Identity Server issue

Similar Messages

• Install sharepoint 2013 on Windows server 2012, Microsoft Identity Extensions issue !!!!!!!!!

  Sharepoint 2013 comes with prerequisitesinstaller.exe to install the software required for the actual Sharepoint installation.
  I 've installed Windows server 2012 in the R2 edition as well as Standard edition, but installing the prerequisites ends with an issue for the Microsoft Identity Extensions (MIE) on both versions (screenshot).
  The 2012 R2 server has been updated with all latest files by executing Windows update.
  In case of the Server 2012 R2,  MIE is already installed , but somehow the Sharepoint installation is missing something.
  I al;so tried removing default install to let prerequisiteinstaller.exe to install it's own version, but that did not help.
  When I skip the prerequisites remaining items, the Sharepoint installation stops directly , requesting the missing items.
  I've tried several Sharepoint server installation files, including the 180 days free version.
  Screenshots will be uploaded after my account has been checked......

  Hi Jay,
  Installing SharePoint Server 2013 on a computer that is running Windows Server 2012 R2 could lead to unexpected behavior, therefore, Microsoft does not support SharePoint Server 2013 in Windows Server 2012 R2.
  SharePoint Server 2013 with Service Pack 1 and SharePoint Foundation 2013 with Service Pack 1 will offer support for Windows Server 2012 R2.
  Refer to:
  SharePoint 2013 Support for Windows Server 2012 R2
  In addition, as Dave suggested, for the sharepoint server issue, please post in the dedicated forum for a better response.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Portal, Identity & app server issue

  Hi all.
  I am getting a weird response when trying to access a protected web application using Identity Policy Agent and Application server 7. I have Sun Portal Server 6.1, (with it's Identity Server), App Server 7 & Identity Policy Agent running on the same server.
  When i type in the url of my web application (directly to the App server instance), as obvious, i am redirected to my identity login page, i login and i can access protected resources and everything works fine.
  The problem shows up when i try to acces through the Portal Server, I login on the Identity Server, then I access a link to my web application, I can actually see the index file of the web application, but if I invoke any protected web resource or link I am thrown away to the login page of the Web Application (loginform.jsp), and if I login again I'm thrown back to the index file of the web application, turning the whole thing into an endless loop.
  I cannot access the protected resources even if I have the right permissions
  Could someone please help me with this ???
  Thanks a lot

  We have also faced the same problem before, and i just have 2 suggestions which may (lets hope) will solve the issue
  1.) While specifying the policies remember to give all the resources which u want to access. Probably u can give a * for accessing the specified resources in your context .For ex.. http://host:port/example/*
  2.) We faced this problem when we had all the products in the same server. But weirdly the problem was solved when we had the Identity Server and the Web Server which protects the resource on different Solaris boxes.
  Best of luck
  portaldev

• Security solution with Identity server for SOX compliance

  Hi all,
  Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
  Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
  I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
  1. User Identification, authorization and access
  2. User control of user accounts
  3. Central identification and access rights/permissions management
  4. Violation and security activity report
  Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

  Just too quick to draw conclusion: See below FAQ
  If you are not in the same AS container, let me know. Jerry
  Copy from J2EE agent FAQ
  Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
  Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

• OAM Identity Server user search is very slow after upgrading to 10.1.4.2

  We recently upgraded Identity-Server from 7.0.4 to 10.1.4.2 + BP10. The new webpass (version 10.1.4.2) is on iPlanet webserver, which does not have any bundled patch available. After this upgrade, we found the user search is very slow. It is taking double the time compare to version 7.0.4. The search performance for NetPoint admin users is fine.
  The new version is connecting to the same LDAP (Sun 5.2) as the old one. The 7.0.4 version was well tuned (like Ldap connections, caching, etc) for the performance. The migration suppose to carryover those performance configuration to the new version. Is there any new parameter (related to performance) I should look for in version 10 ? Anybody have faced these issues after migration and found a fix for it ?
  Thanks!
  Kabi

  More in this thread - Re: OAM- "You do not have sufficient access rights" message with Master Adm
  -Vinod

• Sun Identity Server 6.1 with Weblogic 8.1 sp2

  Hi,
  I've installed the IS 6.1 with WLS 8.1 sp2 and the agent 2.1.1 and followed the agent configuration guide to configure the xml files (web.xml and weblogic.xml) and agent authenticator.
  When I login to the restricted resource, the browser is redirected to the IS server login page. After login, the browser is redirected back to the resource with 403 forbidden.
  Is there any step missing? Should I additional add some policy in the IS console? .....
  Clive

  I have just installed Sun Identity Server 6.2 with WebLogic 8.1 SP3 and am experiencing the same results. Have you resolved this issue in your environment? We are evaluating Portal Server running on a BEA WLS Container and thus do not have Sun Support on the Identity Server Component of this configuration.

