Article

(View Disclaimer)

This has been tested with the following versions:

• NetWare OES2 (NetWare 6.5 SP7)
• Access Manager 3 SP3

This is for HTTP/HTTPS connectivity to NetStorage only. I understand there are also issues around WEBDAV and clients running NCL and/or ZEN.

My environment consists of:

• The OES2 server (oesnw65.i.scorpiogeek.net.nz)
• The Linux Access Gateway (lag.i.scorpiogeek.net.nz)
• The Identity Server (idp.i.scorpiogeek.net.nz)
• An Accelerated domain name of am3.i.scorpiogeek.net.nz
• The IDP protected behind the Access Gateway

So you should alter to your environment.

Firstly NetStorage needs to be modified through the iManager plugin "File Access (NetStorage)"

Click to view.

The main setting here is having Cookieless set to 1. You can also configure your Session Timeout at this point to reflect what you will configure in Access Manager. It is best to reboot the server to make sure the change has been applied.

Now we need to modify the NetStorage logout link to log the user out of Access Manager as well. Edit the SYS:\tomcat\4\webapps\NetStorage\logout.html.utf8 file. Comment out the 2 lines, enable the 3 lines, and modify the URL:

Click to view.

Now we need to set up Access Manager to accelerate the portal. We need to set up 3 Policies:

• Inject the Basic Authentication Header
  
  

  Click to view.

• Inject the Session Cookie
  
  

  Click to view.

• Inject the ICHAIN_UID header (not sure about this one, but did it anyway - you can try without and see if it works)
  
  

  Click to view.

Lets set up the accelerator for NetStorage now:

• Create a new Path Based accelerator. This will have 2 paths as shown below:
  

  Click to view.

• Under HTTP Options we need to enable Enable X-Forwarded-For:
  
  

  Click to view.

• Under the Web Servers tab, we need to forward the web server name as the Host Header, Enable Forwarding of Encoding Header, and Connect Using SSL:
  
  

  Click to view.

• On the parent accelerator, create a new protect resource with 2 URL Paths and assigning your contract:
  
  

  Click to view.

• Assign your appropriate authentication policy:
  
  

  Click to view.

• Assign the 3 Identity Injections created earlier:
  
  

  Click to view.

We now need a public resource for the logout page:

Click to view.

One last task is to avoid caching issues:

• Create a PIN Bypass for /oneNet/*:
  

  Click to view.

Apply the changes and Update all servers. NetStorage can now be accessed via https://am3.i.scorpiogeek.net.nz/NetStorage

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.