Javascript based application fails when being accelerated through NAM Access Gateway with rewriter enabled

  • 7014115
  • 14-Nov-2013
  • 14-Nov-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 SUpport Pack 2 applied

Situation

Access Manager setup and working fine - users can access Web enabled protected resources behind the Access Gateway (AG) after having authenticated to the Identity (IDP) server. Administrator roles out a new application accelerated by the AG but as soon as users start accessing the application, the full application page is not rendered correctly on the browser ie. only parts of the pages are displayed instead of the complete page. When going direct to the back end application, everything works fine.

Viewing the Application HTML source shows no rewriting errors ie. there are no references to http (back end scheme), TCP port 80 (back end TCP port) or the DNS name of the back end Web server.

As a test, we change the AG proxy settings so that we use the same DNS name as the back end Web server, the same TCP port and scheme - as soon as we do this everything starts working. This confirms an issue with rewriter.

Resolution

Make sure that the published DNS name has the same number of characters as the internal Web server DNS name eg. if the internal web server DNS name was internal.lab.novell.com (23 chars), the published DNS name of the proxy must also have an entry with 23 characters eg. www-external.novell.com.

Cause

The HTTP response from the Web server included parameters being passed into the javascript code. One such parameter was the length of the URL coming back. Since this was being calculated on the Web server side, the AG would not recalculate the length after rewriting the various fields, and the javascript code executed on the client would fail in response.

Here's an example of one such response:

POST /PBKExternal/CaseInfoSearch/ HTTP/1.1
Host: 204.147.156.61
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101
Firefox/20.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: http://204.147.156.61/PBKExternal/CaseInfoSearch/
Cookie: ASP.NET_SessionId=dlwfty0nqjaxg1bwjgnee004;
CaseInfoSearchUsername=JAMIEA;
.ASPXAUTH=AA31695BE63564B57C28260CA6CF4D9A81911D2330DAB83DB35046EB917B5B66F51B44DEE21F4DC2538394609D934E0FE50B3EF6F9F867FA92454C72ACF6013105358236296A8F587B91760046589BD56A43F402CB01765D1919C035FF4E17539B982DC203E81B1DAE22FC6774946F923A35D47019BE4C7CC4F31546721A5176
Pragma: no-cache
X-RBT-Optimized-By: BLR-SH (RiOS 6.5.6a) SC
Via: 1.1 pbk.lab.novell.com (Access Gateway-ag-DA8176A12282E1D0-301)
X-Forwarded-For: 164.99.137.183
X-Forwarded-Host: 204.147.156.61
X-Forwarded-Server: pbk.lab.novell.com
Connection: Keep-Alive
Content-Length: 1105

ctl00%24scrptMain=ctl00%24ContentPlaceHolder1%24updtChild%7Cctl00%24ContentPlaceHolder1%24btnSearch&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTExMzI4NjkxMTcPZBYCZg9kFgICAQ9kFgICAw9kFgJmD2QWAmYPZBYCAgEPZBYCAhUPD2QWAh4Gb25ibHVyBb8BamF2YXNjcmlwdDpyZXR1cm4gSXNFeGlzdCgidGJsQ3RQb2xpY2VEZXBhcnRtZW50cyIsIlBkTnVtYmVyIix0aGlzLHRydWUsIkludmFsaWQgUEQgTnVtYmVyIiwiSVNOVUxMKFN0YXR1cywnTicpIiwiTiIsdHJ1ZSwiQ29kZSBJcyBJbmFjdGl2ZSIsJ2N0bDAwX0NvbnRlbnRQbGFjZUhvbGRlcjFfbGJsTEVBZ2VuY3knLCdQZE5hbWUnKTtkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBSFjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJGltZ0Zyb20FH2N0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkaW1nVG%2Fp63PBZKI4NTcTzb9mkTE9Yg0CcE6zLELfEdff3kjpRg%3D%3D&ctl00%24ContentPlaceHolder1%24txtLastName=&ctl00%24ContentPlaceHolder1%24txtFirstName=jamiea&ctl00%24ContentPlaceHolder1%24txtMiddleName=&ctl00%24ContentPlaceHolder1%24txtFrom=&ctl00%24ContentPlaceHolder1%24txtTo=&ctl00%24ContentPlaceHolder1%24txtCourtCaseNum=&ctl00%24ContentPlaceHolder1%24txtLEAgency=&ctl00%24ContentPlaceHolder1%24txtLEReportNumber=&__ASYNCPOST=true&ctl00%24ContentPlaceHolder1%24btnSearch=Search

