Environment
Access Manager 3 shipping code
Novell Identity Server on linux
NetWare Access Gateway in VMWare ESX 3 platform
Novell Identity Server on linux
NetWare Access Gateway in VMWare ESX 3 platform
Situation
Setup a protected resource on NetWare Access Gateway. User
successfully authenticates to proteced resource via Identity
server. After a few hours of inactivity, usually after the setup
has been left idle overnight, users start experiencing 100101014
errors.
These errors are time related and caused by a time lag between the Indentity and Access Gateway servers. In order to synchronize the Access gateway box to it's NTP server, the admin entered the time settings in the Access Gateway configuration on iManager and disabled and re-enabled the DST (Daylight savings Time option) in between an apply. Doing this triggered the above 'time is not in sync' error at the server console.
These errors are time related and caused by a time lag between the Indentity and Access Gateway servers. In order to synchronize the Access gateway box to it's NTP server, the admin entered the time settings in the Access Gateway configuration on iManager and disabled and re-enabled the DST (Daylight savings Time option) in between an apply. Doing this triggered the above 'time is not in sync' error at the server console.
Resolution
Enter the Access Gateway configuration, select the 'Date &
Time' tab and simply change the timezone from the existing one to
another, and back again. This will reset the DST settings and bring
the time back into sync.
Additional Information
When disabling the DST setting, the DST time settings are reset to
the default of jan 1 2007. This would cause major issues when
validating SAML assertions as the SAML conditions would fail. A fix
will make sure that the current DST settings are not lost in the
configuration store (Access Administrator) when the DST option is
disabled.