Personalizing Novell Access Manager Using Custom Headers and LDAP

Personalizing Novell Access Manager Using Custom Headers and LDAP

Introduction



When you log in to the user interface for Novell Access Manager, not only can you pull your LDAP credentials from eDirectory, but you can get most of the "editable" data about yourself as well.



Here is a way to configure both Novell Access Manager and your home page to display a personalized web site for your users.



We'll use the Digital Airlines example that comes with Novell Access Manager 3 for ease of use and to show what you can do with your information stored in eDirectory.



Prerequisites



  • Novell Access Manager 3 - Installed and configured

  • PHP Mod for Apache installed on Web Host Server



Procedure



Adding LDAP Attributes



First, we'll add the additional LDAP attributes to the Identity Server.



1. Log in to the Administration Console and select Identity Servers.



2. Click the Shared Settings tab.







Click to view.


Figure 1




Figure 1 - Shared settings for Identity Servers



In this example we're going to use the LDAP attributes:



  • givenName (First Name)

  • sn (Surname)

  • jpegPhoto


Givenname is missing from the default list in NAM, so we'll have to add it.



3. Click New.



4. Enter the name "givenname" and click OK.







Click to view.


Figure 2




Figure 2 - Setting the givenName



5. Click Apply, then click OK.



Creating a New Policy



Now let's add a new policy to send this data to the browser.



1. Click Policies. These are the existing policies you have created.







Click to view.


Figure 3




Figure 3 - List of created Policies



2. Click New.







Click to view.


Figure 4



Figure 4 - Creating a new Policy



3. Call this policy Identity and select Identity Injection for the Type.



4. Click OK.



On this screen, define the policy as follows:







Click to view.


Figure 5




Figure 5 - Defining the Policy



5. Enter a description for this Rule, if you want.



6. Click New and add the first Action:



Inject into Custom Header

Name the variable that will be passed to the browser: X-FName

Value: LDAP Attribute givenname



7. Click New for the next Action.



Inject into Custom Header

Name the variable that will be passed to the browser: X-LName

Value: LDAP Attribute sn



8. Click New for the next Action.



Inject into Custom Header

Name the variable that will be passed to the browser: X-Photo

Value: LDAP Attribute jpegPhoto



Note: Double-check your spelling of names before you click OK. Misspelled names will cause much heartache when you try to troubleshoot why the fields are blank on your home page later.



Assigning this Policy to the Reverse Proxy



1. Select Access Gateways > Edit.



2. Choose the Reverse Proxy that you wish to use.



3. Select the first Proxy Service in the list and click the Protected Resources tab.



4. Select the Protected Resource that will have this policy assigned.







Click to view.


Figure 6




Figure 6 - Enabling the Identity Injection policy



5. Place a check in the box and click Enable.



6. Click OK and Update your Access Gateway.



Modifying your Web Page



1. Open /srv/www/htdocs/index.php in your favorite editor.



2. Scroll down to the following section:



$headers = apache_request_headers();
foreach($headers as $header => $value)
{
$found = false;
if($header == "X-Name")
{
$found = true;
echo "Welcome: $value";
}
}


3. Remove everything shown above after "$found = false;" and insert the following code:



if($header == "X-FName")
{
$found = true;
$firstname = $value;
}
if($header == "X-LName")
{
$found = true;
$lastname = $value;
}

if($header == "X-Photo")
{
$found = true;
$myphoto = $value;
}
}
echo "<img src=\"".$myphoto."\" name=\"Image19\" width=\"75\" height=\"75\" border=\"0\">";
echo "<b>Welcome $firstname $lastname!</b>";
?>



3. Save the file and exit.



4. Remember to log back in to the Administration Console and purge the cache on the Access Gateway.



Testing and Notes



Log in into the Access Gateway as normal.







Click to view.


Figure 7




Figure 7 - Access Manager login



Then you'll see your Default page. What a gorgeous mug!







Click to view.


Figure 8




Figure 8 - Customized default page



A couple of notes ...



First - if you don't any other data populated in your user objects other than the minimum, sn, then only your last name will be displayed.



Second - if you decide to display photos, limit the size to like, 75px X 75px. Otherwise, you'll lose some performance while the server sends you large jpegs.



Finally - to fix a broken graphic, put a statement testing whether X-Photo is empty and display a default image instead.



Conclusion



Using your imagination and LDAP, you can really make your users feel important when they log in. Just hope they remember at your next review!

Labels (1)
Tags (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:09
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.