Howto accelerate Groupwise 7 Web access server with iChain 2.3

(Last modified: 28Apr2006)

This document (10098806) is provided subject to the disclaimer at the end of this document.

fact

iChain 2.3

iChain 2.3 Support Pack 3 applied

ic23sp3.exe applied

Accelerating Groupwise 7 server

symptom

Howto accelerate Groupwise 7 Web access server with iChain 2.3

Howto accelerate Groupwise 7 Web Monitor Web console with iChain 2.3

fix

For some administrators that are not fully familiar with the key Groupwise 7 Web links, the following basic info section has been added for more information.

Basic Information:


User access to their mailbox via WebAccess is similar to “http(s)://<DNSNameOf Server>/gw/webacc”.


Admin access to the Monitor Web Console is similar to “http(s)://<DNSNameOf Server>/gw/gwmonitor”.


If /gwmonitor or /webacc is not included in the URL entered in the browser, the user will see a “Web Services” page which allows selection of desired language, with buttons to then access either WebAccess or Monitor.


Monitoring agents can be accessed individually or through use of the Monitor Web Console (which requires use of a GroupWise Monitor Server (Win and Linux only)). Links on the Monitor Web Console will redirect the browser to the appropriate Monitor agent, so separate accelerators for each agent are required even when using the Monitor Web Console. Default ports for the GroupWise monitoring agents:

7180: MTA Monitor Agent
7181: POA Monitor Agent
7211: WebAccess Monitor Agent
9850: GWIA Monitor Agent
8200: GroupWise Monitor Server Agent (Win/Linux only)

Configuration notes:

                  Multi-homing accelerators:

Path-based multi-home with “Remove sub-path from URL” disabled:

No problems specific to this configuration were noted with WebAccess or Monitor Web Console. Sub-path match string is “/gw”.

WebAccess with Path-based multi-home with “Remove sub-path from URL” enabled:

User may see errors in browser such as 504 Gateway Timeout or Page Not found when trying to compose new mail or other items, reply, forward, Update button, etc. Also, spellcheck may not work.

To avoid these problems, make the following entries in sys:/etc/proxy/rewriter.cfg:

[Javascript Variables]
sUrl
strUrl
baseURL
window.location.href
VALUE

Monitor Web Console with Path-based multi-home with “Remove sub-path from URL” enabled:

Pressing the group link (upper left on main page) or Help buttons on the main and Options page (and others) result in 504 Gateway Timeout or Page not found error.

The following rewriter.cfg entry fixes the group link issue:

[Javascript Variables]
parent.caption.location.href

Domain-base multi-homing: No problems specific to this configuration were noted with WebAccess or Monitor Web Console.

Non multi-homing: No problems specific to this configuration were noted with WebAccess or Monitor Web Console.


Single Sign On:

GroupWise WebAccess can process a username and password in the http Authorization header. The header can be populated by iChain with an LDAP formatted name by enabling the accelerator option “Forward authentication information to web server” or by using OLAC to push the user’s common name (ICHAIN_UID/ldap/uid) or any specified ldap attribute.

To enable GroupWise WebAccess to process the http Authorization header, it must be configured to “Trust” iChain. Basic steps to add iChain as a Trusted Application are below:

  • In ConsoleOne, under the GroupWise domain object, double-click the GroupWiseWebAccess object

  • On the Application tab, select Security from the drop-down list

  • Under the “single sign-on” field, add the primary ip address of the iChain server

Form Fill can also be used to provide SSO to WebAccess. Below is a sample Form Fill script which includes scripts for the language selection page if needed - the accelerator name created for the tests is gwise7.novell.com:

<urlPolicy>
<name>Groupwise-Language-Selection</name>
<url>gwise7.novell.com/gw/index.html</url>
<formnum>2</formnum>
<formCriteria>
<title>Novell Web Services</title>
</formCriteria>
<actions>
<fill>
<select name="User.lang" type="listbox" value="~">
&l.t;/fill>
<post/>
</actions>
</urlPolicy>

<urlPolicy>
<name>GroupWiseWebAccessLoginFailure</name>
<url>gwise7.novell.com/gw/webacc</url>
<formCriteria>
<TITLE>Novell WebAccess</TITLE>
Please login again. You may have typed your name or password incorrectly.
loginForm
</formCriteria>
<actions>
<deleteRemembered>GroupWiseWebAccess</deleteRemembered>
<redirect>gwise7.novell.com/gw/webacc</redirect>
</actions>
</urlPolicy>

<urlPolicy>
<name>GroupWiseWebAccess</name>
<url>gwise7.novell.com/gw/webacc</url>
<formCriteria>
<TITLE>Novell WebAccess</TITLE>
loginForm
</formCriteria>
<actions>
<fill>
<INPUT NAME="User.id" value="~">
<INPUT NAME="User.password" value="~">
</fill>
<maskedPost/>
</actions>
</urlPolicy>

Simultaneous Logout:

GroupWise WebAccess can be configured to perform simultaneous logout with iChain (in ConsoleOne, under Properties of the GroupWiseWebAccess object). See GroupWise documentation for details on three possible locations to effect the behavior of the logout action.

.

document

Document Title: Howto accelerate Groupwise 7 Web access server with iChain 2.3
Document ID: 10098806
Solution ID: NOVL103357
Creation Date: 05Sep2005
Modified Date: 28Apr2006
Novell Product Class:iChain

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.