XML validation errors - "There is no ID/IDREF binding for IDREF"

  • 3641920
  • 17-Apr-2007
  • 26-Apr-2012


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 SSLVPN Server


A basic setup with the NetWare Access Gateway (NAG) and the Identity (IDP) server was installed and worked well. Users could authenticate to the IDP server and access protected resources on the NAG reverse proxy server.

Customer then created a custom login page on the IDP server and added this JSP as an attribute of a newly created method. A corresponding contract was defined that referenced this method. The contract was applied to the NAG protected resource but users could not get redirected to the IDP login page.

Rather than troubleshooting this issue, it was decided to blow away the custom configuration and restart, adding the same information again. When applying the changes to the NAG, the XML validation error would get displayed at the Administration Console.


Delete the old contract still referenced in the configuration and change the contract to NONE, apply the change and set it back to the newly assigned contract.

Additional Information

Troubleshooting any XML validation error requires the app_sc.log.0 file from /opt/novell/devman/share/log directory on the Administration Console server. In the above scenario, we searched for the 'XML validation' string and found the following exception:

Caused by: org.xml.sax.SAXParseException: cvc-id.1: There is no ID/IDREF binding for IDREF 'authprocedure_SPXCustom___Form'.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)

The SPXCustom contract was the contract that we had previously assigned to the protected resource. Despite adding a new contract to the protected resource, the configuration still seemed to reference the old one. Manually deleting the old one and forcing a resync of the contract information by setting the contract for the protected resource to NONE and back again to the valid contract, will fix the issue.