Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access Gateway Service and Appliance
NetIQ Access Manager 3.2 Support Pack 1 applied
NetIQ Access Manager 3.2 Access Gateway Service and Appliance
NetIQ Access Manager 3.2 Support Pack 1 applied
Situation
After applying 3.2.1, administrator noticed restart alerts coming from the Access Gateway (AG) server. Looking at the error_log file on the AG, one could see that there was a segmentation fault reported each time the alert was generated. By enabling the Apache loglevel to info as per the AG troubleshooting documentation, the segmentation fault always coincided with a 302 response from the Web server being protected.
Looking at the 302s in more details, we could see that the crashes would always appear when a 302 was received where the 'Location' HTTP header did not include a trailish slash after the hostname. For example, a 302 redirect with a location header of https://internal.novell.com/ would not cause any problems, but a 302 redirect with a location header of https://internal.novell.com would cause the AG to crash.
Looking at the 302s in more details, we could see that the crashes would always appear when a 302 was received where the 'Location' HTTP header did not include a trailish slash after the hostname. For example, a 302 redirect with a location header of https://internal.novell.com/ would not cause any problems, but a 302 redirect with a location header of https://internal.novell.com would cause the AG to crash.
Resolution
Fixed in 3.2 Support Pack 2.
A workaround is to change the Web server redirects to include the trailing / character sent with the 302 redirect.
A workaround is to change the Web server redirects to include the trailing / character sent with the 302 redirect.