Environment
Novell Identity Server FCS build 491
NetWare Access Gateway (NAG)
Linux Access Gateway (LAG)
Novell Groupwise WebAccess 7.01
Resolution
1. Basic Information about the setup and components
2 Known Issues
3. Configuration Notes
1 Basic Information
URL for
WebAccess 7.01 is similar to "http(s)://
2 Known Issues
(NAG and LAG):Rewriter issues with Groupwise WebAccess thru pbmh: param passed to popout not rewritten, breaks many links and .gif's.
(LAG):PBMH w/ Remove Path on Fill improperly rewriting some img URLs when using $path rewriting
3 Configuration Notes
AG features tested with WebAccess:
SSL: disabled both sides, enabled Public side only, and enabled both sides of proxy
Web Server Host Name: different than Published DNS name of accelerator
Modified rewriter profile for use with pbmh accelerator
Rewriter protection tags
Formfill with local secrets and Novell SecretStore
Identity Injection
Protected resource with IDP authentication
Simultaneous logout
Accelerator types:
Non multi-home:
No problems specific to this configuration were noted. Protected resource path is /gw/*.
Domain-based multi-home:
No problems specific to this configuration were noted. Protected resource path is /gw/*.
Path-based multi-home with option "Remove Path on Fill” disabled:
No problems specific to this configuration were noted with WebAccess. Sub-path match string is "/gw”, protected resource path is /gw/*.
Path-based multi-home with option "Remove Path on Fill” enabled:
Accelerator sub-path match string and protected resource paths need to match (ie. if sub-path set to "/srv1gw”, protected resource path would be /srv1gw/*).
By default, this configuration will result in various errors such as 504 Gateway Timeout or Page Not Found, missing .gif's, broken links, etc. These symptoms occur because javascript variables and method parameters do not get rewritten by default. The rewriter is configured appropriately using a rewriter profile.
With iChain, the internal rewriter could be configured using rewriter.cfg to allow proper rewriting of javascript on the WebAccess pages. An example of iChain's rewriter.cfg configured with necessary javascript variables for WebAccess is shown below:
[Javascript Variables]
sUrl
strUrl
baseURL
window.location.href
VALUE
pos
img.src
window.opener.location
homeURL
With the Access Gateways, however, adding these javascript variables to a rewriter profile enabled on the WebAccess accelerator is not working properly (engineeringw roking on issues).
An alternate rewriter profile configuration using a new $path Search and Replace string seems to be working correctly with NAG and WebAccess. Caution should be used with this $path replacement feature as it has not been fully implemented or tested. Below are steps to create this setup:
On the accelerator's "HTML Rewriting” page, create a new rewriter profile. Provide a name, select type "Word”.
On the properties page for the new profile,
under section "Additional Names to Search for URL Strings to Rewrite with Host Name”, add a new item in the "Variable or Attribute Name” list of "value” (don't include the quotation marks).
under section "Additional Strings to Replace”, add a new entry where "Search:” is set to gw, and"Replace With:” is set to $path/gw.
Press OK to save the profile. Under section "HTML Rewriter Profile List”, select (check) the new profile, then use the up arrow icon to move it above the "default” profile in the list. Make sure it is enabled. (green checkmark). Press OK to save, then Apply Changes as usual.
Single Sign On and Simultaneous Logout:
Method 1: Identity Injection
GroupWise WebAccess can be configured to process credentials in the Authorization header of received HTTP packets. When WebAccess receives a populated Authorization header from a "Trusted Server”, the b64 encoded username:password data in that header will be used for authentication.
Using an Identity Injection policy, the Access Gateway can be configured to populate the Authorization header of HTTP packets it sends to WebAccess.
Steps below:
Configure WebAccess to "Trust” the Access Gateway in order to process the HTTP Authorization header credentials:
In ConsoleOne, under the GroupWise domain object, double-click the GroupWiseWebAccess object
On the Application tab, select Security from the drop-down list
Under the "single sign-on” field, add the primary ip address of the Access Gateway server
Under "Logout URL”, path /cmd/BM-Logout will provide simultaneous logout of WebAccess and the Access Gateway when the "Logout” link on the WebAccess page is clicked.
