Appendix B Troubleshooting the Apache HTTP Server 2.2 Policy Agent

Many of the following symptoms and solutions apply to all web agents, but some solutions are adapted specifically to the Apache HTTP Server 2.2 agent:

• On UNIX, retrieving and encrypting information from the password file returns an error

• Browser loops before displaying an access-denied page

• Using Internet Explorer, access is denied when you access a resource

To determine if a problem is a known limitation of the web agent, check the Sun Java System Access Manager Policy Agent 2.2 Release Notes. For some limitations, a workaround might also be available.

On UNIX, retrieving and encrypting information from the password file returns an error

Symptom: On UNIX-based systems, during the installation process, retrieving and encrypting information from the password file results in an error such as the following:

Reading data from file path-of-password-file
 and encrypting it ... ***ERROR: Installation failed due to the 
following error - (Invalid empty password specified.).

Where path-of-password-file is a placeholder representing the path to a file from which the system is attempting to retrieve the password.

Possible Causes: The crypt_util program does not have executable permissions. Ensuring that this program has executable permissions is a step that should be performed prior to installation.

Possible Solution:

1. Add executable permissions to the crypt_util program as described in To Prepare to Install the Apache HTTP Server 2.2 Agent.

2. Remove the Agent_00x directory, presumably Agent_001.

3. Install the agent.

Browser loops before displaying an access-denied page

Symptom: The browser goes into a loop for approximately a minute before displaying an access-denied page.

Possible Cause: The user tries to access a resource for which a policy with a time condition has been set and the time on the web agent host and the Access Manager host are not in sync.

Possible Solution: Login as root and run the command rdate hostname to synchronize the time on both the hosts.

Using Internet Explorer, access is denied when you access a resource

Symptom: When a user attempts to access a resource using Internet Explorer as the browser, access is denied.

Possible Cause: Internet Explorer overrides the port number of the web agent with the Access Manager port number. In such cases, the agent log file lists the URL that is being evaluated. The port number for that URL is incorrect.

Possible Solution: You can ensure this problem does not occur by setting the following property in the web agent AMAgent.properties configuration file to true as shown:

com.sun.am.policy.agents.config.override_port = true