Identity Injection keeps appending the same injected query line parameters with every new request coming in from the browser

  • 7013274
  • 12-Sep-2013
  • 18-Sep-2013


NetIQ Access Manager 3.2
Access Gateway Appliance and Service
Identity Injection (II) policy injecting user LDAP attributes into query string


NAM 3.2.2 (upgrade from 3.1.4 and LAG)
Identity Injection enabled on Protected Resource
User authenticates and can SSO to app with LAG; after upgrading to 3.2 AG, the SSO
fails because the II injection duplicates the credential info passed on the
command line.

eg. the following protected resource injects the USerID, AgentNumber and title.
When the request is passed to the web server, the web server sends back the
credential info in the following form

<form name="aspnetForm" method="post"

When the browser submits this form, and II picks it up, II injects the same
info again into the query string ie. it POSTs to the following URL

POST /EditDocument.aspx?di=2224&amp;UserID=xrs03&amp;AgentNumber=031027400&amp;Title=Principal&amp;UserID=xrs03&amp;AgentNumber=031027400&amp;Title=Principal" "

This causes the SSO process to fail at the back end.


Fixed in 3.2.2 IR1.