Exception occurred processing WizardPage_TrustedProvider_Metadata.jsp

  • 7011984
  • 19-Mar-2013
  • 19-Mar-2013

Environment

NetIQ Access Manager 3.2

Situation

Unable to created a trusted Provider in Admin Console

 

Getting  the following error when trying to create a SAML2 Trusted Service Provider in the Admin Console:

 

Exception occurred processing WizardPage_TrustedProvider_Metadata.jsp

 

Steps leading up to the problem are:

 

Connect to Admin Console -> Devices -> Identity Servier -> Edit Cluster -> SAML 2.0 Tab -> New and choose  “Service Providerâ€

Resolution

In order to create any trusted provider ( Liberty, SAML*, etc ) on 3.2 the following containers must be present in Configuration Store (eDirectory) of Admin Console:

 

dn: cn=eas,cn=nids,ou=accessManagerContainer,o=novell

dn: cn=centralMetadata,cn=nids,ou=accessManagerContainer,o=novell

 

In the customer’s case they were missing these objects and this is what was causing the exception.

 

These objects can be created using the following ldif contents:

 

Copy and paste the following into a file called add.ldif

 
#BEGIN

dn: cn=eas,cn=nids,ou=accessManagerContainer,o=novell

changetype: add

objectClass: nidsEasContainer

objectClass: Top

cn: eas

 

dn: cn=centralMetadata,cn=nids,ou=accessManagerContainer,o=novell

changetype: add

objectClass: nidsCentralMetadataContainer

objectClass: Top

cn: centralMetadata
#END

 

Use ice (Import Export) tool to import ldif into the Configuration Store of the Admin Console:

 

-----------------------------------------------------
Windows Admin Console Example
-----------------------------------------------------
 
The ice tools should be at C:\Novell\NDS\ice so change to this directory. 
 
 
Use the following example syntax assuming the add.ldif has been placed at C:\ and enter correct IPAddress and password for admin user: 
 
ice -l c:\ice.log -SLDIF -f  c:/add.ldif  -DLDAP -s <IP of Admin Console> -d cn=admin,o=novell –w <password> -v -L c:\Novell\NDS\Dibfilest\certserv\SSCert.der
-----------------------------------------------------
Linux Admin Console Example:
-----------------------------------------------------
 
ice should be at /opt/novell/eDirectory/bin and is probably already in path so just type “which ice†to ensure it finds it.  Otherwise just change to that directory.
 
Use the following example syntax assuming the add.ldif has been placed at /tmp/add.txt and enter correct IPAddress and password for admin user:
 
ice –l /tmp/ice.log -SLDIF -f /tmp/add.txt -DLDAP -s <IP of AC> -d cn=admin,o=novell -w <password> -v -L /var/opt/novell/eDirectory/data/SSCert.der  -B

Cause

Customer was missing these container objects in the Administrative console.  These container objects don’t exist in 3.1x and the assumption is that during the migration to 3.2, these objects didn’t get created somehow or they were inadvertently deleted at some point.