Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual page 210

.enableInPlaceSilentFillNew
Located in the
This touch file is to be used to fill forms with complex JavaScript or VBScripts. You must use this
touch file along with the
must have the Statements To Execute on Submit option enabled and the policy must contain a
function to execute. For more information on how to use this touch file,
Policy for Forms With
.setsecureESP
Located in the
When this touch file is used, the JSESSIONID cookie of the Embedded Service Provider is marked
as secure.
To enable this touch file, you need one of the following:
All services that need authentication must use the secure communication channel or HTTPS.
The Access Gateway device must be behind an SSL terminator.
For more information, see
Cookie," on page 117
lagDisableAuthIPCheck
This file is located in the
If this touch file is enabled, the Access Gateway does not perform the IP address check on incoming
session cookies. Use this in a setup where two L4 switches are configured in parallel and the
browser requests are bounced between these L4 switches.
For example, if multiple back-end Web servers are accelerated by the Access Gateway, some users
complain that they are not able to complete their logins. When they access the protected resources,
they are redirected to the Identity Server for authentication, but they are not redirected to the original
URL.
If multiple paths (at the network level) exist between a browser and the Access Gateway and proxies
or NAT devices exist on these paths, it is possible that the source IP address of the incoming requests
into the Access Gateway might change. For example, assume that user A connects to an ISP. This
ISP has multiple transparent proxies in parallel for performance reasons.
User A accesses the Access Gateway for the first time. The request from User A goes through a
local transparent proxy TP1, so the incoming IP address of the initial request has that transparent
proxy's (TP1) IP address. The Access Gateway session cookie is set and the user is redirected back
to the page he/she was going to originally
User A then sends the next request for this original page, but it goes through a different proxy, TP2.
The incoming IP address of the request into the Access Gateway is now different than the one that
the user used for authentication (TP1 IP address) and the validation fails. The Access Gateway loops
as it continues to request the user to send a valid session cookie.
.alwaysUseJSFor302
This file is located in the
210 Novell Access Manager 3.1 SP2 Access Gateway Guide
directory.
/var/novell/
.enableInPlaceSilentFill
Scripts" in the "Novell Access Manager 3.1 SP2 Policy
directory.
/var/novell
Section 3.5.1, "Securing the Embedded Service Provider Session
directory.
/etc
/var/novell
file. To use this file, the Form Fill policy
directory.
see"Configuring a Form Fill
Guide".