Environment
NetIQ Access Manager 3.2
Access Gateway Appliance and Service
Identity Injection (II) policy injecting user LDAP attributes into query string
Access Gateway Appliance and Service
Identity Injection (II) policy injecting user LDAP attributes into query string
Situation
NAM 3.2.2 (upgrade from 3.1.4 and LAG) Identity Injection enabled on Protected Resource User authenticates and can SSO to app with LAG; after upgrading to 3.2 AG, the SSO fails because the II injection duplicates the credential info passed on the command line. eg. the following protected resource injects the USerID, AgentNumber and title. When the request is passed to the web server, the web server sends back the credential info in the following form <form name="aspnetForm" method="post" action="EditDocument.aspx?di=2224&UserID=xrs03&AgentNumber=031027400&Title=Principal" id="aspnetForm"> When the browser submits this form, and II picks it up, II injects the same info again into the query string ie. it POSTs to the following URL
POST /EditDocument.aspx?di=2224&UserID=xrs03&AgentNumber=031027400&Title=Principal&UserID=xrs03&AgentNumber=031027400&Title=Principal" "
This causes the SSO process to fail at the back end.
Resolution
Fixed in 3.2.2 IR1.