Problem of degradation  in Access Manager 7.1 in SUNWappserv8.2

Similar Messages

• Problem in customizing Oracle Access Manager 10g

  HI,
  I am facing some problem while incorporating customizations into Oracle Access Manager 10g.
  When trying to access the url with a particular style name.... i am getting the following error :
  obhtmlpage.cpp:160: Error:
  obhtmlpage.cpp:277: Error: ExXSLTProcessingGeneric: Exception processing stylesheet. Root stylesheet ID: ../../../lang/en-us/style0/login.xsl
  obxdkxsl.cpp:224: Error: ObXDKTransform
  obxdkcache.cpp:528: Error:
  obxdkcache.cpp:565: Error:
  ../obcacheof.cpp:429: Error:
  ../obcacheof.cpp:795: Error:
  ../obcacheof.cpp:932: Error:
  obxdkcache.cpp:291: Error: ObXdkObject::ObXdkObject
  Front Page Admin
  Sun Microsystems Solaris
  Could someone please provide some help as to how to solve the problem.
  Thanks.

  One good way to debug the XSL stylesheet issue is to apply the XSL outside of OAM with input XML and see if you get the results. You can use tools such as XML SPy for XSL development and testing.
  This error is more in line with XSL syntax and processing.
  Thanks
  Ram

• Problem with Oracle Adaptive Access Manager 10g

  Hello, I'm trying to install the OAAM following the Installation and Configuration Guide (http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12050/toc.htm).
  In The Package Contents section speaks of a zip file named oaam_bin.zip but never says where could I download it. Anybody know where do I get it?
  I have already downloaded the Oracle Adaptive Access Manager 10g (10.1.4.2.0) CD1 named V11415-01.zip from http://www.oracle.com/technology/software/products/ias/htdocs/101401.html but it is not the zip file that the documentation talks about.
  I'm looking for in many sites but i have no luck.
  Thanks a lot!
  Guido.

  The documentation you are referring to is for 10.1.4.5.0 and not 10.1.4.2.0. After installing version 10.1.4.2.0, install patch 10.1.4.3.0. You will see oaam_bin.zip and the necessary files in it. The patch number is 6987695.
  You might be interested in patch 10.1.4.3.1 (#7324863) also. Check the readme file for details.
  -shetty2k

• Significant Computer Window Focus Problem With Verizon Access Manager 7.7.1.0 (2707e)

  With the newly released Verizon Access Manager 7.7.1.0 (2707e) there is a significant computer focus problem with it.
  What I mean by this is that if I am using ANY application on my computer with the Verizon Access Manager minimized to the Windows System Tray, something will go on with the Verizon Access Manager and it steals the window focus - I am unable to work in the other application unless I click on the application to use it again.  
  An example of this would be my typing to post a message in this forum.  Something occurs in the Verizon Access Manager and my typing is rendered useless unless I click with my mouse on the browser window to be able to use it again.
  I'm highly suspecting whenever networks are coming and going in the Access Manager is when the problem occurs.
   This problem did not exist in the previous version of the Access Manager I was using.
  This is extremely annoying - please issue a fix for this ASAP!

  I have found by not minimzing the Verizon Access Manager 7.7.1.0 (2707e) the focus problem does not occur - it appears to be a problem when the app is minimzed to the system tray.

• Sun Access Manager login problem

  Hi,
  This is a very basic problem. I have installed Sun Access Manager 7 using JES installer. It is configured to authenticate against a LDAP datastore. I am able to login into the amconsole application using the amAdmin DN but I am not able to login with any other user that I create through Sun Access Manager.Any help will be highly appreciated.
  TIA.

  Hello,
  When you create any user through SUN Access Manager, is that user is created in LDAP
  datastore, or is it created in SAM flat file repository ?

