Customised logout pages not getting passed in parameters on NAM 4.0

  • 7016285
  • 10-Mar-2015
  • 21-Jul-2015

Environment

NetIQ Access Manager 4.0
NetIQ Access Manager 4.0
NetIQ Access Manager Identity Server

Situation

Customised logout page on IDP server to redirect to certain URLs based on parameters passed into logoutSuccess.jsp. What we see is that we never seem to pass the parameter values into the JSP page - they are seen as null. With the various conditional statements, we fall back to the last default entry in the logout page.

As an example, we created a LogoutSuccess.jsp page on IDP server where we have the following logoutSUccess customisation

 out.println ("************************ Neil LogoutSuccess *********************") ;

        if(request.getParameter("parameter")!=null)
            {
             sLogOffString = request.getParameter("parameter");
             out.println ("************************ LogoutParameter : "+sLogOffString);
             System.out.println ("************************ LogoutParameter : "+sLogOffStr
ing);
             if(sLogOffString!=null && sLogOffString.equalsIgnoreCase("Neil")){
                if(request.getParameter("SSOToken")!=null){
                        sSSOToken = request.getParameter("SSOToken");
                }
              }
            }

        if(request.getParameter("impDomain")!=null)
            {
             sImpDomain = request.getParameter("impDomain");
             out.println ("************************ mpDomain : "+sImpDomain);
             if(sImpDomain.equals("SoNC")){
                   response.sendRedirect("http://147.2.16.154/formfill.php");
             }else if(sImpDomain.equals("Novell")){
                   response.sendRedirect("http://147.2.16.154/formfill2.php");
             }else{
                   response.sendRedirect("https://www.novell.com/");
             }
            }

If I then login and then logout, passing in certain parameters by hit the /nidp/app/logout?parameter=Neil&impDomain=Novell URL, the following logic is sent back to the browser:

 <script language="javascript"> if('null'=='NLG')
{
top.location.href='https://www.novell.com/PublicSite/Views/Home.aspx';
 }
else if('null'=='Neil')
{
top.location.href='https://www.netiq.com/Public/Views/Login.aspx';
 }
else
{
top.location.href='https://www.novell.com/Public/Views/Login.aspx?err=E0008&target=https://www.netiq.com/Secure/AdminInterim.aspx'; } </script>

We can see that the null is displayed rather than the parameter value.

Resolution

Fixed in 4.0 and 4.1, but need to retrieve the input parameter with a different approach - we need to check for incoming parameter via 'request.getParameter("$param_name");' and 'uh.getLogoutQueryStringParam("$param_name");'

Here's an example to get the impDomain parameter to work - we need to add the following to the last line of the logoutSuccess.jsp page:

<%out.println("UIHandler-param: " + uh.getLogoutQueryStringParam("impDomain"));%>

where test is the name of the parameter being passed in (will change in every environment).

Additional Information

Here's the same code I run on 4.0.2 and 4.1.1 code bases without issues ...
 
<%@ page language="java" %>
<%@ page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<%@ page import="java.util.*" %>
<%@ page import="com.novell.nidp.*" %>
<%@ page import="com.novell.nidp.authentication.local.X509Class" %>
<%@ page import="com.novell.nidp.resource.*" %>
<%@ page import="com.novell.nidp.resource.jsp.*" %>
<%@ page import="com.novell.nidp.ui.*" %>
 
<%
 
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0); // Proxies.
 
        Cookie cookie = new Cookie("JSESSIONID", null);
        cookie.setPath(request.getContextPath());
        cookie.setMaxAge(0);
        response.addCookie(cookie);
        com.novell.nidp.authentication.local.PersistenceAuthClass.clearCookie(request,response);
        response.setHeader("Connection", "close");
        Cookie c = new Cookie(X509Class.X509_LOGOUT_COOKIE, X509Class.X509_LOGOUT_COOKIE_VALUE);
        c.setPath(request.getContextPath());
        response.addCookie(c);
        UIHandler uh = new UIHandler(request,response);
        ArrayList logoutStrings = null;
        ArrayList logos = null;
 
