Environment
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Support Pack 2
Novell Access Manager 3.1 Support Pack 2
Situation
Access Manager setup and all working fine. Administrator made changes to some certificates, creating some new Linux Access Gateway certificates and adding to the various certificate stores and before applying all the changes another administrator restarted the server.
After the server came up, the administrator appeared to be able to manage the entire Access Manager system. However, they found that they that cannot view any certificates in the Identity Server certificate stores. When the administrator clicked on Identity Server -> Security tab and selected any of the certificate stores (ie, Encryption, Signing, SSL, Provider, Consumer, NIDP Trust Store), the admin would get the following error message:
"Error:Certificates"
Interestingly enough, viewing these same certificates through the Security -> Certificates TAB shows no error.
When this error is reported, there is nothing in any of the log files (app_sc, catalina.out) that gives any exception.
After the server came up, the administrator appeared to be able to manage the entire Access Manager system. However, they found that they that cannot view any certificates in the Identity Server certificate stores. When the administrator clicked on Identity Server -> Security tab and selected any of the certificate stores (ie, Encryption, Signing, SSL, Provider, Consumer, NIDP Trust Store), the admin would get the following error message:
"Error:Certificates"
Interestingly enough, viewing these same certificates through the Security -> Certificates TAB shows no error.
When this error is reported, there is nothing in any of the log files (app_sc, catalina.out) that gives any exception.
Resolution
Create a new Identity Server (IDP) cluster configuration object and add the IDP servers into this new cluster.
When the Admin COnsole was restarted during the certificate operation, the IDP cluster configuration was corrupted. A dstrace output on the Admin Console at the time of the error showed that some PKI specific attributes were returning a NULL instead of valid data. Recreating the cluster config fixed the problem.
When the Admin COnsole was restarted during the certificate operation, the IDP cluster configuration was corrupted. A dstrace output on the Admin Console at the time of the error showed that some PKI specific attributes were returning a NULL instead of valid data. Recreating the cluster config fixed the problem.