IDP does not start when both primary and secondary Admin Consoles are up and running

  • 7022704
  • 04-Mar-2018
  • 09-Jul-2018

Environment

Access Manager 4.3

Situation

There are two Admin Consoles – primary and secondary. Trying to restart IDP fails with an error (in the IDP catalina.out)

              

com.novell.nidp.NIDPException: Missing directory configuration object: nidsWSFedMeServiceProvider

        at com.novell.nidp.common.authority.ldap.LDAPProtocolAuthority.A(y:2424)

        at com.novell.nidp.common.authority.ldap.LDAPProtocolAuthority.loadMe(y:3270)

        at com.novell.nidp.wsfed.WSFedMeDescriptor.initialize(y:269)

        at com.novell.nidp.NIDPMeEntity.A(y:905)

 

 Everytime the IDP is restarted the error could be different. Example:

·        com.novell.nidp.NIDPException: Loading the SAML 2 protocol: Missing directory configuration object: nidsSaml2MeIdentityProvider

·        com.novell.nidp.NIDPException: Loading the SAML 1 protocol: Missing directory configuration object: nidsSaml1MeServiceProvider

·        com.novell.nidp.NIDPException: Missing directory configuration object: nidsWSFedMeServiceProvider

 

There are about 350K objects in the config store (most of which were the persistent federated identities)

Resolution

The problem happened when we had 2 ACs and both ACs were up. The request to gather the objects would take an enormous amount of time, causing a timeout on IDP and throw the error. The issue doesn't happen when one of the ACs was stopped i.e. when one AC was available.

 

The issue stems from the fact that they had over 350K worth of persistent identifiers in the config store, which was slowing edir responses.

 

The other solution would be to

a.      delete unused persistent identifier objects from the config store OR

b.      index the persistent identifier objects. In this case indexing objectClass has helped to resolve the issue.

Cause

The issue stems from the fact that they had over 350K worth of persistent identifiers in the config store, which was slowing edir responses.