Howto disable access to the Novell Identity server portal page

  • 3999143
  • 22-Nov-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Support Pack 1 applied

Situation

For security purposes, administrators may not want to allow users login directly to the Novell Identity Server (NIDP) login page, or access the corresponding NIDP portal page after having logged in successfully (/nidp/app).

One cannot disable the NIDP connector in tomcat as this is required for the various other endpoints that may be accessed in a SAML/Liberty relationship when a service provider (SP) accesses the NIDP server.

Resolution

After successfully authenticating to the NIDP server directly, the main.jsp page from /opt/novell/nids/lib/webapp/jsp is presented to the user. This page builds the portal page with links to the banner.jsp, nav.jsp, federations.jsp, home.jsp, in the same directory. The beginning of the main JSP page builds certain HTTP response headers such as

< %
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control","no-cache");

To avoid building the entire portal page that the administrator is preventing access to, one can inject a HTTP redirect so that users accessing the NIDP server directly are redirected to a page defined by the administrator. By simply adding the following line below the above setHeader command

response.sendRedirect("https://www.novell.com");

users will instead be redirected to https://www.novell.com rather than the NIDP portal.


AFter saving the file, there is no need to restart tomcat or the NIDP server - the changes should be effective immediately.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.