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 22245
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie:
.ASPXAUTH=3B1BB39383CAFA0CC654ECDD22ADB5C7437FB70A4236C891EF00877DDB28A4457C262CD55D36FCA56880FB745BF7178CEBDE550A307C5C484990E64BAD61D8873F11DC613B2DCE6BC00BA14F741A0725469BACC87F18B9C964BCC5F33637BA1E6B32E9E92299128DE26EA84B5F310B7E3AFA5BFBFC901374F52B2C30D06BEFE9;
path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 07 Nov 2013 06:57:18 GMT

1|#||4|197|pageRedirect||http%3a%2f%2f204.147.156.61%2fPBKExternal%2fCaseInfoSearch%2fCore%2fPartySearchResult.aspx%3ffname%3djamiea%26mname%3d%26lname%3d%26leagency%3d%26oca%3d%26OffenceFrom%3d%26OffenceTo%3d%26courtNo%3d|1|#||4|18068|updatePanel|ctl00_ContentPlaceHolder1_updtChild|
            <div id="ctl00_ContentPlaceHolder1_pnlSearch" style="width: 750px">
.
:

</div>

       
|536|hiddenField|__VIEWSTATE|/wEPDwULLTExMzI4NjkxMTcPZBYCZg9kFgICAQ9kFgICAw9kFgJmD2QWAmYPZBYCAgEPZBYCAhUPD2QWAh4Gb25ibHVyBb8BamF2YXNjcmlwdDpyZXR1cm4gSXNFeGlzdCgidGJsQ3RQb2xpY2VEZXBhcnRtZW50cyIsIlBkTnVtYmVyIix0aGlzLHRydWUsIkludmFsaWQgUEQgTnVtYmVyIiwiSVNOVUxMKFN0YXR1cywnTicpIiwiTiIsdHJ1ZSwiQ29kZSBJcyBJbmFjdGl2ZSIsJ2N0bDAwX0NvbnRlbnRQbGFjZUhvbGRlcjFfbGJsTEVBZ2VuY3knLCdQZE5hbWUnKTtkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBSFjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJGltZ0Zyb20FH2N0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkaW1nVG/p63PBZKI4NTcTzb9mkTE9Yg0CcE6zLELfEdff3kjpRg==|0|asyncPostBackControlIDs|||0|postBackControlIDs|||37|updatePanelIDs||tctl00$ContentPlaceHolder1$updtChild,|0|childUpdatePanelIDs|||36|panelsToRefreshIDs||ctl00$ContentPlaceHolder1$updtChild,|2|asyncPostBackTimeout||90|0|formAction|||23|pageTitle||Case
Information
Search|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=FjO7SwWPx8V4Py0pw4_9s91fbL6Sgdn-Y3aFg7VDIwVpO-X3RIkGb1rDbFpDa9DcxMjJBBz6_y5LYq8oCIfs-DXQHI2pwB7jwArKcwdHswLGx6Tn4WWWVlumYdTxh4YexGBEcBJ3ZANegF0-aaMNyCxVuVfQ3KNcy5haWi1D5301&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=aiGILEWGO_DzAJUCt6WYTyXBPU-wktBU6qJu4ZGCbwma06ywROn2iVNpsCarvF4CHhX70jCp2xpiMPC1jupJII-O29cX2Xg-MW_XR4_QmY35qXNFw7rh_ScZrcx5twPp6pq8YldTaxARad2p0KoLyXRXhFgPQwWrUQLsB-D2FP41&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=d2kozlJEcDSsb1hgSXmVxX_0BNmHdz2MdERyJKP1_eTBoxKrBovYY4BugVtibWXzdNUGAjKfIDYX50QMNHfvzSXvuOn3yE99JC17el5xt0i67fJEmQj_qM2kU52MAEq8UKGoULVNwkljsuk7MgQUueMsI7JTq0cWyutKkY8AsdA1&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=DIJSgqVFyuce9pd7mpj8yAJicXlilnrnDbzCVtPE4QvSQwY2M6P9FCalhLpvsepwI-0A3f2FZKUi1-zCRORLyDQrkNEZWmctwzquNJFTH9C5esbk4ptZ_F1Ud4Qh7IiLXgfEQr7gF-2JhIUy7BFI_FS8bbvfq3wDatMYkos0fS81&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=eWslmJ9nIPzJvXS-t5a_54Pqd6IfDAVOGzgAW2j6-QN4rUiWYgpo9unDXTKrczMJuzBUvUWQ6yiSPKETsvTqedLhlTruKxYB3t8BJmFhypDtVJTmPydGZe3Wa1VM34cSF52mFtNQ0z3Cftr8_m3c4dPmVpix_Nb9OLnc9nLwB1s1&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=IOl0D6eZq8A3zDFVt_snTSh8XG_hEZp_98rV46ADOqk9kTkYE48e5eCGjTQ0FimFltk7AOf5DZMBzr_-3gRzYi2rUOr6bHivdcEu5-7p_23YpjElFFVfYoCHY4XaepHEyko7r6fLLhGgKwIZxcIkTDjIn5LgwRf5TDOyjIqm3LA1&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=IvehfqbAaIS9Euat7oqzEQtG_5Jo9bFKhQXYETfsnFwYldqFPAaE_lEFQRnuGgPPwAbGUwP-uCGD9aUNiIsnyij4yr-NizIr5RhodUSNFrDSo24DFEhgSOd1scq7m9rlm6nUd0MahrscfaxUBTWjxsXeDHXeuuuh6k4cnvncXQ81&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=aPxQHMV6Cdyu
OfEZ9bmpXZeMy0TuGYs0d2UMIIHFkviUmbCeLzXKbKlM0J_7wFFgI1gV832gidG8SpmbdhdQMyTpZRZXlcfHN3t43l7mN4wo7NVU3KKiaB12m3nZapkzALtfBZatsotI_6kqJN-CRs7_FAZw1V_m4pu2dwgP-FM1&t=fffffffff82c1ce4|240|scriptBlock|ScriptPath|/PBKExternal/CaseInfoSearch/ScriptResource.axd?d=RnswWvDn3o5xaWRoyQZ55aeYC4vAJ9j_T7xJE7_FFuY8PBphqvfVCxxdKDslBtNX026r9JzEV1rBEwWxLOTLF3O5i7072AxZ5AlWpnfSSCo16t-YebJ6xu3L0KNj-kv1z76KGohv2sksJngz67bCGsAk1bpJcQDHH7Fpnkn8UHQ1&t=fffffffff82c1ce4|282|scriptStartupBlock|ScriptContentNoTags|Sys.Application.add_init(function()
{
    $create(AjaxControlToolkit.CalendarBehavior,
{"button":$get("ctl00_ContentPlaceHolder1_imgFrom"),"format":"MM-dd-yyyy","id":"ctl00_ContentPlaceHolder1_calendarButtonExtender"},
null, null, $get("ctl00_ContentPlaceHolder1_txtFrom"));

});
|273|scriptStartupBlock|ScriptContentNoTags|Sys.Application.add_init(function()
{
    $create(AjaxControlToolkit.CalendarBehavior,
{"button":$get("ctl00_ContentPlaceHolder1_imgTo"),"format":"MM-dd-yyyy","id":"ctl00_ContentPlaceHolder1_CalendarExtender1"},
null, null, $get("ctl00_ContentPlaceHolder1_txtTo"));
});
|


If you look at the references to

- 1|#||4|197|pageRedirect||
- |536|hiddenField|__VIEWSTATE|/

These all pass info into the javascript ... we figured that the size being
passed in was related to the URL length, and by changing the published DNS name
length to be that of the back end web server, we workaround the javascript
rewrite issues.