Wednesday Jan 28, 2009

How to truncate the request URL written to the Web Server 6.1 access log.

Q:  How can I trim the request line written to the access logs so that the whole
    URL is not written but only a piece?

    This can be an important consideration where there is the possibilit that
    sensitive data such as a password may be written to the log files in
    clear text.

example line written to access log:

135.155.56.162 - - [26/Jan/2009:20:53:04 -0500] "GET
/US/ABC/signon/DisplayUsernameSignon.do?password=nevershowthis

and here is what we would like to see:

/US/ABC/signon/DisplayUsernameSignon.do

A:  To accomplish this for a single particular URL as is listed the following
    can be performed:

<Object ppath="\*(\*/ABC/sign/DisplayUsernameSignon.do\*)">
AuthTrans fn="set-variable" set-reqpb="clf-request=/ABC/sign/DisplayUsername.do"
</Object>


The above has the effect of rewriting the clf-request in the access logs
to change it to just /JSO/sign/DisplayUsername.do.

This solution will work for one particular URL but to do this for all URL's
it would require the creation of an NSAPI filter.

Thursday Jan 15, 2009

Unable to log in as Admin to the AM 7.1 Console

Q:  I am seeing the following: when trying to login
via amAdmin/passwd to the AM 7.1 sp1 console:

Here is what was written to amAuthentication.error when i tried to login to the
Access Manager admin console:

bash-3.00# more amAuthentication.error
"2008-12-29 14:47:31"   "Login Failed"  amAuthentication.error  AUTHENTICATION-2
00      dc=sysops,dc=iimage,dc=com       "Not Available" INFO    uid=amadmin,ou=
people,dc=sysops,dc=iimage,dc=com        192.168.4.147    "cn=dsameuser,ou=DSAME
 Users,dc=sysops,dc=iimage,dc=com"        hqtstvapp01.sysops.iimage.com
"2008-12-29 14:47:31"   "Authentication Module Denied"  LDAP    AUTHENTICATION-2
00      dc=sysops,dc=iimage,dc=com       "Not Available" INFO    uid=amadmin,ou=
people,dc=sysops,dc=iimage,dc=com        192.168.4.147    "cn=dsameuser,ou=DSAME
 Users,dc=sysops,dc=iimage,dc=com"        hqtstvapp01.sysops.iimage.com

A:  Here are the things to check... 

1) confirm that AMSDK could talk to the DS via:

/amadmin -u amadmin -w  -m

2) Make sure that the user amAdmin is in the people container

This problem can crop up if you use the tools on DS to create
the amAdmin users and others.

In this case it is best to use the installer and allow
the JES installer to take the defaults with the exception
of the port numbers and URL's for AM 7.1 sp 1 and DS and
then try the login.

These action require a reinstall of the product.

About

Gregory Bedigian

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today