Enabling Single Sign On to SLOX server with iChain
Novell Cool Solutions: Tip
Digg This -
Posted: 6 Aug 2004
Novell Technical Support: TID10093897
We've heard from some hapless SLOX users who find themselves unable to use iChain's single sign-on and can't figure out why. Well, in a nutshell: it's not your fault. Turns out there's a missing end tag on the default login page of the SLOX server. You just need to modify the SLOX server login page to end the <form> tag correctly, and all will be well.
Here's the scoop. The default login page on the SLOX server (login.pm in /srv/www/lib/func) uses perl to build the login page. The opening <form> tag exists but is never ended. The end result is that iChain never passes the credentials in the formfill response to the browser where it asks the browser to POST the credentials.
IMPORTANT: After modifying the perl-based login page (see this sample modified login page), the Apache server must be restarted in order to regenerate the perl script. This can be done on the SLOX server by simply typing 'rcapache restart' at the command line when logged in as root, or with a user with sufficient rights to execute this command.
The corresponding formfill page that allows the single sign on to SLOX is as follows:
<urlPolicy> <name>SLOX</name> <url>www.entrust.com/suse/login.pl*</url> <formCriteria> <title>Login</title> </formCriteria> <cgiCriteria> doit=login lang=EN </cgiCriteria> <actions> <fill> <input name="uid" VALUE="~"> <input name="passwd" VALUE="~"> <input name="lang" value="EN"> </fill> <post/> </actions>
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com