• Directory serer access management edition problem

  Hi,
  While I m accessing the Service Management Option in the iPlanet Directory Server Access Management Edition 5.1, it is showing the following error in the screen.
  Error
  An error occurred while processing this request. Please contact your administrator.
  I checked up the access (/usr/local/sunone/directoryserver/slpad-<name>/logx/access and error) log of the directory and no errors are listed. What may be the problem?
  T V Sundar

  look in to your web container's logs directory for errors file that should tell your exactly what happened with stack trace
  /var/opt/SUNWam/debug/amConsole also could help in figuring out what is going on

• Access Manager installation/re-installation problems

  Good time of day for ALL!
  I have a problem, when trying to reinstall SUN JES 2005Q4. Prevously installed Q1 version was uninstalled with JES unistaller, Portal entries (this checkbox exists in one of forms) were removed, /etc/opt/.... /var/opt/... /opt/.... files & catalogues were removed.
  Then a new version JESQ4 was installed. (All products.) All configuration steps were made and all seems to work properly: I rceived working application,WEB,Calendar, Messaging servers, Instant messaging. BUT when I tried to use Access Manager, I saw
  "No such Organization found." message in my browser when tried to access http://localhost:8080/amserver.
  How can I reinstall this product to make it usefull again?!
  Sincerelly.
  PS. In 10 minutes ago The JES was fully uninstalled(look up) and then installed again. The situation restored in the same position 8-(((

  Good time of day for All!
  The problem described in my previous topic is go on 8-((((
  -System( sol10 sparc) was reinstalled.
  -JES 2005q4 was installed in several steps.
  1- Admin server,Message Queue,Web server,Directory server.
  2. Web server.
  Then all installed parts were tested. They works finely
  3. Application server.
  It was configured by default (/..../domain1) and some scripts for it's autostarting were created in rc3.d
  App server& its admin server works fine!
  4. Portal server& Access manager. AM was installed in Realm mode. When tying to access to ..../amserver page
  " Authentication Service is not initialized.<br />Contact your system administrator. " message appear in login screen.
  Who can answer:
  1-What is wrong?
  2-Where i can find REALLY TESTED STEP BY STEP workflow of JES installation?

• Problem with second instance of access manager

  Well, after sorting out things with the first install of access manager, I went on to install a second instance on a different host (it's required for delegated admin..)
  Here are the options I used on install:
  Access Manager: Administration (1 of 6)
  Administrator User ID: amAdmin
  Administrator Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  LDAP User ID: amldapuser
  LDAP Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  Password Encryption Key [gFoe4t8UlUW3wEApngAY3S8bCQFVMlGk] {"<" goes back,
  "!" exits}: weW5jtopMLQsODiBZDp+hlEp1/CtbiXX
  Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
  Access Manager: Web Container (2 of 6)
  1. Sun Java System Application Server
  2. Sun Java System Web Server
  Select the container to deploy the component and hit enter key [2] {"<" goes
  back, "!" exits}
  Access Manager: Sun Java System Web Server (3 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Web Server Instance Directory [opt/SUNWwbsvr/https-zone2.corenode.com] {"<"
  goes back, "!" exits}:
  Web Server Port [80] {"<" goes back, "!" exits}:
  Document Root Directory [opt/SUNWwbsvr/docs] {"<" goes back, "!" exits}:
  Secure Server Instance Port [No] {"<" goes back, "!" exits}:
  Access Manager: Web Container for running Access Manager Services(4 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Services Deployment URI [amserver] {"<" goes back, "!" exits}:
  Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
  Cookie Domain(Assure it is not a top level domain) [.corenode.com] {"<" goes
  back, "!" exits}:
  Administration Console [Yes] {"<" goes back, "!" exits}:
  Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
  Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (5 of 6)
  Directory Server Host [] {"<" goes back, "!" exits}: zone1.corenode.com
  Directory Server Port [] {"<" goes back, "!" exits}: 389
  Directory Root Suffix [dc=corenode,dc=com] {"<" goes back, "!" exits}:
  Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
  Directory Manager Password [] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (6 of 6)
  Is Directory Server provisioned with user data [No] {"<" goes back, "!"
  exits}? Yes
  Organization Marker Object Class [sunISManagedOrganization] {"<" goes back,
  "!" exits}:
  Organization Naming Attribute [o] {"<" goes back, "!" exits}:
  User Marker Object Class [inetorgperson] {"<" goes back, "!" exits}:
  User Naming Attribute [uid] {"<" goes back, "!" exits}:
  Yes, I am using the same key as was used on host1 for access manager. Yes, access manager on host 1 is quite functional right now. Yes, that directory server works. Now I'm really stumped on what to do! Everything in JES seems to work great except access manager, the exceptions it throws really don't help any at all in troubleshooting.
  Any ideas?

