Redirecting the Access Gateway to the Full Domain Name – Updated for AM 3.0.3+



By: bdgreen

January 9, 2009 11:24 am

Reads:289

Comments:0

Score:Unrated

Introduction

It is customary for users at my organization to access web services simply by entering the name of the service they want using a host name in their browser. (ie. http://imanager or http://eguide) The access gateway in Access Manager requires that you use fully qualified names when accessing resources and will give you a 403 FORBIDDEN error message if you don’t use the FQDN. I am running AM 3.0.4 and initially was using the following article as a guide (and you should continue to do so if you’re using AM 3.0.2 or less)… Redirecting the Access Gateway to the Full Domain Name

However, according to the AM documentation here… http://www.novell.com/documentation/novellaccessmanager/adminguide/index.html?page=/documentation/novellaccessmanager/adminguide/data/b5512be.html

…the page for error messages has been transitioned from the error.jsp to an HTML template in AM 3.0.3 and above. I will describe how I modified the template to properly redirect users of host name to the FQDN on the gateway itself.

Setup

This configuration assumes that you have only one domain suffix that your access gateway is handling since we hard code the config in the HTML (not the best way but certainly the easiest way to do it). You’ll need to locate and edit the error page template on each LAG where you want to enable this functionality.

Step 1

Make a backup of…

/var/novell/errorpagesconfig/current/ErrorPageTemplate.htm.en

Step 2

Edit the file above and insert the following code just before the </head>. By inserting the code withing the HTML header, we are ensuring that the javascript runs each time the page is loaded. (Note: Change mydomain.com in the code below to match your domain suffix.)

<SCRIPT LANGUAGE="JavaScript">
var mystatusCode;
var myhost;

mystatusCode = "<ERROR_STATUS>";
myhost = "";
if(mystatusCode=="403 Forbidden")
{
        if (document.URL.indexOf("mydomain.com") == -1)
                {
                myhost = "http://" + location.host + ".mydomain.com/";
                location.replace(myhost);
                }
}


</SCRIPT>

Step 3

Save the file and then restart the AM Virtualization Controller to activate the change.

/etc/init.d/novell-vmc restart

Step 4

Test by accessing a proxied web site with just the host name. The code above should detect that the error coming back from the LAG is a 403 Forbidden error and attempt to access the site again using the fully qualified domain name.

Also, I would suggest reading the documentation link above about how the templates are managed during a product upgrade.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Tags:
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment