Environment
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
NetIQ Access Manager 4.3
NetIQ Access Manager 4.2
NetIQ Access Manager 4.3
Situation
NAM Identity (IDP) Server configured and working well - users can access the baseURL and get access to login page. Users however that try and access the IDP server over http get the following error instead of redirecting to the IDP login page over https:
"Authentication for the selected card could not be completed (300101049-xxxxx)"
where XXXXX is the device ID of the IDP server.
"Authentication for the selected card could not be completed (300101049-xxxxx)"
where XXXXX is the device ID of the IDP server.
Resolution
Modify the index.jsp to redirect users accessing the root directory of the IDP server to the baseURL using https with the following change:
# modify index.jsp in /opt/novell/nam/idp/webapps/ROOT and changed the string:
# modify index.jsp in /opt/novell/nam/idp/webapps/ROOT and changed the string:
else
{
response.sendRedirect("/nidp");
}
To this:
}
else
{
response.sendRedirect("https://login.netiq.com/nidp");
}
The reason for the 300101049 error is that the default contract assigned was secure name/password form contract and the user was trying to execute this over http and not https.