This feature was added to give the administrator more flexibility in integrating off the shelf apps into Access Manager, as well as modifying application behavior. In most cases you shouldn’t need this feature. But if you do, you will be glad its there.
You can also select CGI or Page matching criteria, this work exactly the same as on the standard form fill policy configurations. Also keep in mind that this policy will have to be deployed as part of a protected resource. You should try to use the matching criteria and protected resource path definitions both to limit the scope of your injection policy as much as possible. The more narrow the scope of the policy, the less overhead the form fill engine will need to consume to detect and inject on the pages in scope.
A common request from security auditors is to automatically logout a user when an idle timeout period is reached. NAM has built in idle timeout handling, but it simply destroys the user’s HTTP session. The potentially sensitive contents of the application screen are left in a users browser for other people to see. And worst yet,l the user may return to the page to continue editing a form or other data, only to lose that data when they proceed to the next page and are redirected to a login screen.
This first example shows a very basic handler that will redirect the user to NAM’s logout page after an idle period. The script isn’t capable of reading the actual NAM idle timeout setting value, so you will need to specify the desired timeout (in milliseconds) in the script.
A simpler case involves injecting a script to allow analytics. A common example is using Google Analytics to track application usage. The example value UA-11111111-1 would need to be replaced with the appropriate Google Analytics site identifier.
There are a few things to keep in mind when using these scripts.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.