Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Situation
Access Manager environment setup with a reverse proxy service
accelerating a sample web server https://www.test.com where the
administrator wants the initial page to be a public resource.
A protected resource was setup accordingly, with the path as /? and
no contract. The /? wildcard theoretically allows access to all in
the root directory, but not in any subdirectories. Users were
expected to be refused access to /test/ but this was not the case.
Once the administrator set up public access to /? users had open
access on anything, unless we explicitly defined a protected
resource requiring an authentication contract for the path.
Administrator confirmed that iChain behaved the way it should and tests on the NetWare Access gateway showed it ebhaved correctly too - this issue is specific to the Linux Access Gateway.
Administrator confirmed that iChain behaved the way it should and tests on the NetWare Access gateway showed it ebhaved correctly too - this issue is specific to the Linux Access Gateway.
Resolution
A defect has been opened on this and should be addressed in SP1.
The only available workaround for now is to create multiple
protected resources for the web server's various directories; or
deply the Netware Access Gateway instead of the Linux one.