Are there users out there who have experience with NetIQ IDM 4.0.x (or
earlier) configurations where SSL processing is performed by external
appliances, which also provide high availability / load balancing
functions?

We are in the midst of establishing such an environment and have run
into a few stumbling blocks. We've found work-arounds for issues such as
NCP and NAT, but are confounded by a problem with the UserApp and the
Reporting Module which we have setup under JBoss -- the UserApp seems to
work well enough alone, but the Reporting App doesn't seem to like
working behind a SSL accelerator such as the F5 LTM (9.4.8) -- where the
SSL connection is between the client browser and the F5 appliance, but
the connection between the F5 and the IDM UserApp is cleartext, and
essentially proxied.

We modified the default connector config:
novell/idm/jboss/server/IDMProv/deploy/jbossweb.sar/server.xml

from:
<Connector protocol="HTTP/1.1" port="8080"
address="${jboss.bind.address}"
connectionTimeout="20000" redirectPort="8443" />

to:

<Connector protocol="HTTP/1.1" port="8080"
address="${jboss.bind.address}"
connectionTimeout="20000" redirectPort="8443"
scheme="https" secure="true" proxyName="idmdev.bc.edu"
proxyPort="443"/>

But this isn't sufficient, and results in an error with authentication
token results:

The authentication server is invalid:
https://idmdev.bc.edu:443/IDMRPT-AUTH/auth/tokens

Has anyone run into similar issue or have a suggestion?

Cheers,
David Mak
Boston College


--
davidmakbc
------------------------------------------------------------------------
davidmakbc's Profile: http://forums.novell.com/member.php?userid=118358
View this thread: http://forums.novell.com/showthread.php?t=455218