Anonymous_User Absent Member.
Absent Member.
406 views

Strange Authentication Error


I am running NAM4.01HF1 Appliance. I'm working on customising our login
screen, and am testing it now. I modified the login.jsp screen with a
'prettier' page, but left the names of the username, password etc the
same as the original.
-When I access a protected resource, I see my correct login, and it
works fine.
-I then go to either <site>/AMLogout, or <site>/nesp/app/plogout and the
logout appears fine as well.
-If I immediately try and access the protected resource again, I get a
NETIQ Access Manager page,

Error:An unsupported request was received and cannot be completed.
(0E9BF3629AFC3BE1)

-If I hit F5 to refresh the page immediately, it goes to my custom login
screen as before. I'm hoping I'm missing something simple. Does anyone
have any idea why I am seeing this? I'm not ready to put it into
production before I can stop this error.

Thanks for any ideas.


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
9 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error

On 9/26/2014 12:25 AM, mickers wrote:
>
> I am running NAM4.01HF1 Appliance. I'm working on customising our login
> screen, and am testing it now. I modified the login.jsp screen with a
> 'prettier' page, but left the names of the username, password etc the
> same as the original.
> -When I access a protected resource, I see my correct login, and it
> works fine.
> -I then go to either <site>/AMLogout, or <site>/nesp/app/plogout and the
> logout appears fine as well.
> -If I immediately try and access the protected resource again, I get a
> NETIQ Access Manager page,
>
> Error:An unsupported request was received and cannot be completed.
> (0E9BF3629AFC3BE1)
>
> -If I hit F5 to refresh the page immediately, it goes to my custom login
> screen as before. I'm hoping I'm missing something simple. Does anyone
> have any idea why I am seeing this? I'm not ready to put it into
> production before I can stop this error.
>
> Thanks for any ideas.
>
>


Typically the logout page should indicate to the user that they should close their browser. Did you close your browser and
then get the error? Or are you going immediately back to the resource?

If you wait say, 3 minutes after logout and then do it, do you get the error?

What does the catalina.out show when you get that error?
Did you customize the nidp.jsp file on the MAG or the IDP?
Did you customize the error pages?

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error


Will,
Thanks for the reply.
I can't see anything in the catalina.out file/s ..
Even if I wait 3 minutes before reloading the protected site, I see the
same error.
If I close the browser everything functions normally.

Since this is an appliance, the only file I modified was a new file to
replace login.jsp, and then I configured the idp to use this new file as
a new method.

I haven't modified the error page (yet), and it does say to close the
browser, but my users don't follow all instructions put in front of
them. With my AM3.1 system, I tried the same process, and it works
flawlessly, returning to the login screen immediately after logout. No
error at all.

The other odd behaviour, which might be of note, is if I do these
steps:

1. Enter Protected site URL
(displays AM4 login screen correctly)
2. Without logging in, I load the same url (above) again
(displays error screen as previously mentioned)
3. GOTO Step 1

It essentially alternates between login page, and error page each time I
load the url.

Any thoughts on this?


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error


mickers;249270 Wrote:
> Will,
> Thanks for the reply.
> I can't see anything in the catalina.out file/s ..
> Even if I wait 3 minutes before reloading the protected site, I see the
> same error.
> If I close the browser everything functions normally.
>
> Since this is an appliance, the only file I modified was a new file to
> replace login.jsp, and then I configured the idp to use this new file as
> a new method.
>
> I haven't modified the error page (yet), and it does say to close the
> browser, but my users don't follow all instructions put in front of
> them. With my AM3.1 system, I tried the same process, and it works
> flawlessly, returning to the login screen immediately after logout. No
> error at all.
>
> The other odd behaviour, which might be of note, is if I do these
> steps:
>
> 1. Enter Protected site URL
> (displays AM4 login screen correctly)
> 2. Without logging in, I load the same url (above) again
> (displays error screen as previously mentioned)
> 3. GOTO Step 1
>
> It essentially alternates between login page, and error page each time I
> load the url.
>
> Any thoughts on this?



My guess is that NAM is not clearing the session/cookies fully on your
logout page.

Make sure its clearing all the cookies and that the session is being
invalidated. You should find the two following snippets in the
logoutSuccess.jsp file.
<%
Cookie cookie = new Cookie("JSESSIONID", null);
cookie.setPath(request.getContextPath());
cookie.setMaxAge(0);
response.addCookie(cookie);

%>


<%request.getSession().invalidate();%>

You should be able to test this by clearing your cache after logout or
doing a Ctrl-F5 to refresh. If you have Chrome you can hit Ctrl-Shift-I
and then hit the Resources tab to see the cookies for your AGW domain
and delete them from there if need be.

If the above code is there then you may need to invalidate the cookies
client side with javascript rather than relying on the headers coming
back from NAM.


--
rtruscot
------------------------------------------------------------------------
rtruscot's Profile: https://forums.netiq.com/member.php?userid=293
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error


Thanks for the extra info.
In my testing, I tested my AM3 login page, and it didn't show the same
issue. So, through trial and error, I narrowed it down to some
javascript and html I was using to show some 'tabbed' help pages on the
login screen.
I have replaced them with another set and the problem has gone away. I
deliberately left all the embedded code alone, and just modified the
aesthetics of the page, so the 'process' of login/logout should remain
untouched.

Thanks for the reply, though, I'll keep this info on hand, since my next
step is to evaluate customising the logout page/s.

Cheers.


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error

On 9/28/2014 9:16 PM, mickers wrote:
>
> Thanks for the extra info.
> In my testing, I tested my AM3 login page, and it didn't show the same
> issue. So, through trial and error, I narrowed it down to some
> javascript and html I was using to show some 'tabbed' help pages on the
> login screen.
> I have replaced them with another set and the problem has gone away. I
> deliberately left all the embedded code alone, and just modified the
> aesthetics of the page, so the 'process' of login/logout should remain
> untouched.
>
> Thanks for the reply, though, I'll keep this info on hand, since my next
> step is to evaluate customising the logout page/s.
>
> Cheers.
>
>

I would be curious to know more details about your customization. It would be interesting to locate a true root cause of the
error.

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error


Will,
I'm happy to diagnose any way I can.
I tried to leave my modified login.jsp as functionally identical to the
original as possible. All I wanted was to change the look and feel. I
was using a tabbed menu from http://www.menucool.com/tabbed-content
I found that this was causing the issue.
If you'd like to see what I have done, go to
http://p.mbc.qld.edu.au/ehelpdesk. Note the tabbed menu (This url may
die in a few days as we go live).

I can send the jsp source if it helps.
Thanks.


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error

mickers wrote:

>
> Will,
> I'm happy to diagnose any way I can.
> I tried to leave my modified login.jsp as functionally identical to
> the original as possible. All I wanted was to change the look and
> feel. I was using a tabbed menu from
> http://www.menucool.com/tabbed-content I found that this was causing
> the issue. If you'd like to see what I have done, go to
> http://p.mbc.qld.edu.au/ehelpdesk. Note the tabbed menu (This url may
> die in a few days as we go live).
>
> I can send the jsp source if it helps.
> Thanks.


Are you modifying the standard pages or did you actually write your own
page and use the mainJSP=true on a class/method?

We have numerous custom login pages and we don't modify the default
pages but write our own from scratch and then use the mainJSP=true.

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error


I wrote my own (which was based on login.jsp), used mainJSP=true, as you
wrote.


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=51840

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Strange Authentication Error

On 9/30/2014 10:01 PM, mickers wrote:
> I can send the jsp source if it helps.


I would love to see it 🙂
you can mail me at:
wschneider [silly circle] cisus [blop] com

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.