Browser Hangs In An Authentication Redirect; Translating The Identity Server Configuration Port - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

Use NTRadPing to test installations.
Verify that the correct UDP port 1812 is specified.
Verify that the RADIUS server can accept requests from the Identity Server. This might require
the NAS-IP-Address attribute along with credentials.
Verify that the user exists in the user store if multiple methods are added to a contract.
Verify if user authentication works independent of Access Manager.
Verify that the NMAS
Ensure that the NMAS_LOGIN_SEQUENCE property is defined correctly.

12.3.7 Browser Hangs in an Authentication Redirect

If the browser hangs when the user attempts to authenticate at an identity provider, determine
whether a new authentication contract was created and set as the default contract on the Identity
Server. If this is the case and you have an Access Gateway resource set to accept any contract from
the identity provider, you should navigate to the Overview tab for the protected resource and specify
Any again in the Contract drop-down menu. Then click OK, then update the Access Gateway.
12.4 Translating the Identity Server
Configuration Port
If your Identity Server must communicate through a firewall, you must either set up a hole in your
firewall for TCP ports 8080 or 8443 (default ports used respectively for non secure and secure
communication with Identity Server), or configure the Identity Server service to use TCP port 80 or
443.
On a Windows Identity Server, you need to set the port in the Base URL and save the changes. You
then need to modify the Tomcat
Files\Novell\Tomcat\conf
restart the Tomcat service.
On a Linux Identity Server, the steps are more complicated. The Identity Server service (hosted on
Tomcat) runs as a non-privileged user on Linux and cannot therefore bind to ports below 1024. In
order to allow requests to port 80/443 while Tomcat is listening on 8080/8443, the preferred
approach is to use iptables to perform a port translation. Port translation allows the base URL of the
Identity Server to be configured for port 433 and to listen on this port, and the iptables translates it to
port 8443 when communicating with Tomcat.
If you have disabled the SLES 10 firewall and do not have any other Access Manager
components installed on the Identity Server, you can use a simple iptables script to translate the
ports. See
If you have configured the SLES 10 firewall or have installed other Access Manager
components on the Identity Server, you use a custom rule script that allows for multiple port
translations. See
page 289.
286 Novell Access Manager 3.1 SP1 Identity Server Guide
server is local and no tree walks are occurring across the directory.
TM
server.xml
directory. Change the ports from 8080 and 8443 to 80 and 443, then
Section 12.4.1, "A Simple Redirect Script," on page
Section 12.4.2, "Configuring iptables for Multiple Components," on
file located in the
\Program
287.