Access Manager Single Sign-on to NetStorage

Access Manager Single Sign-on to NetStorage

This has been tested with the following versions:

  • NetWare OES2 (NetWare 6.5 SP7)
  • Access Manager 3 SP3

This is for HTTP/HTTPS connectivity to NetStorage only. I understand there are also issues around WEBDAV and clients running NCL and/or ZEN.

My environment consists of:

  • The OES2 server (oesnw65.i.scorpiogeek.net.nz)
  • The Linux Access Gateway (lag.i.scorpiogeek.net.nz)
  • The Identity Server (idp.i.scorpiogeek.net.nz)
  • An Accelerated domain name of am3.i.scorpiogeek.net.nz
  • The IDP protected behind the Access Gateway

So you should alter to your environment.

Firstly NetStorage needs to be modified through the iManager plugin "File Access (NetStorage)"

NAM_NetStorage_01.png

The main setting here is having Cookieless set to 1. You can also configure your Session Timeout at this point to reflect what you will configure in Access Manager. It is best to reboot the server to make sure the change has been applied.

Now we need to modify the NetStorage logout link to log the user out of Access Manager as well. Edit the SYS:\tomcat\4\webapps\NetStorage\logout.html.utf8 file. Comment out the 2 lines, enable the 3 lines, and modify the URL:

NAM_NetStorage_02.png

Now we need to set up Access Manager to accelerate the portal. We need to set up 3 Policies:

  • Inject the Basic Authentication Header

    NAM_NetStorage_03.png

  • Inject the Session Cookie

    NAM_NetStorage_04.png

  • Inject the ICHAIN_UID header (not sure about this one, but did it anyway - you can try without and see if it works)

    NAM_NetStorage_05.png

Lets set up the accelerator for NetStorage now:

  • Create a new Path Based accelerator. This will have 2 paths as shown below:

    NAM_NetStorage_06.png

  • Under HTTP Options we need to enable Enable X-Forwarded-For:

    NAM_NetStorage_07.png

  • Under the Web Servers tab, we need to forward the web server name as the Host Header, Enable Forwarding of Encoding Header, and Connect Using SSL:

    NAM_NetStorage_08.png

  • On the parent accelerator, create a new protect resource with 2 URL Paths and assigning your contract:

    NAM_NetStorage_09.png

  • Assign your appropriate authentication policy:

    NAM_NetStorage_10.png

  • Assign the 3 Identity Injections created earlier:

    NAM_NetStorage_11.png

We now need a public resource for the logout page:

NAM_NetStorage_12.png

One last task is to avoid caching issues:

  • Create a PIN Bypass for /oneNet/*:

    NAM_NetStorage_13.png

Apply the changes and Update all servers. NetStorage can now be accessed via https://am3.i.scorpiogeek.net.nz/NetStorage

Labels (2)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Very good setup. Just be aware Novell won't support this configuration (their official SSO solution to NetStorage is to use SecureLogin). But it DOES work, and many thanks to the author for taking the time to illustrate this.
Please update the links to the gif files. I can't seem to access them
Thanks
Attachmate failed to copy the images from the old Novell Coolsolutions to the NetIQ Coolsolutions when they did the move. The originals have gone as I no longer have copies.
Hi ScopionSting, Can you please update the article so it at least has the information such as the paths etc, even if it does not have the images? Thanks.
Top Contributors
Version history
Revision #:
9 of 9
Last update:
‎2020-01-31 11:42
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.