NetIQ Access Manager FormFill policy loop after migrating from NAM 3.1 to 3.2

• NetIQ Access Manager has been migrated from 3.1.4 to 3.2.1.
• After migrating several existing FormFill policies will generate a browser POST loop.
• All FormFill policies were working without any problems with the NAM 3.1.4 Linux Access Gateway (LAG)

• This issue has been reported to engineering
  
  
• As a workaround you have to analyze the login page and the landing page (after a successful login) for differences which can bee addressed with either the "Page Matching Criteria" or the "CGI Matching Criteria"

The landing page after a successful login process at the web application server includes as well a HTML form which matches the Form name attribute on the login page. The landing page does not include ANY of the defined input fields. With the NAM 3.1.4 Linux Access Gateway the post condition will be "HTML form name, id, number + one matching input field". This logic is broken with NAM 3.2, 3.2 SP1, 3.2.1 SP1 IR1a.

Troubleshooting:

1. Install a browser header tool like the "Live HTTP Headers" plugin for Firefox or the "ieHTTPHeaders" plugin for IE.
   
   
2. Get a copy of the login page and the landing page after a successful login
   
   
3. Use the NAGGlobalOptions DebugFormFill=on advanced option and review the "/var/log/novell-apache2/error_log" for FormFill debug messages on matching the page
   
   
4. Run a header trace running a driect login to the web application server (without having NAM in place) and run anther login which leads into the loop.t
   
   
5. Review the headers trace and the FormFill debug output generated on the access Gateway