Cannot login to remote secure Web server after upgrading from LAG to MAG

  • 7013264
  • 12-Sep-2013
  • 18-Sep-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access Gateway

Situation

Access Manager 3.1 setup and working; after upgrading to 3.2.2, all apps continued to work without problems with the exception of one secure back end Web server accelerated by the 3.2 Access Gateway.

When trying to accelerate the following web site - https://www.gp-sol.com/+CSCOE+/logon.html - user would successfully get the login page for the server. WHen the user credentials were submitted however, the users would simply sit there waiting for a response. Only after the data read timeout expired (120 secs) would the users see a 504 gateway timeout error.

COmparing the 3.1 and 3.2 POST parameters to the login form, we would see the exact same info being sent.


Resolution

Fixed with 3.2.2 IR1.

The SSL communication generated by the Access Gateway included the POST data across multiple SSL packets. This is because Apache flushes the HTTP headers line per line. The new code now includes all HTTP headers across fewer SSL packets.