource named 'root' to both reverse proxy services. Looking at the config file that gets read at startup by the proxy (/var/novell/cfgdb/.current/config.xml), we can see the key references to my root protected resources in the snippet from this file below ... the logical name is the same but the key parameter is the protectedResourceID, which is different. It's a combination of the protected resource name and the service, making it unique in my setup. The protected resource logical name is never referenced in exchanges.
< ProtectedResource Name="root" Enable="1" Description="" LastModified="116981654
9868" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv
http_mylag2_mylag2_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag2_
mylag2_root">
< ProtectedResource Name="root" Enable="1" Description="" LastModified="117042621
5263" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv
http_mylag_mylag_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag_myl
ag_root">
Each proxy service spawns a separate set of bindings (TCP ports, addresses, etc) and as a result, each service name must be unique. Attributes of the services must also be unique in many ways eg. you cannot have multiple services listen on the same IP address/port combinations.
The protected resources are specifically tied to the proxy service and therefor cannot clash with one another. Setting up two reverse proxy services on a Linux Access Gateway for example - one called mylag and the other called mylag2. Assign a protected resource named 'root' to both reverse proxy services. Looking at the config file that gets read at startup by the proxy (/var/novell/cfgdb/.current/config.xml), we can see the key references to my root protected resources in the snippet from this file below ... the logical name is the same but the key parameter is the protectedResourceID, which is different. It's a combination of the protected resource name and the service, making it unique in my setup. The protected resource logical name is never referenced in exchanges.
< ProtectedResource Name="root" Enable="1" Description="" LastModified="116981654
9868" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv
http_mylag2_mylag2_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag2_
mylag2_root">
< ProtectedResource Name="root" Enable="1" Description="" LastModified="117042621
5263" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv
http_mylag_mylag_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag_myl
ag_root">