I am having problem using the "Set SSO credential" action in my
My environment is as follows, IDM 4.0.2 Adv. eDir 8.8.7, secret
store 3.4.
Connected to this eDir is another NetIQ product Access Manager
It is setup to use this eDir as its user/authentication store.
Whats more, this product also allows us to make use of the secret
store on eDir as a way of storing users' secrets.

So far, I am able to verify that the secrets can be successfully
stored/retrieved from the eDir secret store. My next step, is to
incorporate it with the IDM I setup, to add some policies to set the
user's secrets, using the Set SSO credential method.
And this is where I am stuck.

The trace log message I see is as follows, and I think it's telling
me that the user does not exist. (but it does).

13:01:06 3A485700 Drvrs: Generic Null ST:
DirXML Log Event -------------------
Driver: \META_TREE\system\driverset1\Generic Null
Channel: Subscriber
Status: Error
Message: Code(-9186) Error in
: Couldn't perform SSO operation <do-set-sso-credential>: '3333:ERROR
(provisionNSLAccount): NSL API (StandardException): The specified user
or object "data\users\jim" does not exist'.

I even tried using the complete name including the tree-name but it
didn't make any difference.

One other note, from reading the documents, I think IDM requires
configuring a repository prior to using the do-set-sso-credential
action, and so I prepared one using iManager >> credential provisioning,
manually. (secreStore schema extension and other setup was done
automatically by the Access Manager product). But I am not entirely
sure if I have set it up correctly, especially the SecureLogin Server
SSL Certificate Path value.

Has anyone tried a similar setup, combining Access Manager, eDir and
IDM, or any suggestions?


xj6u4ru6's Profile: https://forums.netiq.com/member.php?userid=5410
View this thread: https://forums.netiq.com/showthread.php?t=48810