Table of Contents
Advertisement
3 Verify that the certificate is the correct certificate for the Identity Server. The subject name
should match the hostname of the Identity Server. If it doesn't match, replace it.
4 Click Close, then Proxy Key Store.
5 Verify that the certificate is the correct certificate for the Embedded Service Provider. The
subject name should match the published DNS name of the proxy service on the Access
Gateway. If it doesn't match, add one that does match.
6 Click Close.
12.2.6 Enabling Debug Logging
You can enable Identity Server logging to dump more verbose Liberty information to the
file on both the Identity Server and the Embedded Service Provider of the Access
catalina.out
Gateway.
1 In the Administration Console, click Devices > Identity Servers > Edit > Logging.
2 Select Enabled for File Logging and Echo to Console.
3 In the Component File Logger Levels section, set Application and Liberty to a debug level.
4 Click OK, update the Identity Server, then update the Access Gateway.
5 After enabling and applying the changes, duplicate the issue once more to add specific details
to the log file for the issue.
If the error is the 100101044 error, look at the
Provider for the error code; if the error is the 100101043 error, look at the
(Linux) or the
stdout.log
6 (Conditional) To view the log files from the Administration Console, click Auditing > General
Logging, then select the file and download it.
7 (Conditional) To view the log files on the device, change to the
On Linux, change to the
On Windows, change to the
Below are a few typical entries illustrating the most common problems. They are from the
file of the Embedded Service Provider:
catalina.out
"The Embedded Service Provider Cannot Resolve the Base URL of the Identity Server" on
page 281
"Trusted Roots Are Not Imported into the Appropriate Trusted Root Containers" on page 282
"The Server Certificate Has an Invalid Subject Name" on page 282
The Embedded Service Provider Cannot Resolve the Base URL of the Identity Server
When the Embedded Service Provider cannot resolve the DNS name of the Identity Server, the
metadata cannot be loaded and a hostname error is logged. In the following entries, the Embedded
Service Provider cannot resolve the idpcluster.lab.novell.com name of the Identity Server.
<amLogEntry> 2007-08-06T16:24:56Z INFO NIDS Application: AM#500105024:
AMDEVICEID#esp-09C720981EEE4EB4: AMAUTHID#2CA1168DF7343A42C7879
E707C51A03C: ESP is requesting metadata from IDP https://
idpcluster.lab.novell.com/nidp/idff/metadata </amLogEntry>
catalina.out
file (Windows) on the Identity Server for the error code.
/var/opt/novell/tomcat5/logs
/Program Files/Novell/Tomcat/logs
Troubleshooting the Identity Server and Authentication 281
file on the Embedded Service
catalina.out
directory.
log
directory.
directory.
file
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER and is the answer not in the manual?
Questions and answers