WebAccess may require a restart in order to implement these changes
Configure an Identity Injection policy to populate the Authorization headers sent from the Access Gateway to WebAccess with the username and password that was used for user authentication to the Access Gateway/IDP:
In iManager/DevMan, select the Policies link under the Access Manager task
In the Policy List, click New. Provide a name. In the Type drop-down list, select Access Gateway: Indentity Injection. Press OK.
On the Edit Policy page, click New under the Actions section. Select "Inject into Authentication Header” from the drop-down list.
From the "User Name: drop-down list, select the source of the username. For example, "Credential Profile”. A second drop-down list will now appear next to User Name:. Select an appropriate value from the list. For example, if Credential Profile was chosen as the username source, selecting LDAP Credentials->LDAP User DN will populate the Authorization header's username with the LDAP fdn of the user.
From the "Password:” drop-down list, select the source of the password. For example, "Credential Profile”. A second drop-down list will now appear next to Password:. Select an appropriate value. For example, if Credential Profile was chosen as the password source, selecting LDAP Credentials->LDAP Password will populate the Authorization header's password with the password used for Access Gateway authentication.
Press OK and Apply Changes to save the policy
Enable the Identity Injection policy on the WebAccess accelerator's protected resource
On the Protected Resource page of the WebAccess accelerator, click "[None]” under the Identity Injection column of the protected resource defined for webaccess.
In the "Identity Injection Policy List”, select (check) the Identity Injection policy created above, then click "Enable” in the menu. Press OK, then Apply changes in the usual way.
Method 2: Form Fill
Form Fill can also be used to provide single sign on and simultaneous logout to/from WebAccess. When using Form Fill, WebAccess typically should NOT be configured to process Authorization header credentials from the Access Gateway (ie. the Access Gateway should not be enabled as a Trusted Server in the WebAccess configuration), and Identity Injection policy would NOT be configured to populate the Authorization header.
On the last pages of this document is a sample Form Fill policy which includes actions for login success, login failure, and simultaneous logout. This policy can be saved as a text file and imported directly into iManager/Devman. After importing, be sure to edit the URL's in the policy as appropriate for the customer environment, modify the Fill Options, and enable the policy on the WebAccess accelerator.
Steps below:
Create the Form Fill policy
Copy the sample Form Fill policy below to a .txt file
In iManager/DevMan, select the Policies link under the Access Manager task
In the Policy List, click Import. Browse to the .txt file created above, then OK to import the policy.
Click the link to open the policy. Under each action, edit the "Redirect to URL:” field as appropriate for the environment.
Edit the "Fill Options” section of the login action with appropriate values. This example policy uses"Shared Secret” as the storage location. After importing, "[invalid value]” will likely be displayed. Select the drop-down list to select or create a new Shared Secret and keyname for each input field.
Press OK and Apply Changes to save the policy
Enable the Form Fill Policy on the WebAccess accelerator's protected resource
On the Protected Resource page of the WebAccess accelerator, click "[None]” under the Form Fill column of the protected resource defined for WebAccess.
In the "Form Fill Policy List”, select (check) the Form Fill policy created above, then click"Enable” in the menu. Press OK, then Apply changes in the usual way.
