Access Gateway Service 404 errors when accessing protected resource after long delay submitting credentials at Identity Server

  • 7008687
  • 02-Jun-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Support Pack 3 installed
Novell Access Manager 3.1 Linux based  Access Gateway Service


Access Manager setup and working fine - users can authenticate to the Identity (IDP) server and access protected resources on the Linux based Access Gateway Service (AGS). Some users however report 404 errors on their browser after authenticating to the IDP server, and do not get redirected to the protected resource they originally attempted to hit.

Log files indicated the following use case:

. User hits AGS protected resource
2. User is redirected to the login page on IDP server
3. User waits at the login page for 5+ minutes before entering credentials
4. User eventually submits credentials
5. User gets the 404 error


Apply Access Manager Support Pack 3 IR2 (build 3.1.3-292) or greater.

Additional Information

when he submits credentials immediately, the issue rarely happens

After the user authenticates to the IDP server, and the artifact is sent back
to the AG, the AG correctly sends that artifact back to the IDP server. The IDP
server responds with the assertion for that user. The AG then tries to update
it's local auth table with info about that user but fails:

2011-05-26T11:59:42Z VERBOSE NIDS Application: Attempting to connect to URL: via POST

2011-05-26T11:59:42Z VERBOSE NIDS Application: Posting data to

2011-05-26T11:59:42Z DEBUG NIDS Application:
Method: URLUtil.connectToURL
Thread: TP-Processor20
Response code 404 from connection

2011-05-26T11:59:42Z WARNING NIDS Application: AM#300105002:
AMDEVICEID#esp-5194391484173753: Error sending SOAP message to
Access Gateway: NIDPMAIN.405

All looks fine for the request but we should not be getting a 404 response code
back. The only possible issue that I can see if that we have 2 cookies in the
initial request for the AGS proxy ... see IPCZQX03xxxxxxxx cookie below. If you
purge cookies on your browser, do you get the issue with the first
authentication after the purging of cookies? I wonder if we are somehow getting
missed up with the cookies?

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
Gecko/20110420 Firefox/3.6.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: IPCZQX03fa7322b3=0100fe00139046e8b497047df15f8078e76d5d01;