One scenario that causes XML validation errors occurs when a configuration references an object that has been removed. For example, a custom authentication contract was created and assigned to a protected resource. The contract was manually deleted from the Identity Server configuration, but the Access Gateway protected resource still references it, even though it is not displayed in the user interface. After you identify the missing link, you can use the Access Manager interface to work around the problem.
To troubleshoot this scenario:
Search the /opt/novell/devman/share/logs/app_sc.0.log file on the Administration Console server for #200904025: Error - XML VALIDATION FAILED.
After you find the entry, work backwards to identify the start of the Java exception. Locate the problem strings or entry from the configuration, such as the following string authprocedure_NEIL___Name_Password___Form found in the following entry:
871(D)Wed May 23 15:45:06 BST
2007(L)webui.sc(T)26(C)com.volera.vcdn.webui.sc.dispatcher.ConfigWorkDispatcher(M)A(E)org.jdom.input.JDOMParseException: Error on line 1120: cvc-id.1: There is no ID/IDREF binding for IDREF 'authprocedure_NEIL___Name_Password___Form'.
at org.jdom.input.SAXBuilder.build(SAXBuilder.java:468)
at org.jdom.input.SAXBuilder.build(SAXBuilder.java:770)
at com.volera.vcdn.platform.util.XmlUtil.validateXML(y:3304)
at com.volera.vcdn.webui.sc.dispatcher.ConfigWorkDispatcher.A(y:793)
at com.volera.vcdn.webui.sc.dispatcher.ConfigWorkDispatcher.do_deviceCon
fig(y:648)
: :
:
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
(Msg)<amLogEntry> 2007-05-23T15:45:06Z ERROR DeviceManager: AM#200904025: Error
- XML VALIDATION FAILED. PLEASE CHECK APP_SC LOG </amLogEntry>
On the Access Gateway Appliance, change to the /var/novell/cfgdb/vcdn directory and open the config.xml file. Search for the problem string and the corresponding protected resource.
The example below shows that the problem string is tied to the ProtectedResourceID_svhttp_mylag_iMon_root resource. This maps to the HTTP reverse proxy called mylag, the service called iMon, and the protected resource called root.
----- snippet from problem area of config.xml ------
<ProtectedResource Name="root" Enable="1" Description="" LastModified="116973455
5995" LastModifiedBy="cn=admin,o=novell" UserInterfaceID="ProtectedResourceID_sv
http_mylag_iMon_root" ProtectedResourceID="ProtectedResourceID_svhttp_mylag_iMon
_root">
<URLPathList LastModified="4294967295" LastModifiedBy="String">
<URLPath URLPath="/*" UserInterfaceID="/*"/>
</URLPathList>
<PolicyEnforcementList LastModified="1168947602067" schemaVersion="1.34"
LastModifiedBy="cn=admin,o=novell" RuleCombiningAlgorithm="DenyOverridesWithPri
ority">
<PolicyRef ElementRefType="ExternalWithIDRef" ExternalDocRef="ou=xpemlPEP,ou=mastercdn,ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollectionXMLDoc" UserInterfaceID="PolicyID_xpemlPEP_AGFormFill_1168947167634" ExternalElementRef="PolicyID_xpemlPEP_AGFormFill_1168947167634"/>
</PolicyEnforcementList>
<AuthenticationProcedureRef AuthProcedureIDRef="authprocedure_NEIL___Name_Password___Form"/>
</ProtectedResource>
----- end of snippet from problem area of config.xml ------
Look at the AuthenticationProcedureRef variable, which points to the contract assigned to the protected resource. You can see that the authprocedure_NEIL___Name_Password___ Form contract is assigned to it.
However, when you look at the Access Gateway Appliance configuration in the Administration Console, you can see that the assigned contract is , which is not the contract shown in the example. Change it to another contract name, apply the change, then set the contract back to to clear the problem entry. The setup now operates with no XML validation errors.