Environment
Novell Access Management 3 Linux Novell Identity Server
Situation
Configured Access Manager to use SUNONE Directory Server and an IIS
website. Using username/password authentication to
authenticate user to the Novell Identity (IDP) Server, all users
can successfully authenticate. An Identity Injection policy is then
applied to one of the IIS protected resources, which injects the
users Certicate to the back end Web server. The users certificate
is never forwarded by the Linux Access Gateway (LAG) to the IIS
server.
Network traces reveal that the identity server retrieves the user certificate from the directory server but then never passes it on to the website. Catalina.out debug logs on the IDP and LAG show that the certificate is never passed from the IDP server to the LAG eSP via the SOAP backchannel.
Network traces reveal that the identity server retrieves the user certificate from the directory server but then never passes it on to the website. Catalina.out debug logs on the IDP and LAG show that the certificate is never passed from the IDP server to the LAG eSP via the SOAP backchannel.
Resolution
Apply Access Manager 3 Support Pack 1 beta 1
(b1nam3sp1.tar.gz).
The format of the userCertificate attribute returned via the LDAP query to the SunOne LDAP server was not handled correctly with FCS and IR2 code. The SP1 codebase now handles the binary certificate returned correctly so that the IDP can finally pass it to the LAG eSP to inject.
The format of the userCertificate attribute returned via the LDAP query to the SunOne LDAP server was not handled correctly with FCS and IR2 code. The SP1 codebase now handles the binary certificate returned correctly so that the IDP can finally pass it to the LAG eSP to inject.