• Unable to Install Identity Server : Error 20: Identity System Configuration

  HI I am trying to setup IDM system as per below order.
  Oracle DB -> OID (two Instance OID1 & OID2 on separate RHEL5 box) -> OVD ( OVD1 & OVD2) -> OAM
  I have successfully installed this setup upto OVD. But once I started Identity Server installation, installation is breaking with Error " Setup.product.install, com.oblix.installshield.ObExecWizardAction, err, There is an error. Please try again. Error 20: Identity System Configuration already exists on the specified LDAP directory server."
  Earlier Few of my tea-mates Tried installing Identity server unsuccessfully thats why may be now I am not able to install it again.
  Let me tell you at what point I got above error.
  Identity server installation asks two time Directory server information. First time I selected option as "Data Anywhere" and after that I have given the details of OVD (IP/Ports/cn=orcladmin/password) and I got above error. I ignored that error and continue installation and second time I selected options as " Oracle Internet Directory" and gave OID details. again I got same kind of information.
  So I have droped RCU and reinstalled OID ( not OVD) and tired Identity installation but no luck got same error at first stage (OVD/Data Anywhere). This time I did not continue installation.
  Please help me to resolve this issue and I also want to know how can I remove Idenitity Server Information from OVD ( and OID too for future reference).
  Thanks.
  Edited by: 985360 on Feb 1, 2013 9:57 AM

  Hi Parmar,
  The error message "Identity System Configuration already exists on the specified LDAP" is complaining that the schema objects required by OAM already exsit on the specified ldap. The schema update needs only to be performed once (usually the first Identity Server installation, although it can be performed manually as a standalone operation) on each ldap instance, after which subsequent installation of Identity Servers do not need that step, which can be avoided by answering "No" when asked if it is the first Identity Server to be installed.
  In order to check if these schema objects are in your ldap, look at the schema for a lot of oblix* object classes and ob* attributes - if they are there then the schema has been added. OAM only supports OVD as the User ldap store, not the configuration store. When you first install an Identity Server, it is necessary to give OID (in your environment) as the configuration store, and the installation will usie the OID_oblix_schema_add.ldif file to update the OID schema. When you specify the user store as OVD, OAM adds VDE_user_schema_add.ldif to the OVD schema.
  I suspect that your schema objects may be fine, but if you want to clean them from your directory you can use the *delete.ldif files supplied (all the ldif files are in identity/oblix/data/common) for the ldap servers, and start again.
  Regards,
  Colin

• Error 49: LDAP Invalid credential Supplied when installing Identity Server

  I am installing oracle Acess manager with Active directory for windows server 2003. While installing
  the identity server we facing the issue with
  Error 49: LDAP Invalid credential supplied. Please see the attached screen shot for more details.

  At which stage are getting this error?
  If you are getting this error after specifying LDAP Directory details during identity server install, make sure that your username/password for AD are correct.
  if your domain name = example.com
  and the user you are using is under cn=users in AD use:
  1. cn=your_username,cn=users,dc=example,dc=com
  and your password
  2. if this doesn't work, try:
  [email protected]
  and your password.

• OAM - Identity Server Cache Flush to Access Server

  In OAM, a feature is that any user profile change in identity server could be updated to access server cache. Currently, we run into problem. the cache flush is a water fall process, from one identity server to an access server then to all other access servers. If one server hangs and does not respond, all servers may hang (that happens to us).
  I would like to know if you are using this feature and if you run into the same problem. You can also comment if this is a necessary feature and/or a troublesome feature. I would appreciate your any contribution. Thank you!
  Richard

  I am facing issue while setting up the automatic cache flush for access server.It looks like you were able to set up this. Can you please provide bit more details?. I have tried by setting -
  a. Parameter doAccessServerFlush in basedbparams as <NameValPair ParamName="doAccessServerFlush"
  Value="true"/>
  b. An Access Gate has been configured under /identity/AccessServerSDK
  My requirement is to flush the changes to the Group membership in a group. Are there any specific restrictions on what is included in user cache?.
  Thanks
  GK Bhat

• Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

  Hi,
  I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
  After configyration, I try to access the resources http://myweb.org.cn/test/test.html
  The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
  Is this because of URL policy agent don't support IS 6.1?
  Many thanks,

  Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
  Setup Info:
  - OS is RHEL 4.0
  - Sun ONE Web Server 6.1SP7
  - Policy Agent 2.2

• Identity Server Cookie not found

  Hi all.
  Iam getting a cookie related error message when trying to access a protected web application;
  sequence :
  When i type in the url of my web application, as obvious, i was redirected to my identity login page.
  I also get the this error message ;) in my amAgent log :
  "2003-07-31 12:22:13.832 Warning 7048:d1168 PolicyAgent: Identity Server Cookie not found"
  To add something to this cookie issue:
  when i get authernticated from my identity server, i was successfuly redirected to my web application; but if i invoke any web resource or link, buttons .... - trigger any event, i was thrown way to the login page of the web application - if i login again in my web app, i go to the last page that i was accessing;
  I guess all this funny thing happens because of the cookie, which is missing.
  anyone have an idea, what this cookie is? and what should be done to fix it?
  regards
  Kumar

  Sorr for so many people faced the sam or similar issues. I just joined this support a short while. If you think any old problem which is still critical to you, please repost. We shall try our best to give you assistance. Jerry
  Here are some of tips for debugging Web agent.
  From the AMAgent.properties, are both IIS and AM are in the same domain? If they are not, then you need to use CDSSO. Also please check in AM, under "Service Configuration-> Platform -> Cookie Domains" , whether cookie is set for the entire domain which includes AM and IIS ("test.com") or just the AM machine name.
  Also check whether correct value for "Agent-Identity Server Shared Secret" is entered. This should be your internal ldap password (amldapuser). In the AMAgent.properties for the below property the password will be encrypted and assigned: "com.sun.am.policy.am.password".
  Could you also check if the Identity servver and the IIS web server are time synchronized. The problem may be that agent requests policy decisions and the response from server may be timed out due to non-syncrhonized clock.
  Don't forget to restart the whole IIS service using internet
  management console after making agent changes.
  Some of the common error codes:
  20: Application authentication failed. This occurs when Agent cannot sucessfully authenticate with Identity Server. This is mainly due to incorrect password for agent entered during agent installation. Please refer to another faq describing how to change password.
  7: Policy not found. This error occurs typically if there are no policies defined on Identity server for the given web server URL. Otherwise, there may be time skew between Identity Server and Agent. So, polices fetched from Identity Server is instantly flushed by Agent and attempted to refetch over and over again. This can be solved by running rdate or similar command to synchronize time between the two machines. It is recommended to run NNTP server syncrhonize times between your Identity systems.

• Custom Authentication Module on Identity Server

  Hi,
  I have a custom authentication module which I am trying to access through the policy agent.
  I have set the following property in AMAgent.properties file
  com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
  My login module code is something like this:
  package com.iplanet.am.samples.authentication.providers;
  import java.util.*;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.login.LoginException;
  import com.sun.identity.authentication.spi.AMLoginModule;
  import com.sun.identity.authentication.spi.AuthLoginException;
  import java.rmi.RemoteException;
  import java.io.FileInputStream;
  import java.util.Properties;
  public class LoginModule1 extends AMLoginModule
  private String userName;
  private String userTokenId;
  private HashMap usersMap;
  private java.security.Principal userPrincipal = null;
  public LoginModule1() throws LoginException
  public void init(Subject subject, Map sharedState, Map options)
            System.out.println("LoginModule1 initialization");
            usersMap = new HashMap();
            ResourceBundle bundle = ResourceBundle.getBundle("users");
            Enumeration users = bundle.getKeys();
            while (users.hasMoreElements())
                 String user = (String)users.nextElement();
                 String password = bundle.getString(user.trim());
                 usersMap.put(user, password);
  public int process(Callback[] callbacks, int state) throws AuthLoginException
            int currentState = state;
            if (currentState == 1)
                 userName = ((NameCallback) callbacks[0]).getName().trim();
                 char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                 String passwdString = new String (passwd);
                 if (userName.equals(""))
                      throw new AuthLoginException("names must not be empty");
                 if (userName.equals("testuser") && passwdString.equals("testuser"))
                      userTokenId = userName;
                      return -1;
                 if (usersMap.containsKey(userName))
                      if (usersMap.get(userName).equals(new String(passwd)))
                           userTokenId = userName;
                           return -1;
                 return 0;
       public java.security.Principal getPrincipal()
            if (userPrincipal != null)
                 return userPrincipal;
            else
            if (userTokenId != null)
                 userPrincipal = new SamplePrincipal("testuser");
                 return userPrincipal;
            else
                 return null;
  So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
  2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
  2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
  The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
  Thanks
  Srinivas

  Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
  I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
  I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
  so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.

