4.10 AJP Communication Setting for Access Gateway

(Access Manager 5.0 Service Pack 1 and later)

By default, a constant passcode is used to communicate between HTTPD and Tomcat. For higher security, you can change this passcode. You must change the passcode in the httpd proxy service configuration file and the secret in /opt/novell/nam/mag/conf/serverl.xml and /opt/novell/nam/idp/conf/server.xml.

To change the passcode in the HTTPD configuration file, perform the following steps:

  1. Click Devices > Access Gateways > Edit > Advanced Options.

  2. Set the AJPToken <passcode> option and specify the passcode. For example,

    AJPToken <new-passcode>

    The following list includes the supported special characters:

    • &
    • [
    • ]
    • |
    • {
    • }
    • ^
    • \
    • `
    • "
    • <
    • >
  3. Click OK.

To change the secret in the server.xml file, perform the following steps:

  1. In /opt/novell/nam/mag/conf/serverl.xml and /opt/novell/nam/idp/conf/server.xml, modify the value of secret in the AJP protocol section.

    The value must be the same as the passcode specified in the AJPToken <new-passcode> option that you specified in Step 2.

    <Connector port="9009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" address="127.0.0.1" minSpareThreads="25" maxThreads="600" backlog="0" connectionTimeout="20000" packetSize="65536" maxPostSize="65536" secret="value" />

    NOTE:Due to the tomcat restriction, special characters need to be specified in a specific format. For example, to include &, specify &amp;

    To specify a special character in the value, refer to the following list:

    To Use

    Specify

    &

    &amp;

    [

    &#x5B;

    ]

    &#x5D;

    |

    &#x7C;

    {

    &#x7B;

    }

    &#x7D;

    ^

    &#x5E;

    \

    &#x5C;

    `

    &#x60;

    "

    &#x22;

    <

    &#x3C;

    >

    &#x3E;

  2. Save the file.

  3. Restart Access Gateway and Identity Server.

    Access Gateway: /etc/init.d/novell-mag restart

    Identity Server: /etc/init.d/novell-idp restart