Environment
Novell Access Manager 3.1 Linux Access Gateway
Peoplesoft Web server
FormFill enabled for Single sign on
Peoplesoft Web server
FormFill enabled for Single sign on
Situation
When configuring the Linux Access Gateway (LAG) to protect a Peoplesoft Web server, all HTTP communication went through fine. In oder to single sign on (SSO) from the LAG, a formfill policy was created that automatically submitted the credentials defined in the policy to the back end Peoplesoft server. With the policy in place, the single sign on would fail. Users would always have to enter the credentials manually to get authenticated to the Peoplesoft server. Disabling the auto submit feature in the formfill policy, users also noticed that the credentials would never be populated in the fields, even though the attributes existed and were retrieved from the LDAP user store.
Resolution
Modify the back end Peoplesoft login page to terminate the <form/> tag. The default login page included a <form> tag that defined the input tags. However it was not terminated. Formfill looks at the form contents to verify the syntax and without the <form/> tag, it did not know where the various input tags ended. The ics_dyn.log file would report the following message:
Jun 4 10:11:13 lag129 : AM#504507000: AMDEVICEID#ag-7AA324FFCBA4D4E: AMAUTHID#0: AMEVENTID#0: Skipping formfill since no match found for any policy input field.
Jun 4 10:11:13 lag129 : AM#504507000: AMDEVICEID#ag-7AA324FFCBA4D4E: AMAUTHID#0: AMEVENTID#0: Skipping formfill since no match found for any policy input field.