Linux Access Gateway Formfill auto-submit fails with Groupwise WebAccess 7.02

  • 3748045
  • 27-Mar-2007
  • 26-Apr-2012


Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Formfill policy applied with Shared secrets


Created a basic formfill policy to single sign on to Groupwise WebAccess 7.02 login form.
auto-submit of the users credentials is not working. The shared secret data DOES get
written to the user's Identity object on the first login as expected (can
view the entry with ConsoleOne in the internal config store). However, on the
next login to the Groupwise webaccess accelerator, the user sees the webaccess
login form which is populated with data from the internal secret store but the
form does not auto-post.

This same ff policy DOES properly auto-submit when used with gwise webaccess
7.01. The Netware Access Gateway also works fine.


Remove the "User.lang" field from the formfill policy.

The problem was being caused by the "User.lang" input field configured in the policy.
Currently, when trying to fill a form, LAG is using the input elements configured in
the policy.

In the case of Groupwise Web Access formfill policy, the above mentioned User field is
configured in the policy, but does not appear in the actual html page (it did with the 7.01
WebAccess build). So, when LAG gets this page for the first time, it creates shared secrets
for all the fields configured in the policy and requests the eSP for data for all these

When it gets a "DataNotAvailable" message from the eSP (because of the missing field),
it sends the form to the user to fill manually. Later when the user submits it, the
LAG tries to get the data (for storing) from the submitted form. Because it
fails to get the value for the afore mentioned field (as it wont appear in the
post-data due to its absence in the html form), it does not include it
in the "SetAttribute" request sent to eSP (for settign values to the previously
created secrets)...and submits the form to the webserver.

When you kill that session and issue a new request, the LAG requests the data again
after authenticating the user...and this time it gets data for all the fields
configured in the policy except for the "User.lang" field (this field will get
a "data not available" response). As a result the LAG believes that it only received
part of the data and so it will prompt the user to fill the missing fields. So you
get presented with the filled form ... but autosubmit does not happen.