Cannot Formfill to back end Web application that includes input name of submit with value of submit

  • 7010957
  • 18-Oct-2012
  • 18-Oct-2012

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access GAteway
Formfill enabled

Situation

Access Gateway setup to accelerate a Web server. A back end application running on the Web server uses forms for login. In order to single sign on to this web server, a corresponding formfill policy was created, which worked fine with no autosubmit but with autosubmit enabled, the form would never be sent by the browser.

Looking at the form in more detail, it included the following information

 <form method="POST" action="/formfill/phpinfo.php" /> <p>Username: <input type="text" name="username" id="username" size="25" required/></p> <p>Password: <input type="password" name="passwd" id="passwd" size="25" required/></p> <p> <input value="Submit" id="submit" name="submit""> <input type="reset" name="reset" id="reset" value="Reset"/> </p> </form>

When the Access Gateway (AG) Formfill (FF) library processes the request and injects the headers, it sends back the following response to the browser - which the browser NEVER POSTs

<html>
<body>
<form action="/formfill/phpinfo.php" method="POST">
<input value="ncashell" required size="25" id="username" name="username" type="hidden"/>
<input value="novell" required size="25" id="passwd" name="passwd" type="hidden"/> <input value id="submit" name="submit" type="hidden"/>
</form>
<noscript>Please enable scripting on your browser!</noscript>
<script language="JavaScript"> function executeJavaScript() { }
function NAGPostForm()
 { executeJavaScript(); document.forms[0].submit(); }
NAGPostForm();
</script>
</body>
</html>

Resolution

Modify  the login form page to include the following

<form method="POST" action="/formfill/phpinfo.php" />
<p>Username: <input type="text" name="username" id="username" size="25" required/></p>
<p>Password: <input type="password" name="passwd" id="passwd" size="25" required/></p> <p>
<input type="submit" value="Login" name="login">
 <input type="reset" name="reset" id="reset" value="Reset"/> </p>
 </form>

Browsers do not allow a submit if the "id" and "name" fields within the <form> have a value of "submit".

If it is not possible to change the back end form, a rewriter profile can be created and applied to that explicit URL that rewrites the strings with a value of submit.

Additional Information

An enhancement request has been created on the AG to handle this scenario automatically and change the "submit" value so that auto submission of form completes.