The SOAP Policy Enforcement Point (PEP) interface is used by the NetWare and Linux Access Gateways for policy evaluation.
Component 011
Subgroup 01: General/Configuration
Subgroup 02: Authorization PEP
Subgroup 03: Identity Injection PEP
Subgroup 04: Form Fill PEP
Messages are logged to the catalina.out for trace and application level logging when Identity Server logging is enabled.
|
Event Code |
Description |
Remedy |
|---|---|---|
|
General/Configuration |
||
|
501101010 |
Start Policy Soap Handler |
Policy Soap Message Handler received start command. Cause: Embedded Service Provider has been started Action: None. Informational message only. |
|
501101011 |
Stop Policy Soap Handler |
Policy Soap Message Handler received stop command. Cause: Embedded Service Provider has been stopped Action: None. Informational message only. |
|
101101012 |
Policy Evaluator Not Running |
The Policy Evaluator has been stopped. Cause: The Embedded Service Provider has been stopped by an administrator Action: Restart the Embedded Service Provider for the device. |
|
101101013 |
General Failure |
General failure processing policy request. Cause: Most often caused by incorrectly formatted XML. Action: Check catalina.out for stack trace and possibly more detailed information regarding the failure. |
|
501101020 |
Request Received |
Soap request received. Cause: Informational message which logs the type of request received Action: None. Informational message used for checking soap handler interactions. |
|
501101021 |
Response Sent |
Soap response sent. Cause: Informational message regarding soap response to a request Action: None. Informational message used for checking soap handler interactions. |
|
101101022 |
Unsupported request received |
A NXPES command other than configure, evaluate or terminate was received. Cause: The policy engine revision is incompatible with the application. Action: Validate the software installation. |
|
201101023 |
Unrecognized Policy Identifier |
Policy evaluation was requested for an unknown policy. Cause: The policy identifier known to the Access Gateway is stale. Action: Most often, this problem is detected by the Access Gateway and the policies are reconfigured. If the problem persists, send an Apply or Apply Changes to the device from the CLI or Administrative Console. |
|
501101030 |
Configure Success |
Successful policy configuration. Cause: Policy configuration succeeded Action: None. Informational message used for checking policy configuration. |
|
201101030 |
Configure Warning |
Policy Configuration Warning. Cause: Policy configuration request reported a problem in retrieving configuration data from the config store Action: Check the policy definitions in the Administration Console to ensure the configuration store is working properly, then reapply the configuration to the device. |
|
101101031 |
Configure Failure |
The policy requested is malformed or causes an exception during the configuration process. Cause: This is accompanied with a possible reason for the failure. Action: Check the policy configuration in the administrative console and reapply the configuration to the device. |
|
501101032 |
Configure - Empty Policy Set |
The set of policies requested either do not apply to the policy enforcement point or the set of policies do not match the categories selected in the policy enforcement list. Cause: This may be normal operation. Action: If a policy is expected, check the category of the policy and make sure the policy is enabled for the device. |
|
501101040 |
Terminating policy |
The set of policies represented by the policy ID are no longer needed and will be removed from the operating policy set. Cause: This happens each time a configuration is applied to the device. Action: None. This is an informational message only. |
|
501101050 |
Evaluating policy |
An evaluation request has been received for the set of policies represented by the policy ID. Cause: This happens at least once per user session per configured policy enforcement point. Action: None. This is an informational message only. |
|
501101051 |
Policy Evaluation - Invalid User Error |
User session received for policy evaluation was not found or contains invalid data. Cause: The Identity Service Provider which authenticated the user is not accessible from the Embedded Service Provider. Action: Most often, this error will automatically restart the user identification process for the Access Gateway. If that doesn't occur: Administrator: If problem persists, check health status of Identity Service Provider and take appropriate action. End User: Retry request. If not redirected to the Identity Service Provider, force a refresh of the current browser page and the Access Gateway/Embedded Service Provider will reinitiate the authentication process. |
|
501101052 |
Policy Evaluation - Information Query Error |
The Policy Evaluator is unable to gain access to information required by the policy. Cause: This is accompanied with a possible reason for failure. Action: As the administrator, check the health status of Identity Service Provider and take appropriate action. |
|
501101053 |
Policy Evaluation - WSC Query Error |
An attempt to use the WSC query mechanism of the ESP failed, the requested policy data is unavailable. Cause: This is accompanied with a possible reason for failure. Action: As the administrator, check the health status of Identity Service Provider and take appropriate action. |
|
501101054 |
Policy Evaluation - Cluster Data Query Error |
Attempt to retrieve user session data from ESP cluster member failed. Cause: The Embedded Service Provider which authenticated the user may not be accessible from the Embedded Service Provider evaluating the policy. Action: Most often, this error will automatically restart the user identification process for the Access Gateway. If that doesn't occur: End User: Close browser and retry request. Administrator: Check the health status of Embedded Service Provider referenced by IP address in the log and take appropriate action. |
|
501101055 |
Policy Evaluation - Cluster Query Retry Count |
Informational message containing the number of retries the ESP has made to request policy information from another cluster member. Cause: The Embedded Service Provider which authenticated the user may not be accessible from the Embedded Service Provider evaluating the policy. Action: None, this is an informational message only. |
|
Authorization PEP |
||
|
501102050 |
Policy Evaluation Trace |
Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation. |
|
Identity Injection PEP |
||
|
501103050 |
Policy Evaluation Trace |
Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation. |
|
Form Fill PEP |
||
|
501104050 |
Policy Evaluation Trace |
Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation. |