Confirmation email of the creation of an external user is send with wrong URL

  • 7014912
  • 15-Apr-2014
  • 15-Apr-2014

Environment

Novell Filr 1.0
Novell Filr 1.0.1
Novell Filr 1.1
NetIQ Access Manager 3.2

Situation

NetIQ Access Manager (NAM) is configured in such a way that it offers access to Novell Filr using a different DNS / IP then the one assigned to the Novell Filr Appliance(s).
NAM is not configured to perform the authentications of Filr (As mentioned in the documentation, this is not supported, until NAM is enhanced to process the authentication of external users).
Novell Filr is configured with the DNS hosted by NAM as the host in the Reverse Proxy configuration in the Appliance Management Console.

A Novell Filr user shares a file or folder with an external user.
The invitation email that is send out contains the url for Novell Filr, with the DNS value as set in the Reverse Proxy.
After the invited external user goes trough the needed steps to create an external user, receives a confirmation email but the url in the email (behind the link) contains the dns of the Novell Filr node.

Resolution

NetIQ Access Managers proxy entry for the Novell Filr Web server needs to be (re)configured with these options:
  • Front-end server set to the "External" DNS (this should be the same as the value set in host for the Filr's Reverse Proxy)
  • Back-end server set to the Novell Filr Web server DNS or IP.
  • Host Header set to forward received host name

Cause

Novell Access Manager (NAM) acts as a HTTP Proxy/Accellerator.

A NAT router does not change HTTP headers, so when an HTTP client reaches the FiLR server by the DNS domain name of the NAT router in the URL, then this DNS domain name remains unchanged in the HTTP header and FiLR uses this domain name with the URL in the confirmation E-mail to the user.

In case of HTTP Reverse Proxy, the HTTP client has a connection with the proxy and the proxy maintains a HTTP connection with the back-end Web server. Depending on the HTTP request and reply, the reverse proxy can answer on behalf of the back-end Web server from cache or forward the HTTP request from the client to the back-end Web server.

When creating a new Proxy service with NAM, the option "Host Header" can be configured to either replace the domain name with the "Web Server Host Name" (default) or to "Forward Received Host Name" in the header of HTTP messages to be forwarded to the back-end .
This setting can also be configured per back-end web server.

With the default configuration of "Host Header", Novel FiLR (back-end web server) receives HTTP messages with it's own domain name and hence also uses this domain name in the URL in the confirmation E-mail to the user.
When the "Host Header" option is configured to "Forward Received Host Name", then Novell FiLR receives HTTP messages with the domain name of the Reverse Proxy in the header and uses this domain name in the URL in the E-mail to the user.