Linux Access Gateway Formfill auto-submit fails with Groupwise WebAccess 7.02

  • Document ID:3748045
  • Creation Date:27-Mar-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Access Manager (NAM)

Environment


Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Formfill policy applied with Shared secrets

Situation

Created a basic formfill policy to single sign on to Groupwise WebAccess 7.02 login form.

auto-submit of the users credentials is not working. The shared secret data DOES get

written to the user's Identity object on the first login as expected (can

view the entry with ConsoleOne in the internal config store). However, on the

next login to the Groupwise webaccess accelerator, the user sees the webaccess

login form which is populated with data from the internal secret store but the

form does not auto-post.

This same ff policy DOES properly auto-submit when used with gwise webaccess

7.01. The Netware Access Gateway also works fine.

Resolution

Remove the "User.lang" field from the formfill policy.

The problem was being caused by the "User.lang" input field configured in the policy.

Currently, when trying to fill a form, LAG is using the input elements configured in

the policy.

In the case of Groupwise Web Access formfill policy, the above mentioned User field is

configured in the policy, but does not appear in the actual html page (it did with the 7.01

WebAccess build). So, when LAG gets this page for the first time, it creates shared secrets

for all the fields configured in the policy and requests the eSP for data for all these

fields.

When it gets a "DataNotAvailable" message from the eSP (because of the missing field),

it sends the form to the user to fill manually.  Later when the user submits it, the

LAG tries to get the data (for storing) from the submitted form. Because it

fails to get the value for the afore mentioned field (as it wont appear in the

post-data due to its absence in the html form), it does not include it

in the "SetAttribute" request sent to eSP (for settign values to the previously

created secrets)...and submits the form to the webserver.

When you kill that session and issue a new request, the LAG requests the data again

after authenticating the user...and this time it gets data for all the fields

configured in the policy except for the "User.lang" field (this field will get

a "data not available" response). As a result the LAG believes that it only received

part of the data and so it will prompt the user to fill the missing fields.  So you

get presented with the filled form ... but autosubmit does not happen.