Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual page 259

When the request contains a session cookie, the Access Gateway checks its local user store for a
user that matches the session cookie. Each Access Gateway in the cluster maintains its own list of
known users.
If the session cookie matches one of the locally known users, the user is assigned that identity.
The Access Gateway continues with the tasks outlined in
If the session cookie doesn't match one of the locally known users, the Access Gateway needs
to know if one of the other Access Gateways in the cluster knows the user. Processing
continues with the task in decision point 3.
The Access Gateway queries the session broker to see if one of the other Access Gateways in the
cluster knows this user.
If a match is found, the user is assigned that identity. The Access Gateway continues with tasks
outlined in Figure 8-5 on page
If a match is not found, the user is unknown and is assigned as a public user. The Access
Gateway continues with the tasks outlined in
Determining the Type of Request
Figure 8-5
Continue Processing
Is the
Request a
4
Cookie Broker
Reply?
NO
Is the
Request a
5
Cookie Broker
Request?
NO
Does the
6
URL Match
a PR?
YES
Continue Processing
The Access Gateway examines the request to determine what type of request it is.
259.
Figure 8-5 on page
Strip Cookie
YES
Redirect
to URL
Is the
5a
YES User
Authenticated?
NO
Redirect to
the ESP for
Authentication
NO
Return a
403 Error
Figure 8-5 on page
259.
YES
Create a
Cookie Broker
Reply
Continues as a New Request
Troubleshooting the Access Gateway Service 259
259.