Sample Form Fill policy for WebAccess 7.01
<?xml version="1.0" encoding="UTF-8"?>
<!--Sample XML file generated by XMLSpy v2005 rel. 3 U (http://www.altova.com)-->
<NxpeService xmlns:xpeml="urn:novell:schema:xpeml:1.34:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="./nxpeService.xsd" Revision="0.1">
<xpeml:PolicyCollection schemaVersion="1.34">
<xpeml:PoliciesDefinitionList LastModified="4294967295" LastModifiedBy="String">
<xpeml:Policy Enable="true" UserInterfaceID="PolicyID_xpemlPEP_AGFormFill_1177679197568" Name="ff-gwise" LastModified="1177680049288" PolicyID="PolicyID_xpemlPEP_AGFormFill_1177679197568" DateCreated="4294967295" Description="" DateArchived="4294967295" LastModifiedBy="cn=admin,o=novell">
<xpeml:PolicyEnforcementPointRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlPEP_AGFormFill" />
<xpeml:ConfigurationUsageList />
<xpeml:Rule RuleID="RuleID_11776791975690" RuleOrder="1" Enable="1" UserInterfaceID="RuleID_11776791975690" ConditionCombiningAlgorithm="DNF" Description="" Priority="0">
<xpeml:ActionList>
<xpeml:Action UserInterfaceID="ActionID_1156349332078" Order="4">
<xpeml:ActionRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlAction_FormFill" />
<xpeml:InstanceParameterList>
<xpeml:ParameterGroup UserInterfaceID="FormSelection" EnumerativeValue="3310" GroupName="FormSelection" Order="1">
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156349332153" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="1">
<xpeml:Parameter Value="loginForm" UserInterfaceID="ParameterID_2_1156349332153" EnumerativeValue="2" Name="Name" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="FormSelectionCriteria" EnumerativeValue="3310" GroupName="FormSelectionCriteria" Order="2">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349332153" EnumerativeValue="10" Enabled="false" ChoiceName="Cgi" Order="1">
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_1_1156349332153" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156349332154" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="2">
<xpeml:Parameter Value="%3CTITLE%3ENovell%20WebAccess%3C%2FTITLE%3E" UserInterfaceID="ParameterID_1_1156349332154" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="FillOptions" EnumerativeValue="3320" GroupName="FillOptions" Order="3">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349332156" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="1">
<xpeml:Parameter Value="Low.bandwidth" UserInterfaceID="ParameterID_1_1156349332156" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="hidden" UserInterfaceID="ParameterID_2_1156349332156" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E221%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349332156" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349332156" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349336431" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="2">
<xpeml:Parameter Value="User.interface" UserInterfaceID="ParameterID_1_1156349336431" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="hidden" UserInterfaceID="ParameterID_2_1156349336431" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E222%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349336431" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349336431" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349418767" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="3">
<xpeml:Parameter Value="User.id" UserInterfaceID="ParameterID_1_1156349418767" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="text" UserInterfaceID="ParameterID_2_1156349418767" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E223%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349418767" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349418767" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349421440" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="4">
<xpeml:Parameter Value="User.password" UserInterfaceID="ParameterID_1_1156349421440" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="password" UserInterfaceID="ParameterID_2_1156349421440" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E224%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349421440" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349421440" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349427082" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="5">
<xpeml:Parameter Value="User.settings.speed" UserInterfaceID="ParameterID_1_1156349427082" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="radio" UserInterfaceID="ParameterID_2_1156349427082" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E226%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349427082" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349427082" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349432728" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="6">