    String sImpDomain = null;
    out.println ("************************ Neil LogoutSuccess *********************");
 
    if(request.getParameter("impDomain")!=null){
            sImpDomain = request.getParameter("impDomain");
            out.println ("************************ LogoutParameter : "+sImpDomain);
            if(sImpDomain.equals("Novell")){
                    response.sendRedirect("https://www.novell.com");
            }else if(sImpDomain.equals("NetIQ")){
                    response.sendRedirect("https://www.netiq.com");
            }else if(sImpDomain.equals("SuSE")) {
                    response.sendRedirect("http://www.suse.de");
            }
    }
    if(uh.getLogoutQueryStringParam("impDomain")!=null){
           sImpDomain = uh.getLogoutQueryStringParam("impDomain");
           if(sImpDomain.equals("Novell")){
                    response.sendRedirect("https://www.novell.com");
            }else if(sImpDomain.equals("NetIQ")){
                    response.sendRedirect("https://www.netiq.com");
            }else if(sImpDomain.equals("SuSE")) {
                    response.sendRedirect("http://www.suse.de");
            }
    }
 
            out.println ("************************ LogoutParameter : impDomain is NULL ");
 

    if (uh.isJSPMsg())
    {
        NIDPLogoutMessage msg =
            (NIDPLogoutMessage)uh.getMessage(true);
 
        if (msg.isConfirmLogouts())
            {
                logoutStrings = ((NIDPLogoutMessage)msg).getStrings();
                logos = ((NIDPLogoutMessage)msg).getLogos();
        }
    }
 
%>
<!DOCTYPE HTML PUBLIC "-//W3C//Dtd HTML 4.0 transitional//<%=uh.getLanguageCode()%>">
<html lang="<%=uh.getLanguageCode()%>">
    <head>
        <link href="<%= uh.getImage("hf_style.css",false)%>" rel="stylesheet">
            <style type="text/css" media="screen"><!--
                body  { background-color: <%=uh.getBGColor()%> }
          --></style>
    </head>
    <body marginwidth="0" marginheight="0" leftmargin="10" topmargin="0">
        <div class="head3b"><%=uh.getResource(JSPResDesc.LOGOUT)%></div>
            <table border=0>
                <tr>
                    <td><%=uh.getResource(JSPResDesc.LOGOUT_SUCCESS_MSG)%></td>
                </tr>
<%
        if (logos != null && logos.size() > 0)
    {
%>
                <tr>
                            <td>
                    <table cellSpacing=7 cellPadding=0 align=left border=0>
                        <tr>
                            <td width=15><img height=1 src="<%=uh.getImage("spacer.gif",false)%>" width=15 border=0 alt=""></td>
                            <td colspan="2"><b><%=uh.getResource(JSPResDesc.LOGOUT_SITES)%></b></td>
                        </tr>
                <%
                for (int i = 0; i < logos.size(); i++)
                {
        %>
                        <tr>
                            <td width="15"><img height=1 src="<%=uh.getImage("spacer.gif",false)%>" width=15 border=0 alt=""></td>
                                        <td class=leadCopy><%= (String)logos.get(i) %></td>
                                        <%
                                                String s = (String)logoutStrings.get(i);
                                                if((s != null) && (s.indexOf("?") != -1))
                                                {
                                        %>
                                                <td><iframe id="remoteContent" src="<%= s %>"  WIDTH=0 HEIGHT=0 frameborder=0></iframe> </td>
                                        <%
                                                }
                                                else
                                                {
                                        %>
                                                <td><img alt="<%=uh.getResource(JSPResDesc.LOGOUT)%>" src="<%= s %>"/></td>
                                        <%
                                                }
                                        %>
                                </tr>
        <%
                }
        %>
 
                    </table>
                                </td>
                </tr>
<%    } %>
                </table>
    </body>
</html>
<%out.println("UIHandler-param: " + uh.getLogoutQueryStringParam("impDomain"));%>
<%request.getSession().invalidate();%>
 
Once this is in place, I simply pass in the following to kick start it ... https://nam41sba.lab.novell.com/nidp/app/logout?impDomain=NetIQ