Highlighted
Regular Contributor.. kseb Regular Contributor..
Regular Contributor..
491 views

I have integrated a new application in access manager 3.2.But custom header name is not retrieving

After integrating the web page is coming through single sign on.But the custom header name is not retrieving in new application.

This application is used in both intranet and internet.

Custom header name http_user in intranet

Custom header external_user in internet  is not retrieving,

I have enabled the policy for this application.

In old application this policy is still working and able to retrieve the custom header

 

0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

Enable the httpheader debug parameters and then check /var/log/novell-apache2/httpheaders. Do a grep on to-ws and you'll see all the requests (incl headers) that were send to your webserver(s).

If you see a blank header than we can troubleshoot that. 

 

Set the following options in the advanced parameters:

DumpHeaders on
DumpHeadersFacility local6

DumpResponseHeaders on
DumpResponseHeadersFacility local6

 

 

Regular Contributor.. kseb Regular Contributor..
Regular Contributor..

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

I have set the parameters in advanced option .And it is showing blank in httpheaders log

0 Likes
Regular Contributor.. kseb Regular Contributor..
Regular Contributor..

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

How to troubleshoot any other solution.Can you please suggest.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

so tracking identity injection is a little harder but not impossible. First thing you'll have to do is enable access gateway logging. In the advanced options set:

LogLevel info

 

and on the identity cluster enable debug logging for the application and liberty and update both the IDP and Access Gateway(s). Then generate the event where the II fails. Ideally you capture either a chrome/IE F12 network trace (or fiddler). In Chrome you can enable persistent logs which makes life a little easier. IE doesn't do that (dunno about FF). Using the via header you can track down the request ID on the URL where you have II enabled. You search for this in the error_log. On this request you should see that apache is reaching out to the ESP for a identity injection policy. You can then try to find this event in the ESP catalina.out. If the ESP doesn't have the attribute cached it'll do a webservices call to the IDP which you can track down in the IDP catalina.out as well. Once the IDP has obtained the value from the LDAP user store it'll send it back to the ESP and the ESP will send it to apache which then injects it.

First time troubleshooting this is a little daunting (especially when you have multiple cluster nodes) but once you get the hang of it it isn't all that hard. The downside is though that the logs don't show the actual attribute values. Worst case, you could take a packet trace as well but in order to decrypt the traffic you have to set the ciphers on the IDP to only use RSA key exchange.

 

Alternatively, you could post the logs here but not sure if you want to do that...

Regular Contributor.. kseb Regular Contributor..
Regular Contributor..

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

I have added in advanced paramaters.But no log is hsowing for the newly added sso application.For the other application the log is showing.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

are you sure your request is going through the access gateway? Can you supply a fiddler trace with decryption enabled? Be aware that this might expose your user credentials you are using!

 

 

0 Likes
Regular Contributor.. kseb Regular Contributor..
Regular Contributor..

Re: I have integrated a new application in access manager 3.2.But custom header name is not retrievi

Hi in test environment.the custom header was not retrieving.and i have given the dns entry ip of login page then its retrieving..
in production the same issue after integrating the custim header is not retrieving,here the application is integrated both intranet and internet.what all i have t

o check can you please suggest?
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.