<xpeml:Parameter Value="User.settings.simple" UserInterfaceID="ParameterID_1_1156349432728" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="checkbox" UserInterfaceID="ParameterID_2_1156349432728" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E227%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349432728" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349432728" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349446206" EnumerativeValue="10" Enabled="true" ChoiceName="InputField" Order="7">
<xpeml:Parameter Value="User.settings.save" UserInterfaceID="ParameterID_1_1156349446206" EnumerativeValue="1" Name="Name" />
<xpeml:Parameter Value="checkbox" UserInterfaceID="ParameterID_2_1156349446206" EnumerativeValue="2" Name="Type" />
<xpeml:Parameter Value="NEPXurn%7E3Anovell%7E3Acredentialprofile%7E3A2005-03%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E2Fcp%7E3AEntry%7E40%7E40%7E40%7E40WSCQSSToken%7E40%7E40%7E40%7E40%7E2Fcp%7E3ASecrets%7E2Fcp%7E3ASecret%7E5Bcp%7E3AName%7E3D%7E22gwiseSecret%7E22%7E5D%7E2Fcp%7E3AEntry%7E5Bcp%7E3AName%7E3D%7E228%7E22%7E5D" UserInterfaceID="ParameterID_3_1156349446206" EnumerativeValue="3" Name="FillValue">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_SharedSecret" />
</xpeml:Parameter>
<xpeml:Parameter Value="none" UserInterfaceID="ParameterID_4_1156349446206" EnumerativeValue="4" Name="DataConversion" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="SubmitOptions" EnumerativeValue="3330" GroupName="SubmitOptions" Order="4">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349332157" EnumerativeValue="10" Enabled="true" ChoiceName="AutoSubmit" Order="1">
<xpeml:Parameter Value="false" UserInterfaceID="ParameterID_1_1156349332157" EnumerativeValue="1" Name="Debug" />
<xpeml:Parameter Value="true" UserInterfaceID="ParameterID_2_1156349332157" EnumerativeValue="2" Name="MaskData" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_40_1156349332158" EnumerativeValue="40" Enabled="false" ChoiceName="InsertHeaderText" Order="2">
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_2_1156349332158" EnumerativeValue="2" Name="HeaderText" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_50_1156349332160" EnumerativeValue="50" Enabled="true" ChoiceName="JavaScript" Order="3">
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_1_1156349332160" EnumerativeValue="1" Name="FunctionsToKeep" />
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_2_1156349332160" EnumerativeValue="2" Name="StatementsForSubmit" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="ErrorHandling" EnumerativeValue="3399" GroupName="ErrorHandling" Order="5">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156349332160" EnumerativeValue="10" Enabled="true" ChoiceName="Redirect" Order="1">
<xpeml:Parameter Value="https%3A%2F%2Fcit.novell.com%2FFillFailed.html" UserInterfaceID="ParameterID_1_1156349332160" EnumerativeValue="1" Name="Url" />
</xpeml:Choice>
</xpeml:ParameterGroup>
</xpeml:InstanceParameterList>
</xpeml:Action>
<xpeml:Action UserInterfaceID="ActionID_1156351508219" Order="1">
<xpeml:ActionRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlAction_FormLoginFailure" />
<xpeml:InstanceParameterList>
<xpeml:ParameterGroup UserInterfaceID="FormSelection" EnumerativeValue="3310" GroupName="FormSelection" Order="1">
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351509359" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="1">
<xpeml:Parameter Value="loginForm" UserInterfaceID="ParameterID_2_1156351509359" EnumerativeValue="2" Name="Name" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="FormSelectionCriteria" EnumerativeValue="3310" GroupName="FormSelectionCriteria" Order="2">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156351509360" EnumerativeValue="10" Enabled="true" ChoiceName="Cgi" Order="1">
<xpeml:Parameter Value="User.Logout" UserInterfaceID="ParameterID_1_1156351509360" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351509361" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="2">
<xpeml:Parameter Value="%3CTITLE%3ENovell%20WebAccess%3C%2FTITLE%3E" UserInterfaceID="ParameterID_1_1156351509361" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="LoginFailureProcessing" EnumerativeValue="3350" GroupName="LoginFailureProcessing" Order="3">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156351509362" EnumerativeValue="10" Enabled="true" ChoiceName="Redirect" Order="1">
<xpeml:Parameter Value="http%3A%2F%2Fbarry2.cit.novell.com%2FAGLogout" UserInterfaceID="ParameterID_1_1156351509362" EnumerativeValue="1" Name="Url" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351509362" EnumerativeValue="20" Enabled="false" ChoiceName="DataMgmt" Order="2">
