LDAPWiki: Posting Credentials to NAM

The Challenge#

Our client wanted to be able to authenticate a user to NAM from a application.

We advised that the "right(?)" method would be to use SAML, but that was a little far out for them to accomplish.

A Solution#

What we did was create a JSP Page that posted credentials to the NAM login page. A sample of what we used is shown below.

We got a lot of information on this from the NAM documentation on NAM Customized JSP Pages. Novell's documentation provides:

Post Action: https://idpclstr.yourdomain.com:8443/nidp/app/login
User name input type = "text": name="Ecom_User_ID"
User password input type = "password: name="Ecom_Password"
Optional input type = "hidden": name="target" with a value of a destination URL.

What we Learned#

It appeared that if we just posted the page to the idp server, the user was authenticated, but no SSO was working. That is when the browser went to another page, the browser prompted for credentials again.

What we noticed was that if we first went to one of the protected resources and then posted to the idp server, that SSO did work. We then created a page with an iFrame (set so small no one would see it) that contained the login page to a "protected resource" and then posted to the page to the idp cluster with a hidden value for the target in the post. This appears to work fine.

This allowed us to obtain credentials from a source that is not available to NAM and be able to authenticate to NAM. Keep in mind that the credentials must match those in NAM's userstore to work.

Sample test Page#

Use Entirely at Your Own Risk CISUS.COM nor anyone else is responsible if you use a tool or any information on this site and causes damages to anyone or anything! This is only Example code

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>NAM Posted Login</title>
</head>
<body bgcolor="white">
<form name="login" id="login" method="post" action='https://idp.yourdomain.com:8443/nidp/app/login' >
  <table border="0" cellspacing="5">
    <tr>
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="Ecom_User_ID"></td>
    </tr>

    <tr>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="Ecom_Password"></td>
    </tr>
    <tr>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>
    </tr>
  </table>
</form>
</html>

More Information#

There might be more information for this subject on one of the following:

NAM Access Manager