Cannot edit IDP cluster configuration after upgrading from NAM 3.2 to NAM 4.0

  • 7014856
  • 07-Apr-2014
  • 17-Nov-2014

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
Occurs with Admin Console on Windows and Linux

Situation

Working Access Manager environment upgraded from NAM 3.2.2 to AM 4.0. The upgrade appeared to be successful as

a) no errors were reported on the server console during upgrade and
b) users were able to access the NAM 4.0 setup without any errors ie. users could authenticate successfully at the Identity Server and access and single sign on to Access Gateway protected resources.

However, as soon as the Admin tries to edit the IDP cluster in iManager, the following stack trace is thrown:

Stacktrace: at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:366) at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:468) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:378) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

:


Resolution

Manually copy the /var/opt/novell/iManager/nps/WEB-INF/lib/NIDS_Plugin.jar from a working 4.0 server to the newly upgrade 4.0 Admin Console server. For some reason, the upgrade failed to copy this JAR file.

Additional Information

The AC catalina showed ws-trust related errors (new protocol supported with 4.0). The theory was that either the NAM schema was not updated correctly, or that one of the plugin files was old. A re-install of the schema failed to change anything and only when the JAR file comparisson was done between a working and non working setup did we find the solution. Here's a snippet of the catalina warnings:

The catalina.out file on the AC woul dindicate that there's an issue with the
schema changes for ws-trust:


Mar 12, 2014 11:53:57 AM org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet jsp threw exception
org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: 90 in the jsp file:
/portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp
PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field
87:       isSTSProtocolEnabled     = Util.safeGetAttributeAsBoolean( request,
HTTP.PARAM_PROTOCOL_STS, true );
88:       isCardspaceProtocolEnabled = Util.safeGetAttributeAsBoolean( request,
HTTP.PARAM_PROTOCOL_CARDSPACE, true );
89:       isWSFedProtocolEnabled     = Util.safeGetAttributeAsBoolean( request,
HTTP.PARAM_PROTOCOL_WSFEDERATION, true );
90:       isWSTrustProtocolEnabled   = Util.safeGetAttributeAsBoolean( request,
HTTP.PARAM_PROTOCOL_WSTRUST, true );
91:       isServiceProvider          = Util.safeGetAttributeAsBoolean( request,
HTTP.PARAM_IS_CONSUMER, true );
92: 
93:       String SSLCert           = Util.safeGetAttribute( request,
HTTP.PARAM_SSL_CERTIFICATE );


An error occurred at line: 256 in the jsp file:
/portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp
PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field
253: <%--                       ( <%= isSTSProtocolEnabled       %> !=
nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_STS          %>" )) || --%>
254: <%--                       ( <%= isCardspaceProtocolEnabled %> !=
nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_CARDSPACE    %>" )) || --%>
255:                       ( <%= isWSFedProtocolEnabled     %> !=
nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_WSFEDERATION %>" )) ||
256:                       ( <%= isWSTrustProtocolEnabled   %> !=
nidsIsElementChecked( "<%= HTTP.PARAM_PROTOCOL_WSTRUST %>" ));
257: 
258:              nidsShowHideElement( "ProtocolWarning", result );
259:          }


An error occurred at line: 1,037 in the jsp file:
/portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp
PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field
1034:                          <td>
1035:                             <input
1036:                                type    = "checkbox"
1037:                                name    = "<%= HTTP.PARAM_PROTOCOL_WSTRUST
%>"
1038:                                id      = "<%= HTTP.PARAM_PROTOCOL_WSTRUST
%>"
1039: <%
1040:       if ( isWSTrustProtocolEnabled )


An error occurred at line: 1,038 in the jsp file:
/portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp
PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field
1035:                             <input
1036:                                type    = "checkbox"
1037:                                name    = "<%= HTTP.PARAM_PROTOCOL_WSTRUST
%>"
1038:                                id      = "<%= HTTP.PARAM_PROTOCOL_WSTRUST
%>"
1039: <%
1040:       if ( isWSTrustProtocolEnabled )
1041:       {


An error occurred at line: 1,049 in the jsp file:
/portal/modules/nids/skins/default/devices/default/general/WizardPage_Configuration_Name.jsp
PARAM_PROTOCOL_WSTRUST cannot be resolved or is not a field
1046: %>
1047:                                onClick = "hasProtocolEnablingChanged()"
1048:                                value   = "true" />
1049:                             &nbsp;<label><a href="#"
class="checkboxlabel" onClick="nidsGetElementByName('<%=
HTTP.PARAM_PROTOCOL_WSTRUST %>' ).click();return false;"><nids:string key =
"NIDS.IdentityServer_Book.WSTrust_Chapter.DisplayName" /></a></label>
1050:                          </td>
1051:                          
1052:                       </tr>

Feedback service temporarily unavailable. For content questions or problems, please contact Support.