<xpeml:Parameter Value="mastercdn#ff-gwise" UserInterfaceID="ParameterID_1_1156351509362" EnumerativeValue="1" Name="ClearSharedSecretsForPolicy">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_PolicyReference" />
</xpeml:Parameter>
</xpeml:Choice>
</xpeml:ParameterGroup>
</xpeml:InstanceParameterList>
</xpeml:Action>
<xpeml:Action UserInterfaceID="ActionID_1156351645495" Order="3">
<xpeml:ActionRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlAction_FormLoginFailure" />
<xpeml:InstanceParameterList>
<xpeml:ParameterGroup UserInterfaceID="FormSelection" EnumerativeValue="3310" GroupName="FormSelection" Order="1">
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351649092" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="1">
<xpeml:Parameter Value="loginForm" UserInterfaceID="ParameterID_2_1156351649092" EnumerativeValue="2" Name="Name" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="FormSelectionCriteria" EnumerativeValue="3310" GroupName="FormSelectionCriteria" Order="2">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156351649093" EnumerativeValue="10" Enabled="false" ChoiceName="Cgi" Order="1">
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_1_1156351649093" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351649096" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="2">
<xpeml:Parameter Value="Please%20login%20again.%20You%20may%20have%20typed%20your%20name%20or%20password%20incorrectly." UserInterfaceID="ParameterID_1_1156351649096" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="LoginFailureProcessing" EnumerativeValue="3350" GroupName="LoginFailureProcessing" Order="3">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1156351649100" EnumerativeValue="10" Enabled="true" ChoiceName="Redirect" Order="1">
<xpeml:Parameter Value="https%3A%2F%2Fcit.novell.com%2FLoginFail.html" UserInterfaceID="ParameterID_1_1156351649100" EnumerativeValue="1" Name="Url" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1156351649101" EnumerativeValue="20" Enabled="true" ChoiceName="DataMgmt" Order="2">
<xpeml:Parameter Value="mastercdn#ff-gwise" UserInterfaceID="ParameterID_1_1156351649101" EnumerativeValue="1" Name="ClearSharedSecretsForPolicy">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_PolicyReference" />
</xpeml:Parameter>
</xpeml:Choice>
</xpeml:ParameterGroup>
</xpeml:InstanceParameterList>
</xpeml:Action>
<xpeml:Action UserInterfaceID="ActionID_1170952752078" Order="2">
<xpeml:ActionRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlAction_FormLoginFailure" />
<xpeml:InstanceParameterList>
<xpeml:ParameterGroup UserInterfaceID="FormSelection" EnumerativeValue="3310" GroupName="FormSelection" Order="1">
<xpeml:Choice UserInterfaceID="ChoiceID_20_1170952756463" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="1">
<xpeml:Parameter Value="loginForm" UserInterfaceID="ParameterID_2_1170952756463" EnumerativeValue="2" Name="Name" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="FormSelectionCriteria" EnumerativeValue="3310" GroupName="FormSelectionCriteria" Order="2">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1170952756463" EnumerativeValue="10" Enabled="false" ChoiceName="Cgi" Order="1">
<xpeml:Parameter Value="" UserInterfaceID="ParameterID_1_1170952756463" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1170952756463" EnumerativeValue="20" Enabled="true" ChoiceName="Form" Order="2">
<xpeml:Parameter Value="Unable%20to%20communicate%20with%20GroupWise%20WebAccess%20Agent" UserInterfaceID="ParameterID_1_1170952756463" EnumerativeValue="1" Name="Criteria" />
</xpeml:Choice>
</xpeml:ParameterGroup>
<xpeml:ParameterGroup UserInterfaceID="LoginFailureProcessing" EnumerativeValue="3350" GroupName="LoginFailureProcessing" Order="3">
<xpeml:Choice UserInterfaceID="ChoiceID_10_1170952756464" EnumerativeValue="10" Enabled="true" ChoiceName="Redirect" Order="1">
<xpeml:Parameter Value="https%3A%2F%2Fcit.novell.com%2FRequestFailed.html" UserInterfaceID="ParameterID_1_1170952756464" EnumerativeValue="1" Name="Url" />
</xpeml:Choice>
<xpeml:Choice UserInterfaceID="ChoiceID_20_1170952756464" EnumerativeValue="20" Enabled="false" ChoiceName="DataMgmt" Order="2">
<xpeml:Parameter Value="mastercdn#ff-gwise" UserInterfaceID="ParameterID_1_1170952756464" EnumerativeValue="1" Name="ClearSharedSecretsForPolicy">
<xpeml:ContextDataElementRef ElementRefType="ExternalWithIDRef" ExternalDocRef="AccessGateway-default:romaContentCollectionXMLDoc" ExternalElementRef="xpemlContextDataElement_PolicyReference" />
</xpeml:Parameter>
</xpeml:Choice>
</xpeml:ParameterGroup>
</xpeml:InstanceParameterList>
</xpeml:Action>
</xpeml:ActionList>
</xpeml:Rule>
</xpeml:Policy>
</xpeml:PoliciesDefinitionList>
</xpeml:PolicyCollection>
</NxpeService>