Howto verify all Appmarks configured are accessable for users logging into the Identity Server Portal page

  • 7016972
  • 10-Nov-2015
  • 02-Dec-2015

Environment

NetIQ Access Manager 4.2
Mobile and Web Access
NetIQ Identity Server Portal page

Situation

Users logging into the Identity Server Portal get a list of Appmarks that they are entitled to view, based on their roles.On occasions, it is possible that a user expecting to see an Appmark, does not. In these cases, it may be hard to identify the reason why from the log files. Typically it is related to not having required roles, but it may also be that the Appmark was not initialised. The role info is visible in the logs, but the appmark info is not ... unless you use the debug options.

Resolution

It is possible to enable more verbose level of logging for the Appmarks. To enable this

- open /opt/novell/nam/idp/conf/tomcat.conf
- add the following line:

JAVA_OPTS="${JAVA_OPTS} -Dauthcards.cache.file=/tmp/authcard-cache.json"

- restart the IDP server

Once done, you will be able to confirm that all Appmarks loaded without any issues and includes the info that matches what was configured in the UI eg.here's the string containing the Appmark details, visible when the IDP server is restarted

<amLogEntry> 2015-11-10T12:03:33Z INFO NIDS Application:
OSPUI (End User Portal)
APPLICATIONS
[ 200 : <?xml version="1.0" encoding="UTF-8" standalone="yes"?><authenticationCards><authCardGroup><descriptions/>
<id>DefaultGroup</id><names/></authCardGroup><authenticationCard><authRequired>false</authRequired><description>De
fault Application from the NAM Appliance</description><displayName>SBAPortalApp</displayName><endPointURL>https://
nam42sba.lab.novell.com:443/portal/users/intro/login.jsp</endPointURL><groupRefId>DefaultGroup</groupRefId><icons>
<displayName>SBAPortalApp</displayName><height>115</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/am
Icons/d0b8292ef6dd7d6c55ec226452ee7fb1.PNG</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>115</wi
dth></icons><id>c19857ff-30b3-42d5-97d6-ee06d17be7a3:desktop~browser</id><roleList>Manager</roleList><userAgentTyp
es>desktop~browser</userAgentTypes></authenticationCard><authenticationCard><authRequired>false</authRequired><des
cription>Guardian Football page</description><displayName>Guardian Football</displayName><endPointURL>http://www.t
heguardian.com/football</endPointURL><groupRefId>DefaultGroup</groupRefId><icons><displayName>Guardian Football</d
isplayName><height>126</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/amIcons/da79181652a4c1b8dcb72c
9040c3919a.png</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>126</width></icons><id>48ee5fd6-93c
d-499b-88f1-2b39c455e56a:desktop~browser</id><userAgentTypes>desktop~browser</userAgentTypes></authenticationCard>
<authenticationCard><authRequired>false</authRequired><description>Soccernet Web Site</description><displayName>So
ccernet</displayName><endPointURL>http://www.soccernet.com</endPointURL><groupRefId>DefaultGroup</groupRefId><icon
s><displayName>Soccernet</displayName><height>128</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/amI
cons/d503fab659824703bce97eafdfafb2a4.png</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>128</wid
th></icons><id>6475711c-c3d6-4b8f-9dfc-4b189c7b8e39:desktop~browser</id><userAgentTypes>desktop~browser</userAgent
Types></authenticationCard><authenticationCard><authRequired>true</authRequired><description>SimpleSAML SP server<
/description><displayName>SimpleSAML</displayName><endPointURL>https://nam42sba.lab.novell.com/nidp/saml2/idpsend?
PID=http%3A%2F%2Fsimplesaml109.lab.novell.com%2F</endPointURL><groupRefId>DefaultGroup</groupRefId><icons><display
Name>SimpleSAML</displayName><height>103</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/amIcons/90d2
9dac2b8f52801de77ab184af8693.png</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>152</width></icon
s><id>671b2db2-b086-4757-9303-3a92c337b569:desktop~browser</id><loginURL>https://nam42sba.lab.novell.com/nidp/saml
2/idpsend?PID=http%3A%2F%2Fsimplesaml109.lab.novell.com%2F</loginURL><roleList>Manager</roleList><userAgentTypes>d
esktop~browser</userAgentTypes></authenticationCard><authenticationCard><authRequired>true</authRequired><displayN
ame>HR database</displayName><endPointURL>http://www.google.ie/</endPointURL><groupRefId>DefaultGroup</groupRefId>
<icons><displayName>HR database</displayName><height>200</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/amIcons/6bd7dec6392c4abd989600e174341cad.png</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>2
00</width></icons><id>7d95be7c-c38c-44e7-acd2-4559f878203b:desktop~browser</id><roleList>Manager</roleList><userAg
entTypes>desktop~browser</userAgentTypes></authenticationCard><authenticationCard><authRequired>true</authRequired
><description>PHPInfo appmark</description><displayName>PHPInfo</displayName><endPointURL>https://nam42sba.lab.nov
ell.com:443/formfill/phpinfo.php</endPointURL><groupRefId>DefaultGroup</groupRefId><icons><displayName>PHPInfo</di
splayName><height>171</height><iconUrl>https://nam42sba.lab.novell.com/nidp/images/amIcons/7ba1b2238edbf34095f963d
a977d0296.png</iconUrl><locale>*</locale><mimeType>image/png</mimeType><width>200</width></icons><id>032bf9cc-b461
-4a72-b402-782d688aca3e:desktop~browser</id><userAgentTypes>desktop~browser</userAgentTypes></authenticationCard><
version>1</version></authenticationCards> ] </amLogEntry>


<amLogEntry> 2015-11-10T12:03:33Z INFO NIDS Application:
OSPUI (End User Portal)
APPLICATIONS
found 6 cards </amLogEntry>

<amLogEntry> 2015-11-10T12:03:33Z INFO NIDS Application:
OSPUI (End User Portal)
APPLICATIONS
OSPResult
   m_applications            = [Tile [
   m_id               = 48ee5fd6-93cd-499b-88f1-2b39c455e56a:desktop~browser
   m_name             = Guardian Football
   m_description      = Guardian Football page
   m_loginURL         = http://www.theguardian.com/football
   m_imageURL         = https://nam42sba.lab.novell.com/nidp/images/amIcons/da79181652a4c1b8dcb72c9040c3919a.png
   m_status           =
   m_requiresBasicSSO = false
   m_requiresSAML2    = false
   m_isFavorite       = false


One can also see the user details at Portal login time to confirm what roles the user has eg.


<amLogEntry> 2015-11-10T17:29:50Z INFO NIDS Application:
OSPUI (End User Portal)
ATTRIBUTES
[ 200 : <?xml version="1.0" encoding="UTF-8" standalone="yes"?><UserClaimList xmlns="urn:novell:schema:am:mobileservice"><Claim><name>id</name><value>ncashell</value></Claim><Claim><name>roles</name><value>NAM_OAUTH2_DEVELOPER</value><value>Manager</value><value>authenticated</value></Claim><Claim><name>givenName</name><value>Neil</value></Claim><Claim><name>sn</name><value>Cashell</value></Claim></UserClaimList> ] </amLogEntry>

<amLogEntry> 2015-11-10T17:29:50Z INFO NIDS Application:
OSPUI (End User Portal)
SESSION_DATA
UserInfo
   m_fullName             = ********
   m_givenName            = ********
   m_surName              = ********
   m_id                   = ********
   m_favoritesKey         = ********
   m_tileStyleKey         = ******** </amLogEntry>


Feedback service temporarily unavailable. For content questions or problems, please contact Support.