Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Support Pack 1 applied
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Support Pack 1 applied
NetIQ Access Manager 4.x
Situation
When a protected resource on the Linux Access Gateway (LAG) includes multiple HTML frames, the web page including the frames is incorrectly displayed when being redirected to the login page after the session timeout, and reauthenticating successfully. If the administrator customised the logout page (via logoutSucces.jsp) so that it includes redirects back to the web server that includes frames, the page will not include all frames either.
What happens is that the redirect operations cause the frame to be displayed in the top window, thus breaking all other frames on the page. This did not occur with Access Manager 3.0, but was introduced with the Cardspace infrastructure adopted by 3.1.
What happens is that the redirect operations cause the frame to be displayed in the top window, thus breaking all other frames on the page. This did not occur with Access Manager 3.0, but was introduced with the Cardspace infrastructure adopted by 3.1.
Resolution
Apply Access Manager 3.1 Support Pack 1 and do the following:
1. copy the customised login page to the IDP server /var/opt/novell/tomcat5/webapps/nidp/jsp directory. The docs at https://www.novell.com/documentation/novellaccessmanager312/identityserverhelp/data/bjpsemc.html?view=print explain how to customise login pages.
2. modify top.jsp in the above directory and replace
<!--
top.location.href='<%=url%>';
-->
top.location.href='<%=url%>';
-->
with
<!--
location.href='<%=url%>';
-->
location.href='<%=url%>';
-->
3. Using the link above, go to the section 'Using Authentication Class or Method Properties for Multiple Brandings'. Here,
a) add the MainJSP property to your authentication method, with a value of true.
b) add the JSP property to your authentication method, with a value of custom_login (which is the attached script file)
4. restart tomcat on the IDP server
5. assign the contract that references the customised class/method above to your iFrames protected web server
6. Access the page and login
7. wait until the hard timeout has expired and try hitting the page again
8. authenticate and make sure that the frames are no longer removed and you see what you should see
This will address the issue with both login and logout pages.
NOTE: the same fix applies with all versions of Access Manager.
This will address the issue with both login and logout pages.
NOTE: the same fix applies with all versions of Access Manager.