Intermittent blank page when accessing protected site via NAM, using IE

  • 7012785
  • 03-Jul-2013
  • 04-Jul-2013

Environment

NetIQ Access Manager 3.2
A combined Admin Console and IDP behind a SLES 11 server running the Access Gateway Service

Situation

A new install of Access Manager. Intermittently, clients using Internet Explorer would be presented with a blank page after logging in. A browser refresh would present the correct page. This problem did not seem to occur to browsers other than Internet Explorer. IE 8, 9 and 10 all experienced the problem.

Resolution

The F5 BigIP was mis-configured. As the following options were selected in error, the correct configuration of these items (that is, unchecking them) resolved the issue:

No session resumption on renegotiation

When the BIG-IP system performs renegotiation as an SSL server, this option always starts a new session (that is, session resumption requests are only accepted in the initial handshake). The system ignores this option for server-side SSL processing.

Dont insert empty fragments

This option disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. These ciphers cannot be handled by certain broken SSL implementations. This option has no effect for connections using other ciphers. This is the default value for the Enabled Options list.