I'm having problems with the 4.5.2 Identity Applications. I've added a
post to this thread but decided to create a different post due to the
fact that i have a newer version.
http://tinyurl.com/prf9ps4

Last week I installed and patched a new environment. It's on the latest
eDir version (8.8.8 patch 6) with latest IDM and Identity Application
patches (4.5.2). The whole install went fine and I left the environment
in a working state. Today i tried to access the Identity Applications
and it failed:

1. go to IPaddress/landing
2. Log in with uaadmin account
3. landing page only displays a blue line at the top and an empty white
page
4. /IDMProv fails as well. After a minute of trying to load the page it
fails with the following error on screen (browser)


Code:
--------------------

Identity Manager authentication is not correctly configured or Identity Manager to eDirectory SAML communication is not functioning correctly. Please contact an administrator to correct the problem.

--------------------


catalina.out displays the following error:

Code:
--------------------

2015-12-16 14:16:37,949 [http-bio-8080-exec-4] INFO com.novell.pwdmgt.util.PasswordHelper- [RBPM] [Login_Failure] cn=uaadmin,o=Company failed to log in.
2015-12-16 14:16:37,951 [http-bio-8080-exec-4] ERROR com.novell.common.auth.JAASManager- [RBPM] Login failed for user: cn=uaadmin,o=Company

--------------------


/RRA also displays this error after a minute or so. When browsing to
http://server:8080/osp/a/idm/auth/app?sid=2 the One SSO platform does
display a logged in uaadmin user so it really seems like a SAML
problem.

Strange thing is that I am the only one with logins to the environment.
Nothing has changed in the past few days in configuration of eDirectory
or Tomcat/Identity Applications.

I've tried the following:
- Restarts of eDir and Tomcat Identity Applications (and the servers
themselves)
- Checked date/time of both servers (equal)
- Check in iManager if NMAS login method SAML assertion is in use (it
is)
- Have the configupdate.sh recreate the RBPMSAML object via advanced
options (works fine)
- Checked the SSO clients for errors (URL's and secrets)
- Checked the password policy for users that can resolve passwords
(removed a user, observed an SSPR error and re-added the user)

I really don't know what's going on and the logging doesn't help me
either apart from the fact that i can see that the uaadmin login fails
somehow.

Can someone please point me in a direction how to debug this?


--
Sjoerdk
------------------------------------------------------------------------
Sjoerdk's Profile: https://forums.netiq.com/member.php?userid=1135
View this thread: https://forums.netiq.com/showthread.php?t=54941