If one of your NAM fronted applications is having issues, configure NAM to display a “Maintenance Page” rather than displaying the default NAM error page. This looks much more professional than a 504 Gateway Timeout page.

This works for NAM 3.1 SP2.

The maintenance page that will be displayed will be a .jsp file. In this example, we’ll call it offline.jsp.

The first thing you need to do is create the NAM method and class:

  • Login to the NAM console
  • Click on Devices –> Identity Servers –> YOUR CLUSTER
  • Click on the Local –> Methods
  • Click New
  • Enter “Maint” for Display Name
  • Select “Secure Name/Password – Form” for Class
  • No user store needs to be selected
  • In the Properties section, click New
  • Type “MainJSP” for the Property Name
  • Type “true” for the Property Value
  • Click OK
  • Click New again
  • Type “JSP” for the Property Name
  • Type “offline” for the Property Value
    NOTE: The name of this property value has to correspond to the filename of the .jsp file.
  • Click OK twice
  • Click on Contracts
  • Click New
  • Enter “Maint” for Display Name
  • Enter “novell/maint” for URI
  • Assign the “Maint” method using the arrows
  • Leave everything else as is
  • Click OK twice and Apply your updates

The next thing you need to do is actually create the offline.jsp file on the IDP server(s).

-Create the offline.jsp file on all IDP servers in the /var/opt/novell/tomcat5/webapps/nidp/jsp/ directory. It can be as simple as a plain one line text file containing only “Down for Maintenance” or you can customize it if you are familiar with JSP’s. Attached is a messy but working template you can use that allows you to at least have a custom header image.

Using the example above, the image.jpg file needs to be located in the /var/opt/novell/tomcat5/webapps/nidp/images/ directory on all IDP servers.

Note: If you make modifications to the offline.jsp file and you don’t see the changes taking affect, delete offline_jsp.class and online_jsp.java files from the /var/opt/novell/tomcat5/work/Catalina/localhost/nidp/org/apache/jsp/jsp/ directory and try again.

Finally, you need to apply the “Maint Page” when needed:

  • Login to the NAM Console
  • Go to Devices –> Access Gateways
  • Click on Edit
  • Click on the Proxy that is having issues
  • Click on the Proxy Service
  • Click on the Protected Resources tab
  • Click on the Authentication Procedure and change it to Maint
  • Click OK and go to Devices –> Access Gateways
  • Click Update
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • jaredjennings says:

    This requires admin intervention and also means that users are going to see the default Novell error page until the admin intervenes. For planned outages this is fine, but wouldn’t it be better to modify err.jsp and either replace it or use some methods in the JSP to determine the error message, code and referer header so that the correct error page could be called?

  • barragae says:

    This takes updates to the configuration and will cause down time to implement. If you are in a five 9’s type environment, you can also use an authorization policy to accomplish this redirect. Using the policy however, you can set it up to avoid configuration updates which interrupt services. The policy can be setup and assigned with no rules, then when you need to “stub” a site, you can add a rule (no condition) to the policy so users are redirected to your offline message. Doing this requires a policy update only which does not take a configuration update to accomplish on the LAG(s).

By: rsmccain
Nov 12, 2010
11:48 am
Reads:
1,727
Score:
Unrated