Novell Home

Personalizing Novell Access Manager Using Custom Headers and LDAP

Novell Cool Solutions: Feature
By Michael Faris

Digg This - Slashdot This

Posted: 26 Sep 2007
 

Introduction

When you log in to the user interface for Novell Access Manager, not only can you pull your LDAP credentials from eDirectory, but you can get most of the "editable" data about yourself as well.

Here is a way to configure both Novell Access Manager and your home page to display a personalized web site for your users.

We'll use the Digital Airlines example that comes with Novell Access Manager 3 for ease of use and to show what you can do with your information stored in eDirectory.

Prerequisites

  • Novell Access Manager 3 - Installed and configured
  • PHP Mod for Apache installed on Web Host Server

Procedure

Adding LDAP Attributes

First, we'll add the additional LDAP attributes to the Identity Server.

1. Log in to the Administration Console and select Identity Servers.

2. Click the Shared Settings tab.

Figure 1 - Shared settings for Identity Servers

In this example we're going to use the LDAP attributes:

  • givenName (First Name)
  • sn (Surname)
  • jpegPhoto

Givenname is missing from the default list in NAM, so we'll have to add it.

3. Click New.

4. Enter the name "givenname" and click OK.

Figure 2 - Setting the givenName

5. Click Apply, then click OK.

Creating a New Policy

Now let's add a new policy to send this data to the browser.

1. Click Policies. These are the existing policies you have created.

Figure 3 - List of created Policies

2. Click New.

Figure 4 - Creating a new Policy

3. Call this policy Identity and select Identity Injection for the Type.

4. Click OK.

On this screen, define the policy as follows:

Figure 5 - Defining the Policy

5. Enter a description for this Rule, if you want.

6. Click New and add the first Action:

Inject into Custom Header
Name the variable that will be passed to the browser: X-FName
Value: LDAP Attribute givenname

7. Click New for the next Action.

Inject into Custom Header
Name the variable that will be passed to the browser: X-LName
Value: LDAP Attribute sn

8. Click New for the next Action.

Inject into Custom Header
Name the variable that will be passed to the browser: X-Photo
Value: LDAP Attribute jpegPhoto

Note: Double-check your spelling of names before you click OK. Misspelled names will cause much heartache when you try to troubleshoot why the fields are blank on your home page later.

Assigning this Policy to the Reverse Proxy

1. Select Access Gateways > Edit.

2. Choose the Reverse Proxy that you wish to use.

3. Select the first Proxy Service in the list and click the Protected Resources tab.

4. Select the Protected Resource that will have this policy assigned.

Figure 6 - Enabling the Identity Injection policy

5. Place a check in the box and click Enable.

6. Click OK and Update your Access Gateway.

Modifying your Web Page

1. Open /srv/www/htdocs/index.php in your favorite editor.

2. Scroll down to the following section:

$headers = apache_request_headers();
foreach($headers as $header => $value)
{
	$found = false;
	if($header == "X-Name")
    {
		$found = true;
		echo "Welcome: $value";
    }
}

3. Remove everything shown above after "$found = false;" and insert the following code:

if($header == "X-FName")
    {
		$found = true;
		$firstname = $value;
    }
if($header == "X-LName")
    {
		$found = true;
		$lastname = $value;
    }

if($header == "X-Photo")
    {
		$found = true;
		$myphoto = $value;
    }
}  
echo "<img src=\"".$myphoto."\" name=\"Image19\" width=\"75\" height=\"75\" border=\"0\">";
echo "<b>Welcome $firstname $lastname!</b>";
?>

4. Save the file and exit.

5. Remember to log back in to the Administration Console and purge the cache on the Access Gateway.

Testing and Notes

Log in into the Access Gateway as normal.

Figure 7 - Access Manager login

Then you'll see your Default page. What a gorgeous mug!

Figure 8 - Customized default page

A couple of notes ...

First - if you don't any other data populated in your user objects other than the minimum, sn, then only your last name will be displayed.

Second - if you decide to display photos, limit the size to like, 75px X 75px. Otherwise, you'll lose some performance while the server sends you large jpegs.

Finally - to fix a broken graphic, put a statement testing whether X-Photo is empty and display a default image instead.

Conclusion

Using your imagination and LDAP, you can really make your users feel important when they log in. Just hope they remember at your next review!


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell