Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell iFolder 3.8
Novell iFolder 3.9
Novell iFolder 3.8
Novell iFolder 3.9
Situation
There are different ways to accomplish this task, all depending on your current NAM configuration and needs. You first need to decide if you are using a domain based proxy service or a path based proxy service. You then need to decide if you want to use Identity Injection (basic authorization) or form fill.
Resolution
The following are basic instructions on how to configure a domain based proxy service as well as what to configure for Identity Injection or Form Fill. The concepts also apply to path based multi-home configurations as well:
1. Create the new protected resource for iFolder. (please refer to the documentation on more details on how to configure a protected resource if you have any questions on how to do so: https://www.novell.com/documentation/novellaccessmanager31/accessgatewayhelp/data/prlist.html)
2. Give the protected resource the path of /ifolder/*
3. Give the protected resource an authentication procedure of Secure Name/Password-Form
4. From here you need to know if you are going for Identity Injection, or Form Fill and create the desired policy and enable it:
Identity Injection:
1. On the Identity Injection tab click on manage policies to open a separate window and create the policy.
2. Click new > Access Gateway: Identity Injection (also give the policy a name)
3. Under Actions select New > Inject into Authorization Header
4. For User Name: Select Credential Profile (LDAP Credentials:LDAP User Name will come up by default)
5. For Password: Also Select Credential Profile (on this one you will have to manually select LDAP Credentials > LDAP Password)
6. Click OK > OK > then Apply Changes > Close.
7. The Identity Injection policy will now show up in the policy list in the protected resource list. Select it, and choose Enable.
8. OK out of all screens and update the Access Gateway Configuration.
Form Fill:
1. On the Form Fill Tab click on manage policies to open a separate window and create the policy.
2. Click new > Access Gateway: Form Fill (also give the policy a name)
3. Add the following to the CGI Matching Criteria: ReturnUrl=%2fifolder%2fiFolders.aspx
4. In a browser, go to the iFolder login page: https://$SERVERIP$/ifolder
5. Right click the page and select "view source"
6. Search the page for <title>
7. Copy the entire string, including the white space that proceeds it. ( <title>iFolder</title>)
8. Paste into Page Matching Criteria field.
9. Change Form name to Form ID.
10. Enter the following for Form ID: ctl00
11. Fill options are as follows:
a. UserName > Text > Credential Profile : LDAP Credentials:LDAP User Name
b. Password > Password > Credential Profile : LDAP Credentials:LDAP Password
12. Check Auto Submit
13. Enter a URL for Error Handling if desired.
14. Click on New at the top and select Form Login Failure *
15. Enter the following for CGI Matching Criteria: Message=You+are+now+logged+out+of+iFolder.
16. Under Login Failure Processing enter the path to the ESP logout URL: example: https://ifolder.test.com/AGLogout
17. Click OK > OK > then Apply Changes > Close.
18. The Form Fill policy will now show up in the policy list in the protected resource list. Select it, and choose Enable.
19. Click OK > OK.
20. Apply all updates and test.
* When using a Form Fill policy the logout link in iFolder will just loop you back into iFolder. Steps 14-20 will enable simultaneous logout (logs out of iFolder and NAM simultaneously).
1. Create the new protected resource for iFolder. (please refer to the documentation on more details on how to configure a protected resource if you have any questions on how to do so: https://www.novell.com/documentation/novellaccessmanager31/accessgatewayhelp/data/prlist.html)
2. Give the protected resource the path of /ifolder/*
3. Give the protected resource an authentication procedure of Secure Name/Password-Form
4. From here you need to know if you are going for Identity Injection, or Form Fill and create the desired policy and enable it:
Identity Injection:
1. On the Identity Injection tab click on manage policies to open a separate window and create the policy.
2. Click new > Access Gateway: Identity Injection (also give the policy a name)
3. Under Actions select New > Inject into Authorization Header
4. For User Name: Select Credential Profile (LDAP Credentials:LDAP User Name will come up by default)
5. For Password: Also Select Credential Profile (on this one you will have to manually select LDAP Credentials > LDAP Password)
6. Click OK > OK > then Apply Changes > Close.
7. The Identity Injection policy will now show up in the policy list in the protected resource list. Select it, and choose Enable.
8. OK out of all screens and update the Access Gateway Configuration.
Form Fill:
1. On the Form Fill Tab click on manage policies to open a separate window and create the policy.
2. Click new > Access Gateway: Form Fill (also give the policy a name)
3. Add the following to the CGI Matching Criteria: ReturnUrl=%2fifolder%2fiFolders.aspx
4. In a browser, go to the iFolder login page: https://$SERVERIP$/ifolder
5. Right click the page and select "view source"
6. Search the page for <title>
7. Copy the entire string, including the white space that proceeds it. ( <title>iFolder</title>)
8. Paste into Page Matching Criteria field.
9. Change Form name to Form ID.
10. Enter the following for Form ID: ctl00
11. Fill options are as follows:
a. UserName > Text > Credential Profile : LDAP Credentials:LDAP User Name
b. Password > Password > Credential Profile : LDAP Credentials:LDAP Password
12. Check Auto Submit
13. Enter a URL for Error Handling if desired.
14. Click on New at the top and select Form Login Failure *
15. Enter the following for CGI Matching Criteria: Message=You+are+now+logged+out+of+iFolder.
16. Under Login Failure Processing enter the path to the ESP logout URL: example: https://ifolder.test.com/AGLogout
17. Click OK > OK > then Apply Changes > Close.
18. The Form Fill policy will now show up in the policy list in the protected resource list. Select it, and choose Enable.
19. Click OK > OK.
20. Apply all updates and test.
* When using a Form Fill policy the logout link in iFolder will just loop you back into iFolder. Steps 14-20 will enable simultaneous logout (logs out of iFolder and NAM simultaneously).