I have the same issue, with 3.1.4.27.

All authentication headers are set correctly. I proofed this via an
phpinfo();.

Here some infos from the catalina.out:

Code:
--------------------
<amLogEntry> 2011-11-22T13:55:40Z DEBUG NIDS Application: AM#501103050: AMDEVICEID#esp-470F88D29E22CBD6: AMAUTHID#C54209DBA4B9BCF7CA2BF2DB2D5F9E15: PolicyID#54M96691-6973-KOK2-2355-36MMNO779OM2: NXPESID#5132: AGIdentityInjection Policy Trace: ~~RL~1~~~~Rule Count: 1~~Success(67)
~~RU~RuleID_1290160246988~SSLVPN_Default~DNF~~0:4~ ~Success(67)
~~PA~ActionID_1321964689388~~Inject Custom Header~X-SSLVPN-CLIENTIP~Value(2):ClientIP(2504::~Ok:ttl 0~Success(0)
~~PC~ActionID_1321964689388~~Document=(ou=xpemlPEP ,ou=mastercdn,ou=ContentPublisherContainer,ou=Part ition,ou=PartitionsContainer,ou=VCDN_Root,ou=acces sManagerContainer,o=novell:romaContentCollectionXM LDoc),Policy=(SSLVPN_Default),Rule=(1::RuleID_1290 160246988),Action=(InjectCustomHeader::ActionID_13 21964689388)~~~~Success(0)
~~PA~1~~Inject Custom Header~X-SSLVPN-PROXY-SESSION-COOKIE~Value(2):ProxySessionCookie(2505::~Ok:ttl -1~Success(0)
~~PC~1~~Document=(ou=xpemlPEP,ou=mastercdn,ou=Cont entPublisherContainer,ou=Partition,ou=PartitionsCo ntainer,ou=VCDN_Root,ou=accessManagerContainer,o=n ovell:romaContentCollectionXMLDoc),Policy=(SSLVPN_ Default),Rule=(1::RuleID_1290160246988),Action=(In jectCustomHeader::1)~~~~Success(0)
~~PA~2~~Inject Custom Header~X-SSLVPN-ROLE~Value(2):CurrentRoles(6660::~Ok:ttl -1~Success(0)
~~PC~2~~Document=(ou=xpemlPEP,ou=mastercdn,ou=Cont entPublisherContainer,ou=Partition,ou=PartitionsCo ntainer,ou=VCDN_Root,ou=accessManagerContainer,o=n ovell:romaContentCollectionXMLDoc),Policy=(SSLVPN_ Default),Rule=(1::RuleID_1290160246988),Action=(In jectCustomHeader::2)~~~~Success(0)
~~PA~3~~Inject Auth Header~uid~uid(1)...Ok:ttl -1~Success(0)
~~PA~3~~Inject Auth Header~password~pwd(1):...Ok~Success(0)
~~PC~3~~Document=(ou=xpemlPEP,ou=mastercdn,ou=Cont entPublisherContainer,ou=Partition,ou=PartitionsCo ntainer,ou=VCDN_Root,ou=accessManagerContainer,o=n ovell:romaContentCollectionXMLDoc),Policy=(SSLVPN_ Default),Rule=(1::RuleID_1290160246988),Action=(In jectAuthHeader::3)~~~~Success(0)
</amLogEntry>
--------------------



Code:
--------------------
<amLogEntry> 2011-11-22T13:55:40Z DEBUG NIDS Application:
Method: BaseHandler.sendSOAPResponse
Thread: http-127.0.0.1-8080-Processor34
SOAP EndpointResponse:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<NXPES Id="5132" Status="success">
<EvaluateResponse>
<DoAction ActionName="InjectCustomHeader" ActionTTL="0" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectAuthHeaderData" ActionTTL="-1" Enum="2710">
<Parameter Enum="10" Name="Uid" Value="XX"/>
<Parameter Enum="20" Name="Pwd" Value="XX"/>
</DoAction>
</EvaluateResponse>
</NXPES>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</amLogEntry>
--------------------



