Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
Occurs with Admin Console on Windows and Linux
NetIQ Access Manager 4.0
Occurs with Admin Console on Windows and Linux
Situation
Working Access Manager environment upgraded from NAM 3.2.2 to
AM 4.0. The upgrade appeared to be successful as
a) no errors were reported on the server console during upgrade and
b) users were able to access the NAM 4.0 setup without any errors ie. users could authenticate successfully at the Identity Server and access and single sign on to Access Gateway protected resources.
However, as soon as the Admin tries to edit the IDP cluster in iManager, the following stack trace is thrown:
Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:366) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:468) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:378) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
:
a) no errors were reported on the server console during upgrade and
b) users were able to access the NAM 4.0 setup without any errors ie. users could authenticate successfully at the Identity Server and access and single sign on to Access Gateway protected resources.
However, as soon as the Admin tries to edit the IDP cluster in iManager, the following stack trace is thrown:
Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:366) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:468) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:378) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
:
Resolution
Manually copy the /var/opt/novell/iManager/nps/WEB-INF/lib/NIDS_Plugin.jar from a working 4.0 server to the newly upgrade 4.0 Admin Console server. For some reason, the upgrade failed to copy this JAR file.
Additional Information
The AC catalina showed ws-trust related errors (new protocol supported with 4.0). The theory was that either the NAM schema was not updated correctly, or that one of the plugin files was old. A re-install of the schema failed to change anything and only when the JAR file comparisson was done between a working and non working setup did we find the solution. Here's a snippet of the catalina warnings:
The catalina.out file on the AC woul dindicate that there's an issue with the schema changes for ws-trust: Mar 12, 2014 11:53:57 AM org.apache.catalina.core.ApplicationDispatcher invoke SEVERE: Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 90 in the jsp file: /portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field 87: isSTSProtocolEnabled = Util.safeGetAttributeAsBoolean( request, HTTP.PARAM_PROTOCOL_STS, true ); 88: isCardspaceProtocolEnabled = Util.safeGetAttributeAsBoolean( request, HTTP.PARAM_PROTOCOL_CARDSPACE, true ); 89: isWSFedProtocolEnabled = Util.safeGetAttributeAsBoolean( request, HTTP.PARAM_PROTOCOL_WSFEDERATION, true ); 90: isWSTrustProtocolEnabled = Util.safeGetAttributeAsBoolean( request, HTTP.PARAM_PROTOCOL_WSTRUST, true ); 91: isServiceProvider = Util.safeGetAttributeAsBoolean( request, HTTP.PARAM_IS_CONSUMER, true ); 92: 93: String SSLCert = Util.safeGetAttribute( request, HTTP.PARAM_SSL_CERTIFICATE ); An error occurred at line: 256 in the jsp file: /portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field 253: <%-- ( <%= isSTSProtocolEnabled %> != nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_STS %>" )) || --%> 254: <%-- ( <%= isCardspaceProtocolEnabled %> != nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_CARDSPACE %>" )) || --%> 255: ( <%= isWSFedProtocolEnabled %> != nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_WSFEDERATION %>" )) || 256: ( <%= isWSTrustProtocolEnabled %> != nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" )); 257: 258: nidsShowHideElement( "ProtocolWarning", result ); 259: } An error occurred at line: 1,037 in the jsp file: /portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field 1034: <td> 1035: <input 1036: type = "checkbox" 1037: name = "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" 1038: id = "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" 1039: <% 1040: if ( isWSTrustProtocolEnabled ) An error occurred at line: 1,038 in the jsp file: /portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field 1035: <input 1036: type = "checkbox" 1037: name = "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" 1038: id = "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" 1039: <% 1040: if ( isWSTrustProtocolEnabled ) 1041: { An error occurred at line: 1,049 in the jsp file: /portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field 1046: %> 1047: onClick = "hasProtocolEnablingChanged()" 1048: value = "true" /> 1049: <label><a href="#" class="checkboxlabel" onClick="nidsGetElementByName('<%= HTTP.PARAM_PROTOCOL_WSTRUST %>' ).click();return false;"><nids:string key = "NIDS.IdentityServer_Book.WSTrust_Chapter.DisplayName" /></a></label> 1050: </td> 1051: 1052: </tr>