IBM Support

Custom AAA style sheets should only use the value 'custom' for the 'type' attribute of the AAA context's 'entry' element

Technote (troubleshooting)


The use of the keyword 'tivoli' as the value of the type attribute for entry elements in custom AAA style sheets can cause unexpected behaviour during AAA processing.


After upgrading to DataPower appliance release 5.0.0, any AAA processing that uses custom style sheets might fail due to the use of the 'tivoli' keyword for Tivoli Access Manager credential processing.


The keyword 'tivoli' is used by the DataPower appliance AAA code related to the Tivoli Access Manager credential during AAA processing. The use of the 'tivoli' keyword as the value of the 'type' attribute in custom AAA style sheets conflicts with standard AAA processing. Any custom AAA style sheet should use the value 'custom' for the 'type' attribute.


AAA policies that contain custom processing style sheets, particularly during the Authentication and credential mapping phases.

Diagnosing the problem

The DataPower appliance system logs might show the following errors:

Mapped-Credentials format is special. One or more 'entry' child elements are

tivoli authorization failed with credential 'SPECIAL-FORMAT-NOT-PRINTED' for
resource '/resource'

Resolving the problem

Inspect any custom AAA style sheets for 'entry' elements that have 'type' attributes with values other than 'custom'. For example, if a custom AAA style sheet outputs the following XML entry node:

    <entry type="tivoli">

it should be updated to use:

    <entry type="custom">

When used in the AAA credential mapping phase, the output AAA context will then

     <entry type="custom">


Document information

More support for: WebSphere DataPower Integration Appliance XI52

Software version: 5.0.0, 6.0.0, 6.0.1, 7.0.0

Operating system(s): Firmware

Reference #: 1633392

Modified date: 05 June 2013

Translate this page: