Sun Java System Instant Messaging 7.2 Administration Guide

Troubleshooting SSO for Instant Messaging

If there is a problem with SSO, the first thing to do is check the xmppd.log server log file and the client log files for errors. Increasing the logging level may be helpful. New logging levels will only take effect after server restart.

Ensure that Instant Messaging services have been assigned to the organization and its parent organization in the Access Manager console (amconsole). See Adding Instant Messaging and Presence Services to a Sub-organization in Access Manager for Single Sign-On and Policy Management Support for information.

Ensure that the im_server.usesso parameter is not set to 0 in iim.conf. See Table 5–1 for information on this parameter. If it is set to 0, complete the steps in To Enable SSO for Instant Messaging.

If you are unable to log into Instant Messaging directly, look in xmppd.log for an error similar to either of the following:

DEBUG xmppd [] Service        \\
URL not Service URL not found:

INFO xmppd [ 3] [Identity]     \\
Failed to create SSO token for USERNAME

INFO xmppd [org.netbeans.lib.collab.util.Worker 1] [LDAP]     \\
pops does not have required objectclass for storing to ldap

If any of these errors exist, use the following steps to solve the problem:

  1. Create a user through amconsole and add authentication, configuration, Instant Messaging, and presence services to the user.

  2. Attempt to log in with the user you created.

  3. Check to ensure that the amldapuser's password is correctly filled in through amconsole.

  4. Check whether the domain, for example,, has the Authentication Configuration Service Instance.

  5. Check if the Authentication Configuration Service Instance has the Authentication Module set to LDAP or Membership. The value should show a state of REQUIRED/SUFFICIENT.

    Instant Messaging only supports login with username and password. If you are using Auth-Chain, you need to disable it to use Instant Messaging.

  6. In the LDAP or Authentication Module, enter the amldapuser password for CORE.

  7. Select the newly created ldapService Authentication Configuration Service Instance under the Organization Authentication Configuration drop-down menu and the Administrator Authentication Configuration drop-down menu in the Core Authentication Module Configuration.

  8. Log in again.