Environment
NetIQ Access Manager 3.1
Linux Access Gateway Appliance
Ajax based back end Web Application
Linux Access Gateway Appliance
Ajax based back end Web Application
Situation
Access Manager setup and working well - all users can access protected resources after having successfully authenticated at the Identity (IDP) server. Administrator needed to role out a new web based application behind the Linux Access Gateway (LAG) , and use Identity injection to sign on to it. The application was a custom application that used AJAX calls. After setting everything up, a test user still had issues with broken links to the application.
Looking at the http header logs on the client side, along with the laghttpheaders on the server, it was noted that the broken links stemmed from the user trying to go to an invalid URL. The URL that the user was attempting to go to was using the internal DNS name of the Web server and not the proxy server's published DNS name. ANalysing the log files, one could see the problem URL being passed in an 'Ajax-location' HTTP header, which the LAG rewriter does not rewrite by default. A snippet of the response generated by the back end web server that we are not rewriting is shown below:
> HTTP/1.1 200 OK
> Date: Sun, 30 Oct 2011 17:30:49 GMT
> Expires: -1
> Cache-Control: private, max-age=0
> Content-Type: text/html; charset=UTF-8
> Content-Encoding: gzip
> Server: gws
> Content-Length: 11842
> ajax-location: http://www.originwebserver.com/js/something.jsp
Looking at the http header logs on the client side, along with the laghttpheaders on the server, it was noted that the broken links stemmed from the user trying to go to an invalid URL. The URL that the user was attempting to go to was using the internal DNS name of the Web server and not the proxy server's published DNS name. ANalysing the log files, one could see the problem URL being passed in an 'Ajax-location' HTTP header, which the LAG rewriter does not rewrite by default. A snippet of the response generated by the back end web server that we are not rewriting is shown below:
> HTTP/1.1 200 OK
> Date: Sun, 30 Oct 2011 17:30:49 GMT
> Expires: -1
> Cache-Control: private, max-age=0
> Content-Type: text/html; charset=UTF-8
> Content-Encoding: gzip
> Server: gws
> Content-Length: 11842
> ajax-location: http://www.originwebserver.com/js/something.jsp
Resolution
APply Access Manager 3.1 Support Pack 5. An enhancement was added to rewrite this Ajax-location HTTP header.