• Regarding Sun Java System Application Server Issue with JVM

  Regarding Sun Java System Application Server Issue with JVM
  Hi
  I have installed SJSAS9.1 on solaris system. I m trying to deploy war file which i compiled in windows enviorment by jdk1.5.0_05. Every time i got the following error :
  type Exception report
  message
  descriptionThe server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException: PWC6033: Unable to compile class for JSP
  PWC6199: Generated servlet error:
  [javac] javac: invalid target release: 1.5
  [javac] Usage: javac
  [javac] where possible options include:
  [javac] -g Generate all debugging info
  [javac] -g:none Generate no debugging info
  [javac] -g:{lines,vars,source} Generate only some debugging info
  [javac] -nowarn Generate no warnings
  [javac] -verbose Output messages about what the compiler is doing
  [javac] -deprecation Output source locations where deprecated APIs are used
  [javac] -classpath Specify where to find user class files
  [javac] -sourcepath Specify where to find input source files
  [javac] -bootclasspath Override location of bootstrap class files
  [javac] -extdirs Override location of installed extensions
  [javac] -d Specify where to place generated class files
  [javac] -encoding Specify character encoding used by source files
  [javac] -source Provide source compatibility with specified release
  [javac] -target Generate class files for specific VM version
  [javac] -help Print a synopsis of standard options
  note The full stack traces of the exception and its root causes are available in the Sun Java System Application Server 9.1 logs.
  I have cheked jvm version on both system the only difference is :
  Solaris points to jdk 1.5.0_09
  Windows point to jdk1.5.0_05
  Even i tried to run blank jsp also but again i got the same error.
  Can any help me to sort out the problem or give me any idea so i can do something by my own.
  Thanks in Advance
  Gagan

  Do you have ANT installed and available?
  Thanks,
  Kedar

• HT4859 After the i-cloud server issue Nov 26, 2012, I had to change some mail account settings to get my i-cloud mail to work again.  However, all of my received e-mails are gone.  How do I retrieve my e-mails from the server?

  After the i-cloud server issue yesterday, November 26, 2012, my i-cloud mail account on my Macbook Pro stopped receiving mail.  I changed some mail account settings to fix the issue, and was able to start receiving e-mails.  However, all of my historical e-mails are gone.  How do I retrieve all of my old e-mails from the server?

  What settings did you change, what were the changes, have you visited www.icloud.com to see what mail is actually there? and do you have a backup?

• HP Connected server issues

  My printer has been working well *. since I purchased it earlier this year. until about a week ago when I upgraded to the next level Instant Ink plan. Since then when I try to print the display on the printer shows a rotating circle with the word Printing. This remains for around 2 minutes, without printing anything, and then I get a message on the display that tells me that "The printer cannot connect to HP Connected". At the same time I get a pop up on my PC that "warns me" that the printer cannot connect to HP Connected and that this may cause my printer to stop printing. The terrible message concludes with the meaningless "OK" statement, having urged me to follow the printer's on screen display to make the connection.  When I try to follow the instructions on the printer it merely confirms that the printer is connected. I usually cancel out of the setup and then, as if by magic, whatever I tried to print suddenly starts printing.  So, my questions are?
  1) Is this a common or at least know problem?
  2) Is it caused by my having changed Instant Ink plans and if so what has HP done to cause this?
  3) I have not knowingly changed anything on my system other than the HP Instank Ink plan so why does the printer no longer connect to the HP Connected server to update that system with details of my print usage?
  4) Is there a fix/workaround that will prevent me from having to manually coax my printer to work again?
  I have already used the HP Updates function and have reset/restarted both the wireless router and my PC.
  * I do occasionally get messages saying that the scan function isn't available because it's lost connectivity but this seems to rectify itself without having to do anything else.

  Hello GaryG888,
  Welcome to the HP Support Forums!
  Thank you for the very informative post. With that great info I think I know what has happened. Over the weekend (24th, 25th & 26th) there had been Web Service server issues. As of right now, here is the fix and or workaround: Re: How do I correct the date on my HP Envy 4500?
  Please follow up and let me know if this helps you.
  JERENDS
  I work on behalf of HP
  Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to the left of the reply button to say “Thanks” for helping!