Unable to edit Identity Server Cluster properties in Admin Console

  • 7004042
  • 31-Jul-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Novell Identity Server
Admin Console upgraded from 3.0.x to 3.1
Admin Console upgraded from 3.1 to 3.1 SP1

Situation

After upgrading Novell Access Manager to 3.1 or 3.1 SP1, Admin Console (iManager) -> Identity Servers -> Configuration Edit gives the following error:

Error: System Error

The system encountered and unknown error.  Please contact Novell Support.



This is also shown in the iManager debug.html (See Additional Information section, below).


Resolution

This is a permissions issue on a file or files on the Admin Console and can be replicated by changing the owner on various files from novlwww to root. 

To verify this, run the following command from the /var/opt/novell/iManager directory

   find ./ -uid 0

This will list all the files that are owned by root from that point down.

If there are files or directories owned by root (see Additional Information, below) that should be owned by novlwww it can cause this error so change the owner to novlwww and then rerun the upgrade.

Additional Information

A possible cause for this situation is if the patch was copied to the server as root.   The install routine does a su novlwww to perform certain actions.

A reference listing of /var/opt/novell/iManager taken from a successfully patched 3.1SP1 system is listed here as a comparison:

> find ./ -uid 0

.
./nps/packages/naudit.npm
./nps/packages/iman27_sp2.npm
./nps/portal/modules/dm
./nps/portal/modules/dm/css
./nps/portal/modules/dm/skins
./nps/portal/modules/dm/skins/default
./nps/portal/modules/dm/skins/default/devices
./nps/portal/modules/dm/skins/default/devices/default
./nps/portal/modules/dm/skins/default/devices/default/GenericTask.jsp
./nps/portal/modules/dm/javascript
./nps/portal/modules/dm/images
./nps/portal/modules/dm/images/but_nl_access1.gif
./nps/portal/modules/dm/images/but_nl_access1.png
./nps/portal/modules/dm/images/but_nl_access2.gif
./nps/portal/modules/dm/images/but_nl_access2.png
./nps/portal/modules/dm/images/but_nl_access3.gif
./nps/portal/modules/dm/images/but_nl_access3.png
./nps/portal/modules/dm/install
./nps/portal/modules/dm/install/devicemanagement_install.xml
./nps/portal/modules/dm/plugins
./nps/portal/modules/dm/plugins/devicemanagement_plugins.xml
./nps/UninstallerData/installvariables.properties
./nps/WEB-INF/bin/linux/libn4u.so.0
./nps/WEB-INF/bin/linux/libsal.so
./nps/WEB-INF/bin/linux/libsch.so
./nps/WEB-INF/bin/linux/libndssdk.so
./nps/WEB-INF/bin/linux/libndssdk.so.1
./nps/WEB-INF/bin/linux/libJClient.so
./nps/WEB-INF/bin/linux/libJClient.so.1
./nps/WEB-INF/bin/linux/libJClient_g.so
./nps/WEB-INF/bin/linux/libdclient.so.0
./nps/WEB-INF/bin/linux/libntls.so.2.0
./nps/WEB-INF/bin/linux/libsal.so.1
./nps/WEB-INF/bin/linux/libpdksa.so.0
./nps/WEB-INF/bin/linux/libntls.so.2
./nps/WEB-INF/bin/linux/libsch.so.1
./nps/WEB-INF/lib/devicemanagement.jar


To enable Admin Console/iManager debug logging:
  • Configure (person behind a desk) icon
    • iManager Server
    • Configure iManager
    • Logging Events
  • Select Errors, Warnings and Debug Information messages
  • Select Send Log Output to Debug.html File

Searchable stack trace in iManager debug.html:
java.lang.NoClassDefFoundError: com/novell/nidp/liberty/wsf/idsis/constservice/model/ConstModel
at com.novell.nidp.admin.model.NidsAdminUtil.getLibertyTokens(NidsAdminUtil.java:118)
at com.novell.nidp.admin.model.NidsAdminUtil.getNativeAttributes(NidsAdminUtil.java:93)
at com.novell.admin.nids.saml1.PropertyPage_Configuration.x(Unknown Source)
at com.novell.admin.nids.saml1.PropertyPage_Configuration.(Unknown Source)
at com.novell.admin.nids.IdentityService_ConfigurationBook.ý(Unknown Source)
at com.novell.admin.nids.IdentityService_ConfigurationBook.v(Unknown Source)
at com.novell.admin.nids.IdentityService_ConfigurationBook.(Unknown Source)
at com.novell.admin.nids.overview.PropertyPage_Servers.cachePage(Unknown Source)
at com.novell.admin.nids.util.UIContext.B(Unknown Source)
at com.novell.admin.nids.util.UIContext.execute(Unknown Source)
at com.novell.admin.nids.IdentityServer_OverviewWizard.execute(Unknown Source)
at com.novell.emframe.dev.Task.execute(Task.java:505)
at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:849)
at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2375)
at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1606)
at com.novell.nps.gadgetManager.GadgetManager.processServiceRequest(GadgetManager.java:1062)
at com.novell.nps.PortalServlet.handleFrameService(PortalServlet.java:505)
at com.novell.nps.PortalServlet.processRequest(PortalServlet.java:373)
at com.novell.nps.PortalServlet.doPost(PortalServlet.java:279)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at com.novell.emframe.fw.servlet.AuthenticatorServlet.service(AuthenticatorServlet.java:330)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at com.novell.accessmanager.tomcat.SynchronizationValve.invoke(y:2664)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)