Configuring The Default Identity Injection Policy; Injecting The Ssl Vpn Header - Novell ACCESS MANAGER 3.1 SP2 - SSL VPN SERVER GUIDE 2010 Manual

2.2.1 Configuring the Default Identity Injection Policy

The SSL VPN server requires a user credential profile consisting of the following elements:
Username and password information
A proxy session cookie
The roles assigned to the current user for authentication information
Each element added to the custom header requires a name with an "X-" prefix. The name you enter
is specific to the application using the custom header, and might be case sensitive. You need to
obtain this information from the application before creating the custom header. The Access Gateway
injects these headers into the SSL VPN server.
The SSL VPN server requires the following three headers:
Authentication header containing the credential profile with a username and password
Custom header containing a proxy session cookie element named X-SSLVPN-PROXY-
SESSION-COOKIE
Custom header containing roles for current user element, named X-SSLVPN-ROLE
You can configure Access Gateway to inject the client IP address as a custom header along with the
other three headers. This custom header should be named X-SSLVPN-CLIENTIP. This enables
logging of the client IP address for SSL VPN. This is an optional configuration and is not enabled by
default. If it is not enabled, the SSL VPN server reports it to the Audit server as a connection
accepted from
To add this header to the SSL VPN policy:
1 In the Administration Console, click Devices > Access Gateways > Policies.
2 (Conditional) If you have not created the SSL VPN default policy, click Create SSL VPN
Default. Then click Apply Changes.
3 In the list of policies, click SSLVPN Default > 1.
4 In the Actions section, click New, then select Inject into Custom Header.
5 Fill in the following values:
Custom Header Name: Specify X-SSLVPN-CLIENTIP.
Value: Select Client IP.
6 Click OK twice.
7 Click Apply Changes.

2.2.2 Injecting the SSL VPN Header

The example in this section explains how to accelerate SSL VPN server in a path-based multi-
homing configuration.
Before you begin, make sure you have already created a proxy service and an authentication
procedure. For more information on creating a proxy service and authentication procedure, see
"Configuring a Reverse
1 In the Administration Console, click Devices > Access Gateways > Edit > [Name of Reverse
Proxy].
24 Novell Access Manager 3.1 SP2 SSL VPN Server Guide
.
Unknown Host
Proxy" in the Novell Access Manager 3.1 SP2 Setup Guide.