Environment
- NetIQ Access Manager 5.x.x
Situation
- IDP cluster has been configured for x509 authentication using a custom HTTP header forwarded by the load balancer
- Load balancer has been configured to request optional client certificate for the VIP used by the IDP cluster
- Since this configuration change 0365 application using wstrust are failing
- WSTrust logging has been set to debug
- The following debug parameters have been added to the: "/opt/novell/nam/idp/conf/tomcat.conf"
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.xml.wss.provider.SecurityTubeFactory.dump= false" JAVA_OPTS ="${JAVA_OPTS} -Dcom.sun.xml.ws.transport.http.HttpAdapter. dump=true" JAVA_OPTS ="${JAVA_OPTS} -Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump= true"
Note: to apply the tomcat parameters and IDP server restart is required
-
No incoming wstrust request is getting logged within the IDP server /var/opt/novell/nam/logs/idp/tomcat/catalina.out