Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Interim Release 1 and Support Pack 1
NetIQ Access Manager 3.2 Access Gateway (Appliance and Service)
NetIQ Access Manager 3.2 Interim Release 1 and Support Pack 1
NetIQ Access Manager 3.2 Access Gateway (Appliance and Service)
Situation
Installed NetIQ Access Manager with the Access Gateway enabled. While testing, administrator enabled
Advanced Option to get troubleshooting X-MAG headers NAGGlobalOptions DebugHeaders on
After applying the change and hitting the Access Gateway protected resource, no X-MAG troubleshooting
headers are sent back to the browser.
Resolution
A few workarounds exist:
a) Add the following LogLevel Advanced Option
LogLevel emerg
and update the configuration or
b) manually modify the /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/DebugSettings.conf file on the Access Gateway server and modify the section that includes the following:
# Enables information about the decisions made by the Access Gateway
# to be returned as an HTTP header (X-Mag:)to the client.
NAGGlobalOptions DebugHeaders
to include
# Enables information about the decisions made by the Access Gateway
# to be returned as an HTTP header (X-Mag:)to the client.
NAGGlobalOptions DebugHeaders=on
Save the changes and run the '/etc/init.d/novell-apache2 restart' command.
a) Add the following LogLevel Advanced Option
LogLevel emerg
and update the configuration or
b) manually modify the /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/DebugSettings.conf file on the Access Gateway server and modify the section that includes the following:
# Enables information about the decisions made by the Access Gateway
# to be returned as an HTTP header (X-Mag:)to the client.
NAGGlobalOptions DebugHeaders
to include
# Enables information about the decisions made by the Access Gateway
# to be returned as an HTTP header (X-Mag:)to the client.
NAGGlobalOptions DebugHeaders=on
Save the changes and run the '/etc/init.d/novell-apache2 restart' command.
Cause
When setting the advanced options, corresponding Access Gateway configuration files will include
references to the Advanced Options. Looking at the contents of the /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/DebugSettings.conf,
one can see that the parameter is not set correctly # Enables information about the decisions made by the Access Gateway # to be returned as an HTTP header (X-Mag:)to the client. NAGGlobalOptions DebugHeaders Looking at the /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/NovellAgSettings.conf file,
one can see that it is set correctly there, but the Apache proxy does not read it. # Global Options NAGGlobalOptions DebugHeaders=on The info is being read from DebugSettings.conf. When manually setting the NAGGlobalOptions DebugHeaders=on in this file, the X-MAG headers start getting logged.