  More info from error logs:
  # pwd
  /var/opt/SUNWam/debug
  # tail -200 amAuth
  04/12/2006 09:56:47:127 AM HST: Thread[main,5,main]
  ERROR: AuthD failed to get auth session
  04/12/2006 09:56:47:165 AM HST: Thread[main,5,main]
  ERROR: AuthD init()
  com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  # tail -200 amSession
  04/12/2006 09:56:47:098 AM HST: Thread[main,5,main]
  ERROR: SessionService.SessionService(): Initialization Failed
  com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
  at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:350)
  at com.iplanet.dpro.session.service.SessionService.<init>(SessionService.java:1540)
  at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:382)
  at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:685)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  04/12/2006 09:56:47:126 AM HST: Thread[main,5,main]
  ERROR: Error creating service session
  java.lang.NullPointerException
  at com.iplanet.dpro.session.service.SessionService.generateEncryptedID(SessionService.java:588)
  at com.iplanet.dpro.session.service.SessionService.generateSessionId(SessionService.java:612)
  at com.iplanet.dpro.session.service.SessionService.newInternalSession(SessionService.java:557)
  at com.iplanet.dpro.session.service.SessionService.getServiceSession(SessionService.java:501)
  at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:408)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  #

• Problem with Access Manager intergration

  Hi,
  I'm integrating Identity Manager and Access Manager.
  I've configured the End User interface to use Access Manager for authentication, and I have (as far as I can tell) everything else set up and working correctly. When I access the end user pages I get the following error:
  Access Manager (Sun Access Manager Realm):Successfully authenticated '00000001' on resource 'Access Manager' and found a Lighthouse user with the same accountId, but no matching resource accountIdI've checked and confirmed that there is an attribute being passed in the header
  'sois_user = 00000001'
  And I have the following defined:
        <Attribute name='common resources'>
          <Object>
            <Attribute name='AM Resources'>
              <List>
                <String>Enterprise Directory</String>
                <String>Access Manager</String>
              </List>
            </Attribute>
          </Object>
        </Attribute>I suspect that it is the common resources that is failing, because its looking for an accountId that matches the DN of the account in LDAP rather than the LogonID. Can anyone provide pointers on how to resolve this?
  All suggestions gladly received,
  R

  Michael,
  Thanks for your help, I understand your answer. However, I am using the Access Manager realm adapter which the docs say can't manage users, so no account is being exposed there.
  I have found the solution though and it involves a couple of steps:
  Firstly, the sois_user value that is passed by the header has to be the DN of the LDAP account.
  Secondly, I think the order of the accounts in the 'common resources' definition needs to have the LDAP resource defined first.
  Finally, the Login group needs to have both the Access Manager and LDAP login modules.
  With these 3 components in place, SSO to IdM works.
  R

