General Authentication Troubleshooting Tips; Slow Authentication - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

 JSP: The JSP property value needs to be the name of a new
needed fields for the Query property. The value of this attribute does not include the
extension of the file. For example, if you create a new
value of the JSP property is
For more information on creating custom login pages that prompt for more than username
and password, see

15.3.2 General Authentication Troubleshooting Tips

Use LAN traces to check requests, responses, and interpacket delay times.

 In the user store logs, confirm that the request arrived. Check for internal errors.
If you have created an admin user for the user store, make sure the user has sufficient rights to

find the users in the specified the search contexts. For more information about the required
rights, see
Check the user store health and replica layout. See

support/viewContent.do?externalId=3066352&sliceId=1).
Ensure that the user exists in the user store and that the user's context is defined as a search

context.
Make sure the Liberty protocol is enabled if you have configured Access Manager devices to

use the Identity Server for authentication (click Identity Servers > Edit > General
Configuration).
 Check the properties of the class and method. For example, the search format on the properties
must match what you've defined on a custom login page. You might be asking for a name/
password login, but the method specifies e-mail login criteria.
Enable authentication logging options (click Identity Servers > Edit > Logging).

Ensure that the authentication contract matches the base URL scheme. For example, check to

see if SSL is used across all components.

15.3.3 Slow Authentication

The following configuration problems can cause slow authentication:
If authentication is taking up to a minute per user, verify that your DNS server has been enabled

for reverse lookups. The JNDI module in the Identity Server sends out a request to resolve the
IP address of the LDAP server to a DNS name. If your DNS server is not enabled for reverse
lookups, it takes 10 seconds for this request to fail before the Identity Server can continue with
the authentication request.
If your user store resides on SUSE Linux Enterprise Server 10, which installs with a firewall,

you must open TCP 524. For more information about the ports that must be open when a
firewall separates the user store from other Access Manager components, see
Firewalls" in the
If your LDAP user store is large, make sure that the search contexts are as specific as possible

to avoid searching the entire tree for a user.
358 Novell Access Manager 3.1 SP2 Identity Server Guide
login2
Section 2.1, "Customizing the Identity Server Login Page," on page
Section 3.1.3, "Configuring an Admin User for the User Store," on page
Novell Access Manager 3.1 SP2 Setup
.jsp
file named
.jsp
.
TID 3066352 (http://www.novell.com/
Guide.
file that includes all the
.jsp
, the
login2.jsp
59.
109.
"Setting Up