When a user authenticates in an Access Manager environment, they are redirected to the Identity (IDP) server login page to submit their credentials. This is normally a stepping stone to accessing some back end applications, via either the Linux Access Gateway or SAML/Liberty service providers. If however, a user is already authenticated and accesses the Identity server, the user will be presented with the IDP server portal page. This page (shown below) provides a wealth of information about the logged in user, including all:
Administrators may want to prevent users from seeing this IDP server portal page for:
Administrators may already block access to some of the IDP pages through configuration settings eg. '2.7.3 Blocking Access to the WSDL Services Page' at http://www.novell.com/documentation/novellaccessmanager31/identityserver/?page=/documentation/novellaccessmanager31/identityserver/data/bookinfo.html
The nidp.jap page (/opt/novell/nids/lib/webapp/jsp directory) includes a basic check on whether the user is authenticated. It is also called with every access to the IDP login page. By manipulating this page to check the users status, an administrator can determine whether the user is already authenticated and if so, redirect the user to another page.
Editing this nidp.jar file, locate the existing default entry of
'if (handler.isAuthenticatedSession() && handler.getUserName() != null)'
and add the following lines just above this:
String redirectURL = "http://www.novell.com/";
When a user accesses this page and is not authenticated, the login process will continue as is by default ie. user is presented with the login page where they submit their credentials. If the user is already logged in however, the isAuthenticatedSession() returns true and instead of being redirected to the default IDP portal page, the new code is executed to redirect to a predefined URL. The following ieHTTPHeaders output confirms this
GET /nidp/app HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Cookie: JSESSIONID=11AB34250B3E79DEC11186168C23B34D; novell_language=en-us; CoreID6=23495995982212440449949; __utma=64695856.419410920.1252432782.1270822885.1271090179.10; __utmz=64695856.1270722077.8.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=184.108.40.206-1904004976.30060919:lv=1266928072031:ss=1266927852968; WT_DC=tsp=1; IPCZQX03a36c6c0a=000002009302249462bb469a9f0f5b43243b858a
HTTP/1.1 302 Moved Temporarily
Date: Thu, 29 Apr 2010 09:17:19 GMT