Custom IDP Class to Check the Integrity of the Client Machine

Custom IDP Class to Check the Integrity of the Client Machine


The Client Integrity Check (CIC) feature is available with the SSL VPN component of Novell Access Manager. You can configure a client integrity check policy to verify if the prescribed software (such as firewall and antivirus software) is installed on the client machine. You can configure different policies for Windows, Linux, and Macintosh machines, then specify applications that must be present in the client machines in order to pass the client integrity check.


An IDP Authentication class has to be created which would check for software information on the client workstation. The customer should be able to configure checks like process, file, windows registry, system service, etc. as a input to the class at the admin console. This class can be executed with first method of the contract. If the check fails, authentication fails for the user, else continues with next method execution.


The following will be the flow in which this will be achieved:

  • Admin configures this new authentication class in the admin console.

  • Policies for the CIC are configured as a property to this class.

  • This policy can contain checks for Windows, Linux and Mac workstations.

  • The first method in the contract can contain this class.

  • When this class is executed, a java applet will be loaded on the client machine.

  • Applet will download the policies and CIC binary from the IDP server for execution.

  • Applet will then execute the CIC binary with the provided policy.

    • While executing, the browser will show a wait status to the end user.

    • There is no end user input needed in this process.

  • Applet will then return the result back to server.

    • If failed, an error page is thrown to the user.

    • On success, method execution will proceed.


This feature is tested on 3.1.2 and above with IDP on Linux. As per design, it should work on earlier builds and Windows. You can follow the steps below to enable this feature in an IDP installed box:

$cd /var/opt/novell/tomcat5/webapps/nidp
$tar xzvf NIDP_CIC_CLASS.tar.gz #(
Above statement should output as below,

$/etc/init.d/novell-tomcat5 restart

Please refer to the demo link section for details on generating the CIC configuration.

Now you can configure the admin console with the new authentication class as shown below.

You also need to configure properties for the new class as shown below.

Demo Link:


  • Make sure you have jre installed on the client for the applet to load.

  • Once the applet is loaded on browser, the user needs to click “run” on the java pop-up to run the applet.

  • This new class has to be assigned to a method and that method has to be assigned to a contract.

Example CIC configuration:

(Please refer to the demo link for details on generating the CIC configuration.)

Policy text file example:

CATEGORIES=Antivirus_Windows , new cic policy

Name=Symantec AntiVirus 10.0
Name=example antivirus
[new cic policy]
Name=new application
SoftwareService=Name==new service&UserInterfaceID==1290072457890&Status==Running
Process=Version==101&RegistryKey==\HKEY_LOCAL_USER\newreg&RegistryKeyValue==newvalue&Owner==&Name==new process&UserInterfaceID==1290072495675


In the above policy, there are two catogories configured, Antivirus_Windows and the new CIC policy. Antivirus_Windows has 2 applications under it, Symantec AntiVirus 10.0 and example antivirus.

If one of the applications is satisfied then Antivirus_Windows is passed.

Symantec AntiVirus 10.0 application configured with 4 definitions. Those are Process, SoftwareService, AbsoluteFile and RegistryKey.

A process definition contains, the name of the process, registry key and the value of the process and version of the process.

NOTE: UserInterfaceID can be ignored. You can install a SSL VPN device and generate a huge number of policies using CIC and CIC level sections.

Labels (1)


Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:08
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.