Good afternoon all! Even though I'm here for help, I also hope to
entertain through detailing my various pratfalls and mistakes while
attempting, as a new Nov...NetIQ Access Manager Appliance user to create
a custom authentication mechanism using the SDK provided by NetIQ for
this purpose. To get a few things out of the way first:

Version: NetIQ Access Manager Appliance v3.2 SP1 (The latest at the time
I downloaded it)
Method: I booted from the ISO on a brand new VMWare Workstation v9 VM.
It installed like a champ
Reason: To develop a custom authentication mechanism for a customer
using the provided SDK.

The story thus far:
After a delightfully hands-off install, I logged in to the
Administration portal and hooked my Active Directory instance up in the
Identity Manager. It worked like a champ! I then verified that I could
log in to the Access Manager's "/portal" sample using a user from my
Active Directory. Perfect! I also decided to make the self-same portal
the guinea pig for my custom authentication mechanism seeing as: A) why
go out for milk when you have a cow at home and B) I have no idea how to
protect some arbitrary thing.

I coded up a quick custom authentication class using the template
"password" class. It was easy and fun and the directions were
more-or-less lucid although the login.jsp I nabbed from the server and
altered used scriptlets.. SCRIPTLETS in it. This on Tomcat 7 which
supports JSP 2.2! But I digress. Here is where things went off the
rails. I uploaded the .jar file containing my custom class to the
server, set up an entry for the class and a contract to use it. (I even
set up a nice custom 'card'!) I then stumbled my way into finding out
how to alter the authentication mechanism used by the sample portal app.
and changed it to the contract I had created just a few minutes earlier.

Then, the moment of truth came. With shaking hands, I entered in the
portal URL.
'Things went off the rails' (
Well then. That was not too auspicious was it. In the spirit of all
great problem solvers, I put the error into Google and didn't find
anything. Then I put the error's prefix into Google and.. Viola!
'Another intrepid custom-auth-scheme-making soul in the same boat'
( Unfortunately, things went even more off
the rails:

- The helpful instructions from the follow-up applied to an earlier
version of Access Manager
- There was no hint of where the 'Application' logs were or how to
set their level to Debug

Through further searches, I discovered that there used to be a utility
called "nash" that no longer exists that you could use to set the log
level. But what was its replacement? Luckily, NetIQs 'online
documentation' ( saved the day with a 'pearl
of wisdom' ( Use the admin console and
go to "Access Gateways -> Edit -> Logging". "Brilliant!" I thought to
myself. "I'll do just that!". Unfortunately, it was not to be. 'The word
\"logging\" simply does not exist on the screen in question'

What about "Alerts" What about "Auditing"? Well, I turned on as much as
I possibly could. I even made a profile for auditing that caught

In short, nothing seems to work here:

- I'm getting no indication why my auth class is not loading save an
ambiguous error message
- The log configuration is not where the documentation says it is
- I've found (through "find") a myriad of logfiles all over the
system but none seem to be what I want
- Altering the logging of the different protected resources seems to
generate no more logging than doing nothing at all.

Could anyone give me some guidance with the following:

- Where does this product keep its logs?
- How do I configure the log levels?
- Specifically, what logs would have what I need in them (the reason
the Java classloader fails to load my custom authentication class)

Thank you so much for any help. I am sure I'll have more amusing
anecdotes in the future!

skorzy's Profile:
View this thread: