Environment
Novell Access Manager 3 Linux Novell Identity Server
Novell Access Manager 3.0 Support Pack 4 applied
Situation
Multiple mobile web application are protected by Novell Access Manager with
authentication required for these resources. There are some problems with BlackBerry browser to
follow the redirect to the service and identity provider. Instead of getting a login page for the user to enter credentials, users get blank pages on
the built in Blackberry browsers.
It would appear from the debug catalina.out file that the Identity server is trying to renfer WML pages, which are not available on the Identity server. This is based on the Accept HTTP header identifying that it can talk WML
User-Agent: BlackBerry8330m/4.5.0.175 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104
Accept: application/vnd.rim.html,text/html,application/xhtml+xml,application/vnd.wap.xhtml+xml,application/vnd.wap.wmlc;q=0.9,application/vnd.wap.wmlscriptc;q=0.7,text/vnd.wap.wml;q=0.7,text/vnd.sun.j2me.app-descriptor,image/vnd.rim.png,image/jpeg,application/x-vnd.rim.pme.b,application/vnd.rim.ucs,image/gif;anim=1,application/vnd.rim.jscriptc;v=0-8-8,application/x-javascript,application/vnd.rim.css;v=1,text/css;media=screen,*/*;q=0.5
It would appear from the debug catalina.out file that the Identity server is trying to renfer WML pages, which are not available on the Identity server. This is based on the Accept HTTP header identifying that it can talk WML
User-Agent: BlackBerry8330m/4.5.0.175 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104
Accept: application/vnd.rim.html,text/html,application/xhtml+xml,application/vnd.wap.xhtml+xml,application/vnd.wap.wmlc;q=0.9,application/vnd.wap.wmlscriptc;q=0.7,text/vnd.wap.wml;q=0.7,text/vnd.sun.j2me.app-descriptor,image/vnd.rim.png,image/jpeg,application/x-vnd.rim.pme.b,application/vnd.rim.ucs,image/gif;anim=1,application/vnd.rim.jscriptc;v=0-8-8,application/x-javascript,application/vnd.rim.css;v=1,text/css;media=screen,*/*;q=0.5
Resolution
Access Manager 3.1 Support Pack 1 fixes this, but there is no corresponding fix for 3.0. In the 3.0 environment, administrators can add the following string to the /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/classes/nidpdevices.properties to work around the issue (restart tomcat after applying change). This maps the User-Agent header containing the BlackBerry string to the JSP login pages, rather than the default WML pages that do not exist.
Device.UserAgent.10.id=*BlackBerry*
Device.UserAgent.10.interface=jsp
Device.UserAgent.10.id=*BlackBerry*
Device.UserAgent.10.interface=jsp