Sharepoint 2010 Single Sign on fails with Form Fill after upgrading from NAM 3.1 SP4 to 4.0

  • 7015739
  • 03-Oct-2014
  • 06-Oct-2014

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
Sharepoint 2010
NetIQ Access Gateway

Situation

Formfill enabled to perform single sign on to back end Sharepoint 2010 web server. After upgrading from 3.1.4 to 4.0, users can no longer SSO to the Sharepoint 2010 server using the Access Gateway. The only clue to an Access Gateway error occurs where the error_log claims that it 'cannot find the <form> tag' when processing the page.

Resolution

Modify the default rewriter config to search for '<script and replace with '<scr' + 'ipt'

The Sharepoint login form has the following info that is causing our FF library to fail

<script type="text/javascript"> // <![CDATA[ document.write('<script type="text/javascript" src="/_layouts/1033/init.js?rev=lEi61hsCxcBAfvfQNZA%2FsQ%3D%3D"></' + 'script>'); document.write('<script type="text/javascript" src="/ScriptResource.axd?d=I7hGhlkMs-nA9FOBZpWE4ZrSMY2MhQTqwZAAYRv2KPFqC90_v1tIZ-pPHtXrpZXgh9ApIMExC61u8HjOJlp4NZMWzAG7CYZho6Kyd9Ptko2VvzRNWC-1iA91O-ymdjd_6-X6qUcj1blf6Z4A9Li3W91IbMc1&amp;t=ffffffff8dc250fc"></' + 'script>'); document.write('<script type="text/javascript" src="/_layouts/blank.js?rev=QGOYAJlouiWgFRlhHVlMKA%3D%3D"></' + 'script>'); document.write('<script type="text/javascript" src="/ScriptResource.axd?d=d4AczLycIT_KSuvGioSnWnnIk-ricT4l-82CLjrR-ob_sLDD6RlgfLquTNAIcDzrqEtEt6iM10k6gMclizWklnI7En0QNcakLVYe_MvkqboPw8TaDZPfFrWZ4ln4t1_Ls-6vxXwz_wdeILTh3nyKl9o8E0VNB5-it_MZu40ctQN0I5j-0&amp;t=ffffffff8dc250fc"></' + 'script>'); // ]]>
</script>

When this happens, the error_log claims that it cannot find the <form> tag. The reason is that we search for the script tags, find the one that opens above but never find the matching close ... because it is </' +'script>. CHanging the above to terminate the script correctly will make it work fine.

The document.write command should be executed at the server side and not sent down to the browser.