Linux Access Gateway cannot inject user certificate when Identity Injection applied

  • 3766858
  • 29-May-2007
  • 26-Apr-2012


Novell Access Management 3 Linux Novell Identity Server


Configured Access Manager to use SUNONE Directory Server and an IIS website. Using username/password authentication to authenticate user to the Novell Identity (IDP) Server, all users can successfully authenticate. An Identity Injection policy is then applied to one of the IIS protected resources, which injects the users Certicate to the back end Web server. The users certificate is never forwarded by the Linux Access Gateway (LAG) to the IIS server.

Network traces reveal that the identity server retrieves the user certificate from the directory server but then never passes it on to the website. Catalina.out debug logs on the IDP and LAG show that the certificate is never passed from the IDP server to the LAG eSP via the SOAP backchannel.


Apply Access Manager 3 Support Pack 1 beta 1 (b1nam3sp1.tar.gz).

The format of the userCertificate attribute returned via the LDAP query to the SunOne LDAP server was not handled correctly with FCS and IR2 code. The SP1 codebase now handles the binary certificate returned correctly so that the IDP can finally pass it to the LAG eSP to inject.