Environment
NetIQ Access Manager 4.0
NetIQ Access Manager Identity Server acting as a SAML Service Provider
NetIQ Access Manager Identity Server acting as a SAML Service Provider
Situation
NAM Identity (IDP) server acting as a SAML2 Service Provider (SP), consuming an assertion from 3rd party IDP server. After consuming the assertion, a post auth method is defined and executed. This post auth method presents
users with a new JSP page where a field needs to be populated. All works fine but to add better error handling
within the post auth method, a set of error messages and codes were added to the custom post auth class. The
new messages are identified by a code DSXXXX (where XXXX is a 4 digit number). Following the docs as per https://www.netiq.com/documentation/netiqaccessmanager4/identityserverhelp/data/bhz5kn8.html#bhdcovi a custom properties file “nidp_custom_resources_de.properties” was created with a set of error messages
like the following: NIDPMAIN.DS0002=Cannot retrieve Social Security Number The problem is that whenever an error occurs, users only saw the status code number displayed in the browser
when the error occured e.g. DS0002 , and not the message itself. In the catalina.out one can clearly see the
iscustom properties file is loaded yet it fails to respond with the right message.
Resolution
Change message associated with an existing status code and use that status code.
The documentation link above is only for customizing existing nidp error messages. In the case where have introduced
new messages for customization, the IDP server does not check for messages associated with new status codes.
By selecting an existing, unused status and changing the message tied to it, we were able to workaround the
issue.