404 Error in iManager trying to Edit "Data Entry Field" in Policies because of invalid URI characters

  • 7020723
  • 07-Jun-2017
  • 09-Jun-2017


NetIQ Access Manager 4.3
NetIQ Access Gateway Administration Console
Modify Access Manager policies in iManager
Problem shows up with edit, Copy Condition, Copy Group & Copy Action functionalities.


NAM administrator tries to change an existing Authorization policy within iManager and sees 404 errors reported in iManager. With some additional tests, the same 404 error was thrown not only with an edit operation but also the Copy Condition, Copy Group & Copy Action operations eg. open an existing Authorization Policy that restricts access on an IP address and select URL/IP Condition --> Change the Value to Data Entry Field. Clicking on the "Edit" pencil button and note that it doesn't allow editing and you will see the 404 error.

Looking at the Admin console app_sc logs shows IllegalArgumentException:

java.lang.IllegalArgumentException: Illegal character in query at index 359: /roma/jsp/admin/policy/conditionedit.jsp?typecontainerid=9mtivrrqe2zam4&typepolicyid=AccessGateway&containerid=mastercdn&policycollectionid=xpemlPEP&policyid=PolicyID_xpemlPEP_AGAuthorization_1486358195975&policyname=test&rulenumber=1&set=1&condition=1&ruleid=RuleID_1486358195975&width=1600&datatype=url-path&operator=nxpeOperator_url-path-equals&display=URL Path: URL Path : Equals&oneruleonly=false

This is breaking the RFC (http://www.faqs.org/rfcs/rfc1738.html). When we click on edit, we generate a request to the above URL … if you scan for char 359, you will see it is the space between ‘URL’ and ‘Path’ which is not a valid URI character. We should be encoding these to avoid such an exception.


Apply NAM 4.3 SP2.

The fix encoded the full url and fixed the path used to fetch the xml elements from the policy xml