Enhanced features for Form Fill (SSO.NLM) in pre iChain 2.3 SP2 patch
(Last modified: 21Dec2004)
This document (10095590) is provided subject to the disclaimer at the end of this document.
iChain 2.3.262 build
Enhanced features for Form Fill (SSO.NLM) in iChain 2.3 beta SP2 patch b1ic23fsp2.exe
Note: The reason for this TID is that we will be releasing a field test version of iChain 2.3 SP2 over the next week or so and the iChain documentation team will not have the new features documented in time. All these changes will be included in the SP2 documentation by FCS and will include more examples.
Note: The reason for this TID is that we will be releasing a field test version of iChain 2.3 SP2 over the next week or so and the iChain documentation team will not have the new features documented in time. All these changes will be included in the SP2 documentation by FCS and will include more examples.Form Fill tags are not case sensitive anymore
A number of stack allocated buffers have been replaced by memory allocations.
Enhanced Protection is now set on Shared Secrets written by iChain to Secret Store by default
E 0|1: Disable/Enable Enhanced protection on secrets where 0 is disabled.
Example: load sso.nlm /e0 to disable.
*Add this line to the end of the SYS:/SYSTEM/APPSTART.NCF file to make it persistent.
Also, logging can be enabled or disabled "on the fly": It is not necessary to unload and re-load SSO.NLM to enable or disable this functionality. Just re-load SSO.NLM with the desired parameters. Command line options are as follows:
*All options are case-insensitive and should be followed by a '/'
D 0|1|2|3|4|5 : Enables level of debug output.
Example: To load SSO.NLM with extended logging a the highest debug level output to the log screen only:
load sso.nlm /d5 /l1
*The load command and parameters can be added to the end of SYS:/SYSTEM/APPSTART.NCF if desired. The new nlm is backward compatable with the old load parameters, meaning that "load sso /d /l" will still send output to the log screen.
Intelligent and customizable return error handling
In iChain builds 2.3.262 and beyond a default error page with "readable" error information will be displayed to the user...rather than just deleting the credential and dumping them at an the application login screen. (A new NLM, ErrorMap.NLM, and its associated configuration files, has been introduced. This NLM is responsible for translating error codes into readable strings. The NLM supports internationalization of these messages if needed). With this new feature, the help desk then has intelligent information to work from and the credential is not deleted needlessly.
As an alternative, the new <errorRedirect> tag can be used in the Form Fill policy to display a customized .php error page to the user.
The parameters passed in the query string can be handled in any way the adiminstrator sees fit. This new functionality gives the administrator unlimited control over NDS/NSSS/LDAP error handling and the subsequent message displayed to the end user. See "ErrorRedirect" below for details.
A new Formfill Tag, <errorRedirect>URL_TO_REDIRECT_TO</errorRedirect> has been introduced. This url can point to anywhere; it does NOT have to be any accelerator. However, in order to be able to get data like username and credentials, you should consider redirecting to an accelerator on the iChain appliance.
This url works as follows. In this example the error being returned from LDAP is error "81".:
The URL will be called with the following syntax:
The parameters passed from the Formfill ErrorRedirect are:
STAGE: Fill | Post
Mapping the parameters to the example URL above results in:
Error sent from host: <IP Address>
To test a customized .php error page start with the content below. The .php file can be run on an Apache server that supports PHP. You can then modify the content to display a specific message or parse for specific error codes and handle them any way you want!
Notes: You can find the corresponding errorcodes and messages in the SYS:/SYSTEM/ERR_*.CFG files..
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.