Problems with Web Center

Indication:

After upgrading to a new Web Center release, the browser displays broken Web Center pages or Javascript error messages.

Reason:

The browser has still cached pre-upgrade versions of some Web Center resources like static HTML pages and Javascript source files, and does not automatically update its cache.

Solution:

Have each user delete his browser cache:

Or make Web Center available under a different HTTP context path than before.This way, pre-upgrade cache data does not conflict with the new release.The context path is identical to the name of the context descriptor file (without extension).

Indication:

When running under Tomcat on UNIX or Linux, Web Center pages are occasionally broken.Tomcat’s log file contains an error message like "Can’t connect to X11 window server using '0:0' as the value of the display".

Reason:

Some Web Center functionality depends on features implemented in the java.awt package.On UNIX or Linux systems, the package tries to connect to an X display server.The problem shows up if no X display server is available.

Solution:

Since access to an X display server is not really required we recommend to run Tomcat in headless mode by setting the Java system property java.awt.headless to true, for example in file TOMCAT_HOME/bin/catalina.sh:

JAVA_OPTS=-Djava.awt.headless=true

Indication:

You have enabled client signature.You want to perform an operation for example assigning a privilege to a user.When clicking the button for saving the data, you get the follwing error message:

This application requires a newer version of CAPICOM.

Reason:

You have not installed the correct CAPICOM version.

Solution:

Perform the steps described in "Setting up Client Signature" in "Setting Up Audit Trail" in chapter "Managing Auditing" in the DirX Identity Provisioning Administration Guide.

Indication:

Attempts to change or reset user passwords fail.

Reason:

The message server is down.

Solution:

Start the message server.

Reason:

Message server and Tomcat server run on different hosts, and the message server port is blocked by a firewall.

Solution:

Unblock the port for access from the Tomcat server host.

Indication:

Web Center does not display passwords of privileged accounts.

Reason:

Password encryption is enabled, but the pin needed to decrypt passwords is wrong or missing in file WEB-INF/password.properties.

Solution:

Add the clear text pin (with key pin) to the file, or replace the current one.

Indication:

When approving assignments with start or end date in the detailed representation, Web Center displays an error message that the related request could not be processed.

Reason:

Software problem.

Solution:

As a workaround for this problem perform the following steps:

Indication:

The link in default request workflows can contain an incorrect HTTP address.

Reason:

Per default there is either a fixed text configured (for example: http://localhost:8080/webCenter) or a dynamic definition delivers an incorrect value (for example ${workflow.approvalLink}).

Solution:

Set up the configuration in the request workflow section correctly.Using several Web Center applications results in different HTTP addresses.Set up different links as nationalization items for the respective messages and use them in the corresponding mail texts.

Indication:

Attemps to log in to Web Center fail for any user.

Reason:

A login configuration parameter is wrong.

Solution:

Correct the directory access configuration parameters in the deployment descriptor WEB-INF/web.xml, especially host, port, ssl, user and baseDN.

Reason:

The directory server is down.

Solution:

Start the directory server.

Reason:

Directory server and Tomcat server run on different hosts, and access to the directory server port is blocked by a firewall.

Solution:

Unblock the port for access from the Tomcat server host.

Reason:

Wrong or missing technical user password in file WEB-INF/password.properties.

Solution:

Add the clear text password (with key ldap) to the file, or replace the current one.

Indication:

Attempts to log in to Web Center fail for a specific user while other users can log in.

Reason:

The user entry is not enabled.

Solution:

Open the user entry in the data view of the DirX Identity Manager, and set its attribute dxrState to ENABLED.

Reason:

The user entry doesn’t have a password (attribute userPassword).

Solution:

Open Web Center and reset the user’s password, or open the user entry in the data view of the DirX Identity Manager and assign a new password.

Reason:

The user enters an incorrect password.

Solution:

Reset the user’s password as in the previous case.

Indication:

All attempts to perform request workflow related tasks fail.

Reason:

A login configuration parameter is incorrect.

Solution:

Correct the request workflow configuration parameters in the deployment descriptor WEB-INF/web.xml, especially endpoint and, in case of connecting to the Java-based server via SSL, keystoreName and keyAlias.

Reason:

The Java-based server is down.

Solution:

Start the Java-based server.

Reason:

Java-based server and Tomcat server run on different hosts, and the port of the Java-based server is blocked by a firewall.

Solution:

Unblock the port for access from the Tomcat server host.

Reason:

In case of connecting to the Java-based server via SSL: Wrong or missing passwords in file WEB-INF/password.properties.

Solution:

Add the clear text passwords (with key webcenterKeystore and webcenterKey) to the file, or replace the current ones.

Indication:

All attempts to perform request workflow related tasks fail with error message "You cannot access request workflows in your current session since you have authenticated against Web Center without a password but the workflow service is not set up for single sign-on."

Reason:

Web Center authentication is setup for single sign-on but the connection between Web Center and the request workflow server is not.

Solution:

See the section "Setting up Single Sign-On to the Request Workflow Server" in the DirX Identity Web Center Reference for details.

Indication:

Web Center displays the login page or a start page instead of the requested one, along with a message that the requested session has expired..

Reason:

The request was sent with an invalid session cookie.

Web Center sessions do not live forever.They may time out due to inactivity, and do not survive a restart of the web server.So when a client sends an HTTP request to Web Center, the session referred to in the request’s session cookie may no longer exist.

Solution:

There’s no way to entirely avoid that problem.You can increase the session time out in Web Center’s deployment descriptor WEB-INF/web.xml, but that may result in other problems.

Indication:

When searching for objects you get the message "Size limit exceeded.Please use stronger search criteria".In fact the result is only a few entries or may be no entry at all.The defined Search Size Limit of your domain configuration entry is much higher.

Reason:

Searches for objects are filtered in two steps:

The search limit is reached during the search with the first filter in the LDAP database, which causes the message. The second filter removes a part of the entries from the retrieved list. This is dependent on the defined filters in the access policies of this user.

Access policies are XACML compliant.It is not always possible to convert an XACML filter to one LDAP filter.Thus filtering must sometimes be done in two steps, which causes this effect.

Solution:

The best way to avoid the problem is to use only access policy filters that can be mapped to LDAP filters.

Do not set the Search Size Limit of your domain to a value that’s too low.Try to find a value that works for most cases.

The user must refine his search filter to overcome the problem of the first search.Add a hint on all web pages that allow searching for objects to explain the user that he must refine the search.

Indication:

A user attempts to log on to the system and the procedure fails.

Reason:

Too many users have currently logged on to the system.These may be just a few, showing that the system is configured improperly.The reason is that there a too many sessions open which are unused and were not closed yet by the server.

Solution:

The solution is two-fold:

Indication:

A role parameter value is not displayed correctly.Assignment of another role parameter value is not possible.

Reason:

"!AS!" is per default used as attribute separator and "!NI!" as parameter value separator.If you use the parameter value AS or NI, these problems can occur.

Solution:

Set other separators in the renderers-config.xml file (for example YY and ZZ):