Indentity Injection fails with NetIdentity based authentication or browsers sending a http authorization header

  • 7002539
  • 04-Feb-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3 Service Pack 4 Interims Release 1
Novell Access Manager 3 Linux Access Gateway


Situation

  • A  protected resource has been configured to use a NetIdentity based authentication contract as documented in the Cool Solution "How to single sign on with NetIdentity to Novell Access ManagerHow to single sign on with NetIdentity to Novell Access Manager"
  • Single Sign On from a Windows workstation to the Novell Identity Provider (NIDP) works as expected.
  • The Internet Microsoft Internet Explorer requests includes the required  HTTP NovInet Authorization header.
  • Identity Injection has been configured to inject the users cn and password into the HTTP Authorization Header
  • SSO to the web application server seems not to work.
    The HTTP Authorization header passed on to the Web server will always include the details from genrrated byt the browser instead of what has been defined in the assined Injection Policy

Resolution

This issue has been addressed to engineering and will be fixed in Novell Access Manager Service Pack 4 Interims Relaese 2

This functionality will be available with the following touch file: "/var/novell/.overwrite_AuthHeader_With_IIData" on the LAG
After applying this touch file the HTTP Authorization Header information sent by the browser client will be overwritten by Identity Injection information configured in the assigned policy and passed on to the web application server