Environment
NetIQ Access Manager 4.1
Situation
When you configure an IP Address Rule using IP Subnet Condition the rule execution fails even though the IP subnet is valid. Instead of getting the risk score one would expect, the IP subnet address check fails when it should succeed and no risk score is added. Looking at the catalina when the error occurs shows the following exception:
amLogEntry> 2015-04-01T09:19:17Z DEBUG NIDS Application:
Method: RiskBasedAuthenticationClass.doAuthenticate
Thread: http-nio-147.2.92.90-8443-exec-3
************** Enable History = null </amLogEntry>
<amLogEntry> 2015-04-01T09:19:17Z INFO NIDS Application: AM#500199030: AMDEVICEID#5E95A6B3500FB5F1 - (getDefaultRole) - Role: 'authenticated' is returned for id: 12345678 </amLogEntry>
<amLogEntry> 2015-04-01T09:19:17Z SEVERE NIDS Application: Exception message: "Invalid argument 144.22.0.0/16"
amLogEntry> 2015-04-01T09:19:17Z DEBUG NIDS Application:
Method: RiskBasedAuthenticationClass.doAuthenticate
Thread: http-nio-147.2.92.90-8443-exec-3
************** Enable History = null </amLogEntry>
<amLogEntry> 2015-04-01T09:19:17Z INFO NIDS Application: AM#500199030: AMDEVICEID#5E95A6B3500FB5F1 - (getDefaultRole) - Role: 'authenticated' is returned for id: 12345678 </amLogEntry>
<amLogEntry> 2015-04-01T09:19:17Z SEVERE NIDS Application: Exception message: "Invalid argument 144.22.0.0/16"
Resolution
Known issue. Workaround is to use the IP address range instead of IP subnet option for IP address checked eg. IP subnet 144.22.0.0/16 would become IP range 144.22.0.1 - 144.22.255.254