The use of the keyword 'tivoli' as the value of the type attribute for entry elements in custom AAA style sheets can cause unexpected behaviour during AAA processing.
After upgrading to DataPower appliance release 5.0.0, any AAA processing that uses custom style sheets might fail due to the use of the 'tivoli' keyword for Tivoli Access Manager credential processing.
The keyword 'tivoli' is used by the DataPower appliance AAA code related to the Tivoli Access Manager credential during AAA processing. The use of the 'tivoli' keyword as the value of the 'type' attribute in custom AAA style sheets conflicts with standard AAA processing. Any custom AAA style sheet should use the value 'custom' for the 'type' attribute.
AAA policies that contain custom processing style sheets, particularly during the Authentication and credential mapping phases.
Diagnosing the problem
The DataPower appliance system logs might show the following errors:
Mapped-Credentials format is special. One or more 'entry' child elements are
tivoli authorization failed with credential 'SPECIAL-FORMAT-NOT-PRINTED' for
Resolving the problem
Inspect any custom AAA style sheets for 'entry' elements that have 'type' attributes with values other than 'custom'. For example, if a custom AAA style sheet outputs the following XML entry node: