by underline IdRepo instead of AM layer
Not iplanetAMSessionService but iPlanetAMSessionService
(2) There may be one bug in the code for sub realm role service
registration. If the service is not registered under
the sub-realm, the service registration to the role
under the sub realm will show no error from amadmin
console and amadmin.error log.
(3) There may be another bug is that the amadmin writes
to the IdRepo and creates the role based CoS template
for the service registration.
But the corrected thing is that the service should be
registered under realm before the service is registered
under the role. The good thing is that both amadmin.error
and amadmin console output can be used to troubleshooting
>
>>
>>
>>
>>
>>
>>
>> >> PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI
>> DTD//EN"
>> "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>> >
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> (2) amadmin error output
>> # /opt/SUNWam/bin/amadmin --runasdn amadmin --verbose --password ll51>
>> Info 107: Calling XML PARSER
>> Info 108: XML file to parse:jesswitchAssignSessionServiceToRealmRole.xml
>> Info 101: Processing jesswitchAssignSessionServiceToRealmRole.xml
>> Info 111: Requests generated by amadmin
>> Request Description: Assign Service to Identity in Realm /itrealm
>> iplanet-am-session-max-idle-time =
>> 35
>> iplanet-am-session-max-session-time =
>> 125
>> iplanet-am-session-quota-limit =
>> 5
>> iplanet-am-session-max-caching-time =
>> 3
>>
>> Identity Request:
>> Assign Service iplanetAMSessionService to itrole of IdType: role in
>> Realm /itrealm
>> iplanet-am-session-max-idle-time = [35]
>> iplanet-am-session-max-session-time = [125]
>> iplanet-am-session-quota-limit = [5]
>> iplanet-am-session-max-caching-time = [3]
>> Error 10: Cannot process requests:
>> Service iplanetAMSessionService not registered.
>>
>>
>> (3) amadmin.error log
>>
>> mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"2006-02-09
>> 21:22:06" "IdentityRequests|Service iplanetAMSessionService not
>> registered." amAdmin.error AMADMIN-2
>> dc=jesswitch,dc=com "Not Available" INFO
>> "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com"
>> 10.6.137.48 "cn=dsameuser,ou=DSAME
>> Users,dc=jesswitch,dc=com" v1280-137-08 "2006-02-09
>> 21:22:06" "Error 10: Cannot process requests:
>> com.iplanet.am.admin.cli.AdminException: Service
>> iplanetAMSessionService not registered." amAdmin.error "Not
>> Available" dc=jesswitch,dc=com "Not Available" INFO
>> "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com"
>> 10.6.137.48 "cn=dsameuser,ou=DSAME
>> Users,dc=jesswitch,dc=com" 10.6.137.48
>>
--
Lei Liu (Larry)
Member of Technical Staff
Horizontal Technology
Software MAX
Mailstop: UNWK 12-209
Address: 7777 Gateway Boulevard, Bldg 12 Newark, CA 94560
Phone: (510) 574-7187 (x37187)
Email: lei.liu@sun.com, ttoulliu2002@gmail.com
Fax: (510) 574-6074
Blog:http://ttoulliu2002.blogspot.com
Skype: ttoulliu2002
Dennis:
Thanks for the reply. Hope you do not mind if
I have questions below for you.
(1) Case Sensitiveness may need to be enforced
by underline IdRepo instead of AM layer
(2) There may be one bug in the code for sub realm role service
registration. If the service is not registered under
the sub-realm, the service registration to the role
under the sub realm will show no error from amadmin
console and amadmin.error log.
(3) There may be another bug is that the amadmin writes
to the IdRepo and creates the role based CoS template
for the service registration.
Thanks
Lei
Dennis Seah wrote:
> in your XML, can you replace iplanetAMSessionService
> with iPlanetAMSessionService
>
> and try again?
>
> THANK YOU !
>
>
> Lei Liu wrote:
>
>> Hi:
>>
>> I have amadmin data file below for service registration.
>> I have the session service registered under sub realm.
>> But it can not be registered for the sub realm role.
>>
>>
>> (1) It does not work. amAdmin error is attached too.
>>
>>
>>
>>
>>
>>
>> >> PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI
>> DTD//EN"
>> "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>> >
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> (2) amadmin error output
>> # /opt/SUNWam/bin/amadmin --runasdn amadmin --verbose --password ll51>
>> Info 107: Calling XML PARSER
>> Info 108: XML file to parse:jesswitchAssignSessionServiceToRealmRole.xml
>> Info 101: Processing jesswitchAssignSessionServiceToRealmRole.xml
>> Info 111: Requests generated by amadmin
>> Request Description: Assign Service to Identity in Realm /itrealm
>> iplanet-am-session-max-idle-time =
>> 35
>> iplanet-am-session-max-session-time =
>> 125
>> iplanet-am-session-quota-limit =
>> 5
>> iplanet-am-session-max-caching-time =
>> 3
>>
>> Identity Request:
>> Assign Service iplanetAMSessionService to itrole of IdType: role in Realm /itrealm
>> iplanet-am-session-max-idle-time = [35]
>> iplanet-am-session-max-session-time = [125]
>> iplanet-am-session-quota-limit = [5]
>> iplanet-am-session-max-caching-time = [3]
>> Error 10: Cannot process requests:
>> Service iplanetAMSessionService not registered.
>>
>>
>> (3) amadmin.error log
>>
>> mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"2006-02-09 21:22:06" "IdentityRequests|Service iplanetAMSessionService not registered." amAdmin.error AMADMIN-2 dc=jesswitch,dc=com "Not Available" INFO "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48 "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" v1280-137-08 "2006-02-09 21:22:06" "Error 10: Cannot process requests: com.iplanet.am.admin.cli.AdminException: Service iplanetAMSessionService not registered." amAdmin.error "Not Available" dc=jesswitch,dc=com "Not Available" INFO "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48 "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48
>>
No comments:
Post a Comment