| Invalid XSLT |
A missing slash (/) in the closing tag |
HPDIA0110E An authentication mechanism module specific error occurred. The
logged details also include the output from the SAXParseException. For example,
SAXParseException: Expected end of tag 'identity'.
|
| Referencing an XML attribute that does not exist |
<attribute name='TESTAttr'>
<xsl:value-of select=
"stsuuser:Attribute[@name=
'notexist']/stsuuser
:Value"/>
</attribute>
<identity>
<xsl:value-of select=
"stsuuser:Attribute
[@name='invalid']/
stsuuser:Value"/>
</identity>
|
Any references to XML attributes that do not exist are disregarded by the
user mapping module. In this example, the authentication proceeds as the original authenticated
user. No identity mapping takes place because the identity container references a non-existent XML
attribute. Similarly, the user credential does not contain an attribute that is called
TESTAttr because the attribute container references an XML attribute that does
not exist. |
| Referencing an unknown LDAP attribute in the rule |
<identity>
<userreg base='dc=iswga'
attr='dn'>
(unknownLDAPattr
=<xsl:value-of select=
"stsuuser:Attribute
[@name='username']
/stsuuser:Value"/>)
</userreg>
</identity>
|
1 2014-07-29-13:28:23.110+10:00I-----
0x1005B308 webseald ERROR acl mgmt
AMWUserMapLDAPUserRegistry.cpp 157
0x7f830cc74700 -- HPDAC0776E
The DN specified was not found in the
registry.
2 2014-07-29-13:28:23.111+10:00I-----
0x1005B3B5 webseald ERROR acl authzn
usermapauthn.cpp 482 0x7f830cc74700
-- HPDAC0949E Validation of the
rule text for rule object "usermapauthn"
failed. Error code 0x1005b3b4 was
returned along with error message
"<identity xmlns:stsuuser="urn:ibm
:names:ITFIM:1.0:stsuuser">
<userreg base="dc=iswga"attr="dn">
(unknownLDAPattr=userA)</userreg>
</identity>".
3 2014-07-29-13:28:23.111+10:00I-----
0x13212065 webseald WARNING ias general
pdauthn.cpp 1813 0x7f830cc74700
-- HPDIA0101E An unexpected error code
was encountered.
|
| Returning an LDAP search string that does not have a matching entry in LDAP |
<identity>
<userreg base='dc=iswga'
attr='cn'>(description=
DescThatDoesNotExistInLDAP)
</userreg>
</identity>
|
1 2014-07-29-13:31:58.256+10:00I-----
0x1005B308 webseald ERROR acl mgmt
AMWUserMapLDAPUserRegistry.cpp 157
0x7f61fc4c5700 --HPDAC0776E The DN
specified was not found in the registry.
2 2014-07-29-13:31:58.256+10:00I-----
0x1005B3B5 webseald ERROR acl authzn
usermapauthn.cpp 482 0x7f61fc4c5700
-- HPDAC0949E Validation of the rule
text for rule object "usermapauthn"
failed. Error code 0x1005b3b4 was
returned along with error message
"<identity xmlns:stsuuser="urn:ibm
:names:ITFIM:1.0:stsuuser">
<userreg base="dc=iswga" attr="cn">
(description=DescThatDoesNotExistInLDAP)
</userreg></identity>".
3 2014-07-29-13:31:58.257+10:00I-----
0x13212065 webseald WARNING ias general
pdauthn.cpp 1813 0x7f61fc4c5700
-- HPDIA0101E An unexpected error code
was encountered.
|
| Return a static string identity that is not a valid IBM Security Access Manager user |
<identity>does-not-exist
</identity>
|
HPDIA0219W An unknown user,
<login username>, was presented to
Security Access Manager.
In this instance, the login username that is mentioned in the log might be a
valid IBM Security Access Manager user. However, the XSLT rules attempt to map the user to an
unknown IBM Security Access Manager user. So the authentication fails.
|