• Sun Access Manager + Jboss Policy Agent + Testapplication Problem

  Hello everybody.
  I have set up Access Manager 7.1 on SJSAS 9.1 in a VMware and Jboss with Policy Agent 2.2 and a simple Webapp on another.
  The webapp just displays pages for users in different roles, f.e. admin und user page.
  When i go to the application in the browser und access a protected page, then I get redirected to the AM login screen and can login and get redirected back to the application.
  I did this with declarative security defined in web.xml, but the user doesn't get authenticated in the application.
  In my logfiles i got the following errors:
  amRealm log file
  09/19/2008 01:55:39:756 PM CEST: Thread[http-jboss.ams.com%2F127.0.0.1-8080-2,5,jboss]
  ERROR: AmRealm: failed to authenticate user: bob
  com.iplanet.sso.SSOException: Invalid session ID.AQIC5wM2LY4SfcwBenaL/TbPRPGHXQo8rhVWWfM3jGDEUUM=@AAJTSQACMDE=# AQIC5wM2LY4SfcyYT7kHKvROHG64m6WtlD8hnFLPmsKJyeY=@AAJTSQACMDE=#
     at com.sun.identity.jaxrpc.SOAPClient$SOAPContentHandler.endDocument(SOAPClient.java:910)
     at org.apache.xerces.parsers.AbstractSAXParser.endDocument(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentScannerImpl.endEntity(Unknown Source)
     at org.apache.xerces.impl.XMLEntityManager.endEntity(Unknown Source)
     at org.apache.xerces.impl.XMLEntityScanner.load(Unknown Source)
     at org.apache.xerces.impl.XMLEntityScanner.skipSpaces(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentScannerImpl$TrailingMiscDispatcher.dispatch(Unknown Source)
     at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
     at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
     at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
     at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
     at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
     at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
     at com.sun.identity.jaxrpc.SOAPClient.send(SOAPClient.java:500)
     at com.sun.identity.jaxrpc.SOAPClient.send(SOAPClient.java:467)
     at com.sun.identity.idm.remote.IdRemoteServicesImpl.getMemberships(IdRemoteServicesImpl.java:465)
     at com.sun.identity.idm.AMIdentity.getMemberships(AMIdentity.java:880)
     at com.sun.identity.agents.realm.AmRealm.authenticateInternal(AmRealm.java:227)
     at com.sun.identity.agents.realm.AmRealm.authenticate(AmRealm.java:155)
     at com.sun.identity.agents.jboss.v40.AmJBossLoginModule.validatePassword(AmJBossLoginModule.java:104)
     at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
     at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
     at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
     at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
     at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
     at java.lang.Thread.run(Thread.java:619) jboss logfile
  2008-09-19 13:55:39,756 DEBUG [com.sun.identity.agents.jboss.v40.AmJBossLoginModule] Bad password for username=bob Has anybody had similar erros and knows a solution?
  Thanks.

  Tanks handat      
  I found
  http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
  http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
  greetings
  alex davila

• Problems about Sun Access Manager

  when I using Sun Access Manager, I found It is very slowly to access "http://host:ip/amserver" , but I also using OpenSSO, It is normal to access "http://host:ip/amserver".
  Can anyone give any suggestions ?
  Best Regards!

  Hi,
  I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
  This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
  It is a bit of work, but when done you will know how to use a lot of opensso features.
  You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
  Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
  http://wikis.sun.com/display/OpenSSO/samplepolicy
  I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
  hth,
  Sean

