Cannot render Identity Server login page from Blackberry or mobile device

  • 7005225
  • 26-Jan-2010
  • 26-Apr-2012

Environment


Novell Access Manager 3 Linux Novell Identity Server
Novell Access Manager 3.0 Support Pack 4 applied

Situation

Multiple mobile web application are protected by Novell Access Manager with authentication required for these resources. There are some problems with BlackBerry browser to follow the redirect to the service and identity provider. Instead of getting a login page for the user to enter credentials, users get blank pages on the built in Blackberry browsers.

It would appear from the debug catalina.out file that the Identity server is trying to renfer WML pages, which are not available on the Identity server. This is based on the Accept HTTP header identifying that it can talk WML

User-Agent: BlackBerry8330m/4.5.0.175 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104
Accept: application/vnd.rim.html,text/html,application/xhtml+xml,application/vnd.wap.xhtml+xml,application/vnd.wap.wmlc;q=0.9,application/vnd.wap.wmlscriptc;q=0.7,text/vnd.wap.wml;q=0.7,text/vnd.sun.j2me.app-descriptor,image/vnd.rim.png,image/jpeg,application/x-vnd.rim.pme.b,application/vnd.rim.ucs,image/gif;anim=1,application/vnd.rim.jscriptc;v=0-8-8,application/x-javascript,application/vnd.rim.css;v=1,text/css;media=screen,*/*;q=0.5

Resolution

Access Manager 3.1 Support Pack 1 fixes this, but there is no corresponding fix for 3.0. In the 3.0 environment, administrators can add the following string to the /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/classes/nidpdevices.properties to work around the issue (restart tomcat after applying change). This maps the User-Agent header containing the BlackBerry string to the JSP login pages, rather than the default WML pages that do not exist.

Device.UserAgent.10.id=*BlackBerry*
Device.UserAgent.10.interface=jsp