Linux Access Gateway cannot inject user certificate when Identity Injection applied

  • 3766858
  • 29-May-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Novell Identity Server

Situation

Configured Access Manager to use SUNONE Directory Server and an IIS website. Using username/password authentication to authenticate user to the Novell Identity (IDP) Server, all users can successfully authenticate. An Identity Injection policy is then applied to one of the IIS protected resources, which injects the users Certicate to the back end Web server. The users certificate is never forwarded by the Linux Access Gateway (LAG) to the IIS server.

Network traces reveal that the identity server retrieves the user certificate from the directory server but then never passes it on to the website. Catalina.out debug logs on the IDP and LAG show that the certificate is never passed from the IDP server to the LAG eSP via the SOAP backchannel.

Resolution

Apply Access Manager 3 Support Pack 1 beta 1 (b1nam3sp1.tar.gz).

The format of the userCertificate attribute returned via the LDAP query to the SunOne LDAP server was not handled correctly with FCS and IR2 code. The SP1 codebase now handles the binary certificate returned correctly so that the IDP can finally pass it to the LAG eSP to inject.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.