Environment
Novell Access Management 3 Support Pack 1 Release Candidate
2b
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Linux Access Gateway
Situation
Authentication to back end application server (Lotus Notes) based
on a session cookie (LtpaToken) fails.
Requires session cookie does not get send by the browser client
Requires session cookie does not get send by the browser client
Resolution
This issue has been addressed to engineering and will be fixed with
the final release of Support Pack 1
Status
Reported to EngineeringAdditional Information
A reverse proxy configuration has been created with two
accelerators using path based multi homing
For example:
Only one web server behind a configured accelerator (for example: acc1.ema-public.org) generates the cookie after a successful authentication
The Linux Access gateway rewrites the application cookie domain component to the public host name instead of rewriting it to the public Domain name
Example:
"Domain=.emaprivate.org" will be rewritten to"Domain=acc1.ema-public.org"
instead of rewriting it to "Domain=.ema-public.org"
Due to this fact the session cookie rewritten by the LAG can not be use with the accelerator "acc2.emea-public.org"
For example:
- "acc1.ema-public.org"
- "acc2.ema-public.org"
Only one web server behind a configured accelerator (for example: acc1.ema-public.org) generates the cookie after a successful authentication
The Linux Access gateway rewrites the application cookie domain component to the public host name instead of rewriting it to the public Domain name
Example:
"Domain=.emaprivate.org" will be rewritten to"Domain=acc1.ema-public.org"
instead of rewriting it to "Domain=.ema-public.org"
Due to this fact the session cookie rewritten by the LAG can not be use with the accelerator "acc2.emea-public.org"