moldin Absent Member.
Absent Member.
628 views

Redirect to UserApplication (IDM)


Hi,

In our solution we have a redirect policy in the Access Manager wich
redirects to the UserApplication.
In DNS we created idm.company.dk which is a CName og ua.company.dk:8180
In AM the policy looks like this:
If entry equal https://idm.company.dk
Redirect to https://idm.company.dk/IDM/jsps/login/Login.jsp

In front of that policy we have a Form Fill policy which perform SSO
when users are internal and prompt when external.

Everything worked absolutely fine until we upgarded IDM form 4.0.1 to
4.0.2.7/E
Now when the user is authenticated in AM (the FormFill still works) they
are redirected to page saying "Service unavailable...".

All urls and jsps looks the same.

Can anyone guess what the difference could be and how we can correct it?


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283

0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Redirect to UserApplication (IDM)

moldin;2418446 wrote:
Hi,

In our solution we have a redirect policy in the Access Manager wich
redirects to the UserApplication.
In DNS we created idm.company.dk which is a CName og ua.company.dk:8180
In AM the policy looks like this:
If entry equal https://idm.company.dk
Redirect to https://idm.company.dk/IDM/jsps/login/Login.jsp

In front of that policy we have a Form Fill policy which perform SSO
when users are internal and prompt when external.

Everything worked absolutely fine until we upgarded IDM form 4.0.1 to
4.0.2.7/E
Now when the user is authenticated in AM (the FormFill still works) they
are redirected to page saying "Service unavailable...".

All urls and jsps looks the same.

Can anyone guess what the difference could be and how we can correct it?


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283


In my IDM 4.0.2, the URL changes from what it was in 4.0.1

In my 4.0.2, the Login URL is:
http://servername:8180/IDMProv/jsps/login/Login.jsp

So if you're directing to :
/IDM/jsps/login/Login.jsp

I think you have to change to:
/IDMProv/blahblahblah
0 Likes
moldin Absent Member.
Absent Member.

Re: Redirect to UserApplication (IDM)


No, the URL is the same.
It is by choise in the installation that you set the name which is
IDMProv by default but you can change it to what ever you want. In my
case I selected to use the same name as I did before.


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283

0 Likes
moldin Absent Member.
Absent Member.

Re: Redirect to UserApplication (IDM)


Solved!
Access Manager requires SSL enabled on the userapplication for redirect
to work.
Even if we set the proxy rule not to use SSL and type the non-ssl port
8180 it will not redirect.
With SSL enabled on UA and SSL with port 8543 on the AM proxy rule
everything works like before the UA upgrade.

- martin


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283

0 Likes
Knowledge Partner
Knowledge Partner

Re: Redirect to UserApplication (IDM)

moldin;2418706 wrote:
Solved!
Access Manager requires SSL enabled on the userapplication for redirect
to work.
Even if we set the proxy rule not to use SSL and type the non-ssl port
8180 it will not redirect.
With SSL enabled on UA and SSL with port 8543 on the AM proxy rule
everything works like before the UA upgrade.

- martin


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283


Thanks for posting the answer, I guess I'm lucky as ours works with HTTP on port 8180 without issue (meaning the AG to the IDM UA is on HTTP port 8180). NAM is doing the 443/SSL between browser and AG.

However, we did not enable SSL on the UA, so that may be the reason why it "just works".
4.5 UA is a very different beast, however.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Redirect to UserApplication (IDM)

On 2/3/2016 1:04 AM, moldin wrote:
>
> Solved!
> Access Manager requires SSL enabled on the userapplication for redirect
> to work.
> Even if we set the proxy rule not to use SSL and type the non-ssl port
> 8180 it will not redirect.
> With SSL enabled on UA and SSL with port 8543 on the AM proxy rule
> everything works like before the UA upgrade.
>
> - martin
>
>

I would look at doing a SAML injection as opposed to form fill. A little more work but that is the supported method in the
docs for 4.0.2. Works very smoothly and solves some deep linking problems you might encounter.

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
moldin Absent Member.
Absent Member.

Re: Redirect to UserApplication (IDM)


Hi Will

Good point. I will look into that.
Thank you.


--
moldin
------------------------------------------------------------------------
moldin's Profile: https://forums.netiq.com/member.php?userid=118
View this thread: https://forums.netiq.com/showthread.php?t=55283

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Redirect to UserApplication (IDM)

On 2/5/2016 10:24 AM, moldin wrote:
>
> Hi Will
>
> Good point. I will look into that.
> Thank you.
>
>

Here is the general idea:
https://www.netiq.com/documentation/idm402/agpro/data/b2gx72y.html#bbtes00

This is a cool solutions doc on the subject:
https://www.netiq.com/communities/cool-solutions/configuring-access-manager-userapp-and-saml/


--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.