NIDP server returns error: HTTP Status 500 - Illegal character in path at index 14: /UserAttribute[@ldap:targetAttribute="cn"]

  • 7016821
  • 04-Sep-2015
  • 04-Sep-2015


NetIQ Access Manager 4.1
NetIQ Access Manager 4.1 Identity Server
SAML or WS-federation with Microsoft Applications


NAM Identity server acting as a Ws-Federation Identity server, generating claims towards a Ws-Federation SP (Office365 as an example). Under the Ws-Federation settings, a list of attributes have been defined to get sent with the claim. WHen the incoming WS-Federation authentication request comes in to the NAM Identity server, the user submits their credentials and are validated successfully. Instead of getting redirected to the SP with a valid claim, the user gets presented with the following exception error in the browser:

HTTP Status 500 - Illegal character in path at index 14: /UserAttribute[@ldap:targetAttribute="initials"]

type Exception report

message Illegal character in path at index 14: /UserAttribute[@ldap:targetAttribute="initials"]

description The server encountered an internal error that prevented it from fulfilling this request.

java.lang.IllegalArgumentException: Illegal character in path at index 14: /UserAttribute[@ldap:targetAttribute="initials"]


Go to the "Shared settings" configuration on the IDP server and select attribute set. Make sure all attributes have the "Remote Attribute" field defined which maps local attribute to Remote Attribute.

If this value is not there, delete and add with Remote Attribute value which is string. for e.g., Local Attribute maps to Remote Attribute Ldap Attribute:cn[LDAP Attribute Profile] <--> CN