• Can not configure Access Manager

  Hi all,
  1. I istalled Sun java messaging server 6.
  2. I edit amsamplesilent to prepare amsamplesilent.my:
  # cd /opt/SUNWam/bin
  #mv amsamplesilent amsamplesilent.my
  3. I configure Access Manager:
  #./amconfig -s amsamplesilent.my but get the following error:
  # ./amconfig amsamplesilent.my
  Usage: amconfig -s <silentinputfile>
  ./amconfig: Sourcing ./amutils
  ln: cannot create /opt/SUNWam/lib/jaxrpc-spi.jar: File exists
  chown: jaxrpc-spi.jar: No such file or directory
  full install
  ./amdsconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 4
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 5
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 6
  ERROR : Loading of Access Manager schema into the Directory failed
  Starting the tag swapping of the install.ldif and installExisting.ldif
  ROOT_SUFFIX is dc=iplanet,dc=com
  People_NM_ROOT_SUFFIX is People_dc=iplanet_dc=com
  SERVER_HOST sample.red.iplanet.com
  DIRECTORY_SERVER sample.red.iplanet.com
  DIRECTORY_PORT 389
  USER_NAMING_ATTR uid
  ORG_NAMING_ATTR o
  CONSOLE_DEPLOY_URI /amconsole
  ORG_OBJECT_CLASS sunismanagedorganization
  RS_RDN iplanet
  USER_OBJECT_CLASS inetorgperson
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ERROR : Configuring/Loading of the default DIT in the Directory Server failed
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  Warning : Plugins and Indexes already exist.
  ./amsvcconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  Loading service schema XML files ...
  Info 112: Entering ldapAuthenticate method!
  Error 15: Cannot authenticate user.
  LDAP authentication failed.
  Error 9: Operation failed: Error 15: Cannot authenticate user.
  Error occured while loading: /etc/opt/SUNWam/config/ums/ums.xml
  ./amws61config: Sourcing ./amutils
  /opt/SUNWam/console.war: No such file or directory
  current web app is applications
  copying files from sunwamconsdk
  Swapping tag swap in index.html files ...
  Making amconsole.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/applications (/opt/SUNWam/amconsole.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications for /amconsole
  wdeploy deploy -u /amconsole -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications /opt/SUNWam/amconsole.war
  [wdeploy] The war file name is /opt/SUNWam/amconsole.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amconsole
  /opt/SUNWam/services.war: No such file or directory
  current web app is services
  Swapping tag swap in index.html files ...
  Making amserver.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/services (/opt/SUNWam/amserver.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services for /amserver
  wdeploy deploy -u /amserver -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services /opt/SUNWam/amserver.war
  [wdeploy] The war file name is /opt/SUNWam/amserver.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amserver
  /opt/SUNWam/password.war: No such file or directory
  current web app is password
  Swapping tag swap in index.html files ...
  Making ampassword.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/password (/opt/SUNWam/ampassword.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password for /ampassword
  wdeploy deploy -u /ampassword -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password /opt/SUNWam/ampassword.war
  [wdeploy] The war file name is /opt/SUNWam/ampassword.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /ampassword
  /opt/SUNWam/introduction.war: No such file or directory
  current web app is common
  Swapping tag swap in index.html files ...
  Making amcommon.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/common (/opt/SUNWam/amcommon.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common for /amcommon
  wdeploy deploy -u /amcommon -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common /opt/SUNWam/amcommon.war
  [wdeploy] The war file name is /opt/SUNWam/amcommon.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amcommon
  Checking if Web Server is already configed with Access Manager
  Configuring Web Server
  Mime type: 'type=text/vnd.wap.wml' already exists: Skipping ....
  Mime type: 'type=image/vnd.wap.wbmp' already exists: Skipping ....
  I tried again but I still get this error.
  Any Ideas for this problem?
  Thanks.

  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  i would consider this a fatal error.
  The system cannot locate where your Directory Server is. "no route to host" means that it's trying to get to the host, but your networking isn't set up correctly, and it doesn't find any route to get to the specified host.

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• How to change LDAP server setting in Access Manager 6.2

  Hi,
  We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
  /etc/opt/SUNWam/config/AMConfig.properties
  conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
  Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
  Does anybody know what I am missing here?
  Regards,

  After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
  "dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
  vices,dc=company,dc=com" in one of the master DS I have.
  Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
  Hope it helps to someone....
  -Bora

• I have a tesco router and an external hard drive attached to it as a network drive (shared) for my macbook and MB-Air. Have no problems with my MB accessing it, but with MB-AIR it says -  'the version of the server you are trying to connect to is not supp

  I have a tesco router and an external hard drive attached to it as a network drive (shared) for my macbook and MB-Air. Have no problems with my MB accessing it, but with MB-AIR it says -  'the version of the server you are trying to connect to is not supported. pls contact your system administrator to resolve the problem'. MB-Air uses maverick downloaded yesterday - upgrade from mountain lion. MB uses snow leopard still, as i am quite used to it and am thinking of upgrade if mavericks work fine on air. Also have parallel on snow leopard but it is no longer supported according to mac website - if i upgrade am i going to lose my parallel and will have to buy a new one!!!

  Yes, the Old Master file has a folder for each year where I find all photos from that specific year. I am attaching a screen shot of the file.
  In the meantime i have managed to download all photos (it did not download any video files though in mpg, avi, 3gp, m4v,mp4 and mov format) to a new iphoto library. Unfortunately the photos are quite mixed and often doubled up. I ma considering to purchase iphoto library which checks all duplicates in iphoto. this will save me a lot of time. What do you think?