Environment
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Situation
Access Manager setup with a Linux Access Gateway protecting Web server resources and all working fine. After making some basic changes through the Administration Console, the administrator could not view the IDP certificates in the certificate stores. When selecting the IDP configuration -> Security TAB and clicking any of the certificate stores in the list (signing, encryption, provider, consumer, etc), the following error message would be displayed:
"Error:Certificates"
When this error is reported in the Admin Console, no messages would appear in any of the Admin Console or Identity Server troubleshooting log files (app_sc, catalina.out) that gives any exception.
Interestingly enough, if the administrator viewed the same certificates through the Security -> Certificates tab, no error would appear.
"Error:Certificates"
When this error is reported in the Admin Console, no messages would appear in any of the Admin Console or Identity Server troubleshooting log files (app_sc, catalina.out) that gives any exception.
Interestingly enough, if the administrator viewed the same certificates through the Security -> Certificates tab, no error would appear.
Resolution
Recreate the Identity Server cluster configuration.
In the above case, we recreated a new cluster config and unassigned the IDP server host from the old config, and added it to the new config.
In the above case, we recreated a new cluster config and unassigned the IDP server host from the old config, and added it to the new config.
Additional Information
The cluster configuration was corrupted during a certificate operation that did not complete successfully. When viewing the certificates via the IDP configuration -> Security tab, we parse the IDP cluster configuration to locate certificate specific info. This failed and was visible in a dstrace output from the Admin Console when the problem appeared (no attributes returned for PKI objects that should have returned attributes). When we view the same certificates via the Security -> Certificates tab, we do not parse the IDP cluster configuration in eDir and therefor did not see same error.