Access Manager IDP fails to start after running a config restore using code promotion

  • Document ID:7024971
  • Creation Date:22-Dec-2020
  • Modified Date:27-Jul-2021
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • Access Manager 4.5.2

Situation

  • A new test environment has been set up

  • code promotion has been used to export the IDP cluster configuration from an old environment to the new environment.

  • The IDP servers fails to startup returning the following error in the:  "/var/opt/novell/nam/logs/idp/tomcat/catalina.out:"
<amLogEntry> 2020-12-19T09:30:40Z VERBOSE NIDS Application: Reading document at reference: ExternalDocRef - ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc
: romaName - xpemlPEP </amLogEntry>

<amLogEntry> 2020-12-19T09:30:40Z VERBOSE NIDS Application: IDP InjectAttributePep configure(), AM#100199032: AMDEVICEID#4F005A86AE27C1FB: IDP InjectAttributePep.configure() policy list: <xpeml:PolicyEnforcementList xmlns:xpeml="urn:novell:schema:xpeml:2.0:policy" RuleCombiningAlgorithm="DenyOverridesWithPriority" IncludedPolicyCategories="" schemaVersion="2.0" LastModified="4294967295" LastModifiedBy="String"><xpeml:PolicyRef ElementRefType="ExternalWithIDRef" ExternalElementRef="PolicyID_xpemlPEP_IDPInjectAttribute_1389938062211" ExternalDocRef="ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc" UserInterfaceID="1" /></xpeml:PolicyEnforcementList> Error: Referenced policy reference is invalid or non-exisant </amLogEntry>

com.novell.nxpe.NxpeException: Referenced policy reference is invalid or non-exisant
    at com.novell.nxpe.engine.Policy.A(Unknown Source)
    at com.novell.nxpe.engine.RuleList.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.buildEvaluationObject(Unknown Source)
    at com.novell.nxpe.NxpePolicy.configure(Unknown Source)
    at com.novell.nidp.policy.attribute.ExternalAttributePep.configure(y:921)
    at com.novell.nidp.NIDPMeEntity.A(y:3549)
    at com.novell.nidp.NIDPMeEntity.hardInitialize(y:1216)
    at com.novell.nidp.NIDPContext.A(y:1697)
    at com.novell.nidp.NIDPContext.start(y:3314)
    at com.novell.nidp.servlets.NIDPServletContext.doCommand(y:4910)
    at com.novell.jcc.client.JCCClientImpl$JCCRMIClient.doCommand(y:839)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
NIDPContext:start(): Error during startup:
com.novell.nidp.NIDPException: Referenced policy reference is invalid or non-exisant Root Cause: com.novell.nxpe.NxpeException: Referenced policy reference is invalid or non-exisant
    at com.novell.nidp.policy.attribute.ExternalAttributePep.configure(y:2230)
    at com.novell.nidp.NIDPMeEntity.A(y:3549)
    at com.novell.nidp.NIDPMeEntity.hardInitialize(y:1216)
    at com.novell.nidp.NIDPContext.A(y:1697)
    at com.novell.nidp.NIDPContext.start(y:3314)
    at com.novell.nidp.servlets.NIDPServletContext.doCommand(y:4910)
    at com.novell.jcc.client.JCCClientImpl$JCCRMIClient.doCommand(y:839)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
--- Root Exception ---
com.novell.nxpe.NxpeException: Referenced policy reference is invalid or non-exisant
    at com.novell.nxpe.engine.Policy.A(Unknown Source)
    at com.novell.nxpe.engine.RuleList.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.buildEvaluationObject(Unknown Source)
    at com.novell.nxpe.NxpePolicy.configure(Unknown Source)
    at com.novell.nidp.policy.attribute.ExternalAttributePep.configure(y:921)
    at com.novell.nidp.NIDPMeEntity.A(y:3549)
    at com.novell.nidp.NIDPMeEntity.hardInitialize(y:1216)
    at com.novell.nidp.NIDPContext.A(y:1697)
    at com.novell.nidp.NIDPContext.start(y:3314)
    at com.novell.nidp.servlets.NIDPServletContext.doCommand(y:4910)
    at com.novell.jcc.client.JCCClientImpl$JCCRMIClient.doCommand(y:839)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
com.novell.nxpe.NxpeException: Referenced policy reference is invalid or non-exisant
    at com.novell.nxpe.engine.Policy.A(Unknown Source)
    at com.novell.nxpe.engine.RuleList.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.A(Unknown Source)
    at com.novell.nxpe.engine.PolicyEngine.buildEvaluationObject(Unknown Source)
    at com.novell.nxpe.NxpePolicy.configure(Unknown Source)
    at com.novell.nidp.policy.attribute.ExternalAttributePep.configure(y:921)
    at com.novell.nidp.NIDPMeEntity.A(y:3549)
    at com.novell.nidp.NIDPMeEntity.hardInitialize(y:1216)
    at com.novell.nidp.NIDPContext.A(y:1697)
    at com.novell.nidp.NIDPContext.start(y:3314)
    at com.novell.nidp.servlets.NIDPServletContext.doCommand(y:4910)
    at com.novell.jcc.client.JCCClientImpl$JCCRMIClient.doCommand(y:839)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
<amLogEntry> 2020-12-19T09:30:40Z SEVERE NIDS Application: AM#100105006: AMDEVICEID#4F005A86AE27C1FB: AMAUTHID#803e9573e589a59df8f71f14a4ddd2a4842828c71ef9195ad3374863a402ed02:  A critical error has occurred during startup.  Referenced policy reference is invalid or non-exisant </amLogEntry>

NIDPServletContext.doCommand(): Start failure: Start unsuccessful. Reason: Referenced policy reference is invalid or non-exisant

There is no "PolicyID_xpemlPEP_IDPInjectAttribute_1389938062211" in the export or source Access Manager container.

Resolution

The Policies master container contained only roles policies.
A dummy authorization policy was created and assigned to a protected resource on the source access manager environment.

After updating the config the romaContentCollectionXMLDoc attribute of the

ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell

object now contained the following policy

xpeml:Policy Enable="true" UserInterfaceID="PolicyID_xpemlPEP_IDPInjectAttribute_1389938062211" Category="" Name="EAS_FilteredRoles" LastModified="1408594891914"

A code promotion export was done from the source environment and the import was successful and the IDP was started successfully. The dummy authorization policy was removed as it was no longer required.

Cause

  • This is a defect which has been reported to engineering.

  • It is not required to have any policies in the master container and this is a workaround to allow code promotion to work.