Hi

I just did a setup of NAM Appliances in a cluster.
This NAM has a service which has FormFill set for login form. Form Fill policy is set for saving/reading data from Shared secret storage.

There is nothing special about it, but there is a catch. I was testing it and i have noticed something strange going on.

! We can't get credentials from service login form, because of this we are using simple custom form. (Dummy HTML form)

What we expect:
  1. User opens a new Browser window and visits portal.company.com which requires user's authentication.
  2. User then authenticates and is redirected to portal Dashboard.
  3. In Dashboard he selects APPMark for service, where he is redirected to login form. (customform.company.com/ris)
  4. Because user currently doesn't have any shared secret set for this service login form opens.
  5. User enters credentials And clicks on Submit
  6. NAM should take credentials and save it in Shared settings. It then redirects to ris.company.com
  7. When ris.company.com opens, NAM injects identity via basic authentication.
  8. User should be logged in now.



What is happening:
  1. User opens new Browser window and visits portal.company.com which requires user's authentication.
  2. User then authenticates and is redirected to portal Dashboard.
  3. In Dashboard he selects APPMark for service, where he is redirected to login form. (customform.company.com/ris)
  4. Because user currently doesn't have any shared secret set for this service login form opens.
  5. User enters credentials And clicks on Submit
  6. !!!! NAM sometimes doesn't save credentials and user is forwaded to ris.company.com
  7. When ris.company.com opens, NAM tries to inject identity, but it fails because shared settings are empty..


What i have noticed so far:
- When user shared setting object in eDir is created, that after this i can succesfully save shared settings.
- Twice i have event noticed that this user's shared settings object wasn't created but between portal.company.com login and click on AppMark& Login on custom form was 15 minutes apart and in this case credentials were correctly saved.

I was looking at ESP logs and IDP logs but i can't find anything that could help me.
Logs: ESP: /var/opt/novell/nam/logs/mag/tomcat/catalina.out
IDP: /var/opt/novell/nam/logs/idp/tomcat/catalina.out


Does someone maybe have some similar experience or can help with some information what could i check, debug it.