Form Fill Traces

The following sections describe how to enable logging for the Form Fill policies, describe the form that was used to create the Form Fill trace, then describe the entries that can be found in the logs:

Enabling Form Fill Logging

Two modules evaluate the Form Fill policy and log entries:

  • ESP of Access Gateway evaluates the Form Fill policy and logs entries to its file. ESP sends the messages to the catalina.out file of Access Gateway. To enable ESP logging, see Turning on Logging for Policy Evaluation.

  • The Access Gateway proxy service reports the process of finding the form data and filling it in.

    For Access Gateway Appliance, see the /var/log/novell-apache2/soapmessages file.

    You can configure a custom filter and file to log Form Fill entries. For the filter, enable the Form Fill Processing events in the Advanced Log Level Options section.

Sample Form and Policy Used for the Trace

Figure 33-10 Form Used for the Trace

Source HTML for the Form

The name of the form and the fields that need to be filled in by the policy are in bold typeface.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 
<html> 
<head> 
  <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 
  <title>kelly</title> 
</head> 
<body> 
  <form name="mylogin" action="double.php" method="post" id="mylogin"> 
    <center> 
      <table border="0" cellpadding="4" cellspacing="4" width="570"> 
        <tr> 
          <td width="121" height="285" align="left" valign="top"> 
          </td> 
          <td width="449" height="285" align="center" valign="top"> 
            <p align="center">
              <font size="5">Novell Services Login<br></font>
            </p> 
            <table border="0" width="86%"> 
              <tr> 
                <td width="25%">Username:</td> 
                <td width="75%">
                  <input type="TEXT" name="username">
                </td> 
              </tr> 
              <tr> 
                <td width="25%">Password:</td> 
                <td width="75%">
                  <input type="PASSWORD" name="password" size="30">
                </td> 
              </tr>
              <tr>
                <td width="25%">title:</td>
                <td width="75%">
                  <input type="TEXT" name="title" size="30">
                </td>
              </tr>
            </table>
          </td>
        </tr>

         <tr>
            <td colspan="2" align="center">
             <input type="hidden" name="formNum" value="1">
             <input type="submit" value="Login">
             <input type="reset">
            </td>
          </tr>
        </table> 
      </center>
    </form> 
</body>
</html>

Form Fill Policy

The following Form Fill policy was created for the mylogin form. The policy is called Form_Fill. You can use the name of the policy to find entries for it in the log files. The policy was assigned to the /identity/forms/simple.html protected resource. Because the URL path identifies a specific file on the web server, the policy does not require any CGI or page matching criteria.

Figure 33-11 The Form Fill Policy for the mylogin Form

This policy is configured so that the user never sees the form. Even on first login, the form is filled in for authenticated users because the user’s authentication credentials are used for the username and password fields, and the title field value is obtained from the LDAP user store. If the user does not have a value for the title attribute, the user sees the form every time the page is accessed. If you want the value to be saved for these users, you need to change the policy to use a secret store rather than an LDAP attribute.

Embedded Service Provider Trace

When you look for entries for the Form_Fill policy in the Embedded Service Provider trace, you can use the following strings to find the entries:

  • The name of the Form Fill policy: Form_Fill

  • The string identifying a Form Fill trace: AGFormFill Policy Trace

  • The policy ID (after you have found it): PolicyID#06OO287L-06LO-KKP4-207M-6971PPM6147L

The following trace is from the catalina.out file of the Embedded Service Provider of an Access Gateway Appliance. The entries have been numbered so that they can be described, and a few extra line breaks and spaces have been added to make the entries easier to read.

1. <amLogEntry> 2009-09-14T00:15:52Z INFO NIDS Application: AM#501101050: AMDEVICEID#esp-917A1174C8A270FC: PolicyID#06OO287L-06LO-KKP4-207M-6971PPM6147L: NXPESID#2663: Evaluating policy </amLogEntry>

2. <amLogEntry> 2009-09-14T00:15:52Z INFO NIDS Application: AM#501104050: AMDEVICEID#esp-917A1174C8A270FC: PolicyID#06OO287L-06LO-KKP4-207M-6971PPM6147L: NXPESID#2663: AGFormFill Policy Trace: 
   ~~RL~1~~~~Rule Count: 1~~Success(67)
   ~~RU~RuleID_1189711482510~Form_Fill~DNF~~0:1~~Success(67)
   ~~PA~ActionID_1189711485006~~Added Form Selection Group~~~~Success
       (0)
   ~~PA~ActionID_1189711485006~~Added Fill Options Group~~~~Success(0)
   ~~PA~ActionID_1189711485006~~Added Submit Options Group~~~~Success
       (0)
   ~~PC~ActionID_1189711485006~~Document=(ou=xpemlPEP,ou=mastercdn,
     ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,
     ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContent
     CollectionXMLDoc),Policy=(Form_Fill),Rule=(1::RuleID_11897114
     82510),Action=(FormFill::ActionID_1189711485006)~~~~Success(0)
 </amLogEntry>

3. <amLogEntry> 2009-09-14T00:15:52Z INFO NIDS Application: AM#501101021: AMDEVICEID#esp-917A1174C8A270FC: PolicyID#06OO287L-06LO-KKP4-207M-6971PPM6147L: NXPESID#2663: Response sent: Status - success </amLogEntry>
  1. The first log entry is the request to evaluate the policy. If this entry does not’ occur, ensure that the Form Fill policy is enabled for the protected resource.

  2. The second entry is the actual policy trace. For a Form Fill policy, it is fairly basic information about the three types of actions in the policy: matching the form, filling in the field options, and adding the submit options. To determine what information was put in the options, you need to view the proxy service trace.

  3. The third entry indicates the type of response that is returned from the evaluation. In this entry, success is returned.

Proxy Service Trace

When you look for entries in the proxy trace of Access Gateway log, you can use the following strings to find the entries:

  • The name of the Form Fill policy: Form_Fill

  • The name of the form: mylogin

  • The names of the fill option fields: username, password, title

The sample trace is from the error_log file of a Access Gateway Appliance. Some of the lines are very long, and extra white space has been added to make them easier to read.

Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF:fillSilent: mastercdnForm_Fill3310
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF:Filling: username
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF:Filling: password
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF:Filling: title
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF: No Match <formNum>
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#40: FF:fillInteractive FormFill Policy :mastercdnForm_Fill3310 Inject JavaScript Policy: mastercdnForm_Fill3510
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#42: FF:fillSilent: mastercdnForm_Fill3310, referer: http://www.ag1.com/identity/forms/simple.html 
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#42: FF:Not Found: <form>, referer: http://www.ag1.com/identity/forms/simple.html
Sep  9 17:05:08 nam40-mag1 httpd[16354]: [warn] AMEVENTID#42: FF:no <Form pol:mastercdnForm_Fill3310, referer: http://www.ag1.com/identity/forms/simple.html 

On Access Gateway Appliance, you can get more detailed information about the process that was used to fill the form when you turn on logging to the soapmessages file.