Code:
--------------------
22 Nov 2011 15:07:26,598 DEBUG AuthenticatorBase - Security checking request GET /sslvpn/
22 Nov 2011 15:07:26,598 DEBUG AuthenticatorBase - Not subject to any constraint
22 Nov 2011 15:07:26,598 DEBUG AuthFilter - request for URL /sslvpn/?null
22 Nov 2011 15:07:26,599 DEBUG H - getSession IPCZQX03a36c6c0a=000002005b0884c851f52e01892a04bd2 f0fd5bc
22 Nov 2011 15:07:26,600 INFO DispatcherServlet - sending error code with message [SSL VPN Gateway requires authentication for this resource.] ...
22 Nov 2011 15:07:26,600 DEBUG - servletPath=/error.jsp, pathInfo=null, queryString=null, name=null
22 Nov 2011 15:07:26,600 DEBUG [/sslvpn] - Path Based Forward
22 Nov 2011 15:07:26,600 DEBUG JspServlet - JspEngine --> /error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - ServletPath: /error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - PathInfo: null
22 Nov 2011 15:07:26,600 DEBUG JspServlet - RealPath: /var/opt/novell/tomcat5/webapps/sslvpn/error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - RequestURI: /sslvpn/error.jsp
22 Nov 2011 15:07:26,600 DEBUG JspServlet - QueryString: null
22 Nov 2011 15:07:26,600 INFO ErrorJSP - Error code message [SSL VPN Gateway requires authentication for this resource.] is sent to user.
22 Nov 2011 15:07:26,601 DEBUG - Disabling the response for futher output
<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPContextListener.sessionCreated
Thread: http-127.0.0.1-8080-Processor21
Created session AMAUTHID#325F26FFA1C8C60FCCCC77E634CA3733 </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-127.0.0.1-8080-Processor21
****** HttpServletRequest Information:
Method: POST
Scheme: http
Context Path: /nesp
Servlet Path: /app
Query String: null
Path Info: /soap
Server Name: 127.0.0.1
Server Port: 8080
Content Length: 500
Content Type: text/xml
Auth Type: null
Request URL: http://127.0.0.1:8080/nesp/app/soap
Host IP Address: 127.0.0.1
Remote Client IP Address: 127.0.0.1
Header: Name: content-type, Value: text/xml
Header: Name: host, Value: 127.0.0.1:8080
Header: Name: connection, Value: close
Header: Name: soapaction, Value: urn:liberty:soap-action
Header: Name: content-length, Value: 500
Session Id: 325F26FFA1C8C60FCCCC77E634CA3733
Session Last Accessed Time: 1321970846688
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-127.0.0.1-8080-Processor21
iUrlCategory: 5, iUrlCommand: 400 </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: SavedInputStream.<init>
Thread: http-127.0.0.1-8080-Processor21
Created new SavedInputStream using InputStream: org.apache.catalina.connector.CoyoteInputStream </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache session failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 2
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache ancestralsession failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 0
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CommonHandler.getRealServer
Thread: http-127.0.0.1-8080-Processor21
URL Command == SOAP! </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: SOAPProfile.isProfileRequest
Thread: http-127.0.0.1-8080-Processor21
Is this request a SOAP Profile request? Name: NXPES, Answer: true </amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache session failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 2
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-127.0.0.1-8080-Processor21

Retrieval of object from cache ancestralsession failed using key 325F26FFA1C8C60FCCCC77E634CA3733. Cache size is 0
</amLogEntry>

<amLogEntry> 2011-11-22T14:07:26Z DEBUG NIDS Application:
Method: CommonHandler.handleRequest
Thread: http-127.0.0.1-8080-Processor21
Handling request: soap </amLogEntry>
--------------------


--
Patrick Oberlechner
Senior Consultant
Didas AG / Munich / Germany
------------------------------------------------------------------------
pober's Profile: http://forums.novell.com/member.php?userid=504
View this thread: http://forums.novell.com/showthread.php?t=439915