21.4 Troubleshooting Login

The following table lists the issues you might encounter and the suggested actions for working on these issues. If the problem persists, contact your NetIQ representative.

Issue

Suggested Actions

When Identity Applications and Identity Reporting are installed on the same server and you perform configuration changes using the configuration update utility located at <reporting install folder>\bin directory, the Identity Manager Dashboard fails to launch. The following error is reported in catalina.out log file:

EboPortalBootServlet [RBPM] +++++WARNING!!!!: This portal application context, IDMProv, does not match the portal.context property set in the PortalService-conf/config.xml file. Only one portal per database is allowed. Data has been loaded using the previous portal context. To correct this you must revert back to the previous portal name of, NoCacheFilter, please consult the documentation.

For any configuration changes, use the configuration update utility located at C:\NetIQ\idm\apps\UserApplication directory.

User is unable to login in large scale environment (>2 million objects)

Add an index for mail (Internet Mail Address) attribute with the rule set as Value in both eDirectory master and replica servers.

When you sign out from Identity Applications page, SSPR shows an error 5053 ERROR_APP_UNAVALIABLE.

Ignore this error. It does not cause any functionality loss.

Challenge Responses are not prompted at the first login to the Identity Applications.

  1. Ensure that the SSPR server has a certificate created using FQDN.

  2. Log in to the Identity Application server and launch ConfigUpdate utility (<installation_path>\apps\UserApplication).

  3. Navigate to SSO Clients > Self Service Password Reset and make sure the settings are correct.

If SSPR is installed on a separate server, make sure that the SSPR certificate is imported into idm.jks located in the Identity Applications server at \netiq\idm\apps\tomcat\conf.

Browser displays a blank page when SSPR URL is accessing.

This occurs when SSPR is not properly configured with OSP. The SSPR log shows the following information:

2018-01-24T22:24:02Z, ERROR, oauth.OAuthConsumerServlet, 5071 ERROR_OAUTH_ERROR (unexpected error communicating with oauth server: password.pwm.error.PwmUnrecoverableException: 5071 ERROR_OAUTH_ERROR (io error during oauth code resolver http request to oauth server: Certificate for <IP> doesn't match any of the subject alternative names: [IP]))

  1. Verify that the Tomcat server where OSP is running has a valid certificate created using FQDN. Log in to the Identity Applications server and launch ConfigUpdate utility. Navigate to SSO Clients > Self Service Password Reset and make sure the settings are correct.

  2. Log in to SSPR by overriding the OSP login method. (for example, https://<sspr sserver ip>:<port>/sspr/private/Login?sso=false)

  3. Navigate to Configuration Editor in the top right corner of the page.

  4. Specify Configure Password, then click Sign In.

  5. Navigate to LDAP > LDAP Directories > Default > Connection.

  6. If the LDAP certificate is not correct, click Clear.

  7. To reimport the certificate, click Import From Server.

  8. Navigate to Settings > Single Sign On (SSO)Client > OAuth and verify that the certificate under OAUTH Web Service Server Certificate is correct.

  9. If the certificate is not correct, click Clear.

  10. To reimport the certificate, click Import From Server.