pober Absent Member.
Absent Member.
347 views

Re: Can't get SSLVPN to work


I have the same issue, with 3.1.4.27.

All authentication headers are set correctly. I proofed this via an
phpinfo();.

Here some infos from the catalina.out:

Code:
--------------------
<amLogEntry> 2011-11-22T13:55:40Z DEBUG NIDS Application: AM#501103050: AMDEVICEID#esp-470F88D29E22CBD6: AMAUTHID#C54209DBA4B9BCF7CA2BF2DB2D5F9E15: PolicyID#54M96691-6973-KOK2-2355-36MMNO779OM2: NXPESID#5132: AGIdentityInjection Policy Trace: ~~RL~1~~~~Rule Count: 1~~Success(67)
~~RU~RuleID_1290160246988~SSLVPN_Default~DNF~~0:4~~Success(67)
~~PA~ActionID_1321964689388~~Inject Custom Header~X-SSLVPN-CLIENTIP~Value(2):ClientIP(2504:)::~Ok:ttl 0~Success(0)
~~PC~ActionID_1321964689388~~Document=(ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc),Policy=(SSLVPN_Default),Rule=(1::RuleID_1290160246988),Action=(InjectCustomHeader::ActionID_1321964689388)~~~~Success(0)
~~PA~1~~Inject Custom Header~X-SSLVPN-PROXY-SESSION-COOKIE~Value(2):ProxySessionCookie(2505:)::~Ok:ttl -1~Success(0)
~~PC~1~~Document=(ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc),Policy=(SSLVPN_Default),Rule=(1::RuleID_1290160246988),Action=(InjectCustomHeader::1)~~~~Success(0)
~~PA~2~~Inject Custom Header~X-SSLVPN-ROLE~Value(2):CurrentRoles(6660:)::~Ok:ttl -1~Success(0)
~~PC~2~~Document=(ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc),Policy=(SSLVPN_Default),Rule=(1::RuleID_1290160246988),Action=(InjectCustomHeader::2)~~~~Success(0)
~~PA~3~~Inject Auth Header~uid~uid(1)...Ok:ttl -1~Success(0)
~~PA~3~~Inject Auth Header~password~pwd(1):...Ok~Success(0)
~~PC~3~~Document=(ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc),Policy=(SSLVPN_Default),Rule=(1::RuleID_1290160246988),Action=(InjectAuthHeader::3)~~~~Success(0)
</amLogEntry>
--------------------



Code:
--------------------
<amLogEntry> 2011-11-22T13:55:40Z DEBUG NIDS Application:
Method: BaseHandler.sendSOAPResponse
Thread: http-127.0.0.1-8080-Processor34
SOAP EndpointResponse:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<NXPES Id="5132" Status="success">
<EvaluateResponse>
<DoAction ActionName="InjectCustomHeader" ActionTTL="0" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectAuthHeaderData" ActionTTL="-1" Enum="2710">
<Parameter Enum="10" Name="Uid" Value="XX"/>
<Parameter Enum="20" Name="Pwd" Value="XX"/>
</DoAction>
</EvaluateResponse>
</NXPES>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</amLogEntry>
--------------------



Code:
--------------------
22 Nov 2011 15:07:26,598 DEBUG AuthenticatorBase - Security checking request GET /sslvpn/
22 Nov 2011 15:07:26,598 DEBUG AuthenticatorBase - Not subject to any constraint
22 Nov 2011 15:07:26,598 DEBUG AuthFilter - request for URL /sslvpn/?null
22 Nov 2011 15:07:26,599 DEBUG H - getSession IPCZQX03a36c6c0a=000002005b0884c851f52e01892a04bd2f0fd5bc
22 Nov 2011 15:07:26,600 INFO DispatcherServlet - sending error code with message [SSL VPN Gateway requires authentication for this resource.] ...
22 Nov 2011 15:07:26,600 DEBUG - servletPath=/error.jsp, pathInfo=null, queryString=null, name=null
22 Nov 2011 15:07:26,600 DEBUG [/sslvpn] - Path Based Forward
22 Nov 2011 15:07:26,600 DEBUG JspServlet - JspEngine --> /error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - ServletPath: /error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - PathInfo: null
22 Nov 2011 15:07:26,600 DEBUG JspServlet - RealPath: /var/opt/novell/tomcat5/webapps/sslvpn/error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - RequestURI: /sslvpn/error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - QueryString: null
22 Nov 2011 15:07:26,600 INFO ErrorJSP - Error code message [SSL VPN Gateway requires authentication for this resource.] is sent to user.
22 Nov 2011 15:07:26,601 DEBUG - Disabling the response for futher output
<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPContextListener.sessionCreated
Thread: http-127.0.0.1-8080-Processor21
Created session AMAUTHID#325F26FFA1C8C60FCCCC77E634CA3733 </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-127.0.0.1-8080-Processor21
****** HttpServletRequest Information:
Method: POST
Scheme: http
Context Path: /nesp
Servlet Path: /app
Query String: null
Path Info: /soap
Server Name: 127.0.0.1
Server Port: 8080
Content Length: 500
Content Type: text/xml
Auth Type: null
Request URL: http://127.0.0.1:8080/nesp/app/soap
Host IP Address: 127.0.0.1
Remote Client IP Address: 127.0.0.1
Header: Name: content-type, Value: text/xml
Header: Name: host, Value: 127.0.0.1:8080
Header: Name: connection, Value: close
Header: Name: soapaction, Value: urn:liberty:soap-action
Header: Name: content-length, Value: 500
Session Id: 325F26FFA1C8C60FCCCC77E634CA3733
Session Last Accessed Time: 1321970846688
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-127.0.0.1-8080-Processor21
iUrlCategory: 5, iUrlCommand: 400 </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: SavedInputStream.<init>
Thread: http-127.0.0.1-8080-Processor21
Created new SavedInputStream using InputStream: org.apache.catalina.connector.CoyoteInputStream </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache session failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 2
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache ancestralsession failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 0
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CommonHandler.getRealServer
Thread: http-127.0.0.1-8080-Processor21
URL Command == SOAP! </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: SOAPProfile.isProfileRequest
Thread: http-127.0.0.1-8080-Processor21
Is this request a SOAP Profile request? Name: NXPES, Answer: true </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache session failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 2
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache ancestralsession failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 0
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CommonHandler.handleRequest
Thread: http-127.0.0.1-8080-Processor21
Handling request: soap </amLogEntry>
--------------------


--
Patrick Oberlechner
Senior Consultant
Didas AG / Munich / Germany
------------------------------------------------------------------------
pober's Profile: http://forums.novell.com/member.php?userid=504
View this thread: http://forums.novell.com/showthread.php?t=439915


Patrick Oberlechner Senior Consultant IS4IT GmbH / Germany
0 Likes
1 Reply
pober Absent Member.
Absent Member.

Re: Can't get SSLVPN to work


Sorry, had an redirect in my protected resource back to /

No it works fine...


--
Patrick Oberlechner
Senior Consultant
Didas AG / Munich / Germany
------------------------------------------------------------------------
pober's Profile: http://forums.novell.com/member.php?userid=504
View this thread: http://forums.novell.com/showthread.php?t=439915


Patrick Oberlechner Senior Consultant IS4IT GmbH / Germany
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.