Configuring Advanced Options For A Domain-Based Proxy Service - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

1.1.3 Configuring Advanced Options for a Domain-Based
Proxy Service
The following advanced options are available only for a domain-based proxy service of an Access
Gateway Service. For a path-based proxy service, see
Options for Path-Based Multi-Homing," on page
1 In the Administration Console, click Access Gateways > Edit > [Name of Reverse Proxy] >
[Name of Proxy Service] > Advanced Options.
2 To activate these options, remove the # symbol, configure the value, save your changes, then
update the Access Gateway Service.
#FlushUserCache=on: Specifies whether cached credential data of the user is updated when
the session expires or the user changes an expiring password.
When it is turned on, which is the default setting, credentials and the Identity Injection
data are refreshed.
When it is turned off, the cached user data can become stale. For example, if your
password management service is a protected resource of the Access Gateway and this
option is turned off, every time a user changes an expiring password, the user's data is not
flushed and the Access Gateway continues to use stale data for that user.
#SSLProxyVerifyDepth=3: Specifies how many certificates are in a Web server certificate
chain. When you activate the verification of the Web server certificate with the Any in Reverse
Proxy Trust Store and the public certificate is part of a chain, you need to specify the number of
certificates that are in the certificate chain. For more information on configuring Web servers
for SSL, see Section 3.4, "Configuring SSL between the Proxy Service and the Web Servers,"
on page 115.
#ProxyErrorOverride: Allows you to specify which errors you want returned to the browser
unchanged by the Gateway Service. The default behavior of the Gateway Service is to replace
Web server errors with Gateway Service errors.
However, some applications put more than the error code in the message. They include keys
and JavaScript. If this information is critical, you need to specify an override and allow the
error message to be returned to the browser without any modifications.
For example, NetStorage requires an override for the 401 error because it includes a key in the
401 error. The portal page for the Novell Open Enterprise Server requires an override for error
403 because it includes JavaScript.
You can use the following syntax to set this option:
Syntax
ProxyErrorOverride=on -401 -403
Section 6.2.6, "Configuring Advanced
192.
Description
Allows all errors to be changed to Gateway
Service errors except errors 401 and 403, which
are sent unchanged.
This syntax allows you to list the few errors you
want to forward without change while allowing all
the others to be changed to Gateway Service
errors.
Configuring the Access Gateway to Protect Web Resources 21