Environment
Novell Access Manager 3.1 Linux Novell Identity Server
Situation
After upgrading from 3.1.2 to 3.1.3, when hitting the protected resource via the LAG, you receive a 100101044 error. If you go directly to the idp login page (https://IDPbaseURL:8443/nidp/idff/sso) in IE you get page cannot be displayed error, but in Firefox, you get the following:
An error occurred during a connection to &IDPbaseURL:8443)
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
An error occurred during a connection to &IDPbaseURL:8443)
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Resolution
Edit the /etc/opt/novell/tomcat5/server.xml on the IDP as follows:
At the bottom of the server.xml, there are lines for various connectors. We want to edit the connector connector.
Unedited:
<Connector NIDP_Name="connector" URIEncoding="utf-8" acceptCount="0" address="10.124.1.132" className="org.apache.coyote.tomcat5.CoyoteConnector" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files\Novell\devman\jcc/certs/idp/connector.keystore" keystorePass="ik6S6I7410vyHoX" maxProcessors="200" maxSpareThreads="50" maxThreads="200" minSpareThreads=" 5 " port="8443" sSLImplementation="com.novell.nidp.common.util.net.server.NIDPSSLImplementation" scheme="https" sslProtocol="TLS" useBodyEncodingURI="false" allowUnsafeLegacyRenegotiation="false" />
We want to add this to that line: protocol="org.apache.coyote.http11.Http11Protocol"
Edited:
<Connector NIDP_Name="connector" URIEncoding="utf-8" acceptCount="0" address="10.124.1.132" className="org.apache.coyote.tomcat5.CoyoteConnector" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files\Novell\devman\jcc/certs/idp/connector.keystore" keystorePass="ik6S6I7410vyHoX" maxProcessors="200" maxSpareThreads="50" maxThreads="200" minSpareThreads=" 5 " port="8443" sSLImplementation="com.novell.nidp.common.util.net.server.NIDPSSLImplementation" scheme="https" sslProtocol="TLS" useBodyEncodingURI="false" allowUnsafeLegacyRenegotiation="false"protocol="org.apache.coyote.http11.Http11Protocol" />
Save the changes and restart Tomcat (rcnovell-tomcat5 restart)
At the bottom of the server.xml, there are lines for various connectors. We want to edit the connector connector.
Unedited:
<Connector NIDP_Name="connector" URIEncoding="utf-8" acceptCount="0" address="10.124.1.132" className="org.apache.coyote.tomcat5.CoyoteConnector" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files\Novell\devman\jcc/certs/idp/connector.keystore" keystorePass="ik6S6I7410vyHoX" maxProcessors="200" maxSpareThreads="50" maxThreads="200" minSpareThreads=" 5 " port="8443" sSLImplementation="com.novell.nidp.common.util.net.server.NIDPSSLImplementation" scheme="https" sslProtocol="TLS" useBodyEncodingURI="false" allowUnsafeLegacyRenegotiation="false" />
We want to add this to that line: protocol="org.apache.coyote.http11.Http11Protocol"
Edited:
<Connector NIDP_Name="connector" URIEncoding="utf-8" acceptCount="0" address="10.124.1.132" className="org.apache.coyote.tomcat5.CoyoteConnector" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files\Novell\devman\jcc/certs/idp/connector.keystore" keystorePass="ik6S6I7410vyHoX" maxProcessors="200" maxSpareThreads="50" maxThreads="200" minSpareThreads=" 5 " port="8443" sSLImplementation="com.novell.nidp.common.util.net.server.NIDPSSLImplementation" scheme="https" sslProtocol="TLS" useBodyEncodingURI="false" allowUnsafeLegacyRenegotiation="false"protocol="org.apache.coyote.http11.Http11Protocol" />
Save the changes and restart Tomcat (rcnovell-tomcat5 restart)