Custom AAA style sheets should only use the value 'custom' for the 'type' attribute of the AAA context's 'entry' element
The use of the keyword 'tivoli' as the value of the type attribute for entry elements in custom AAA style sheets can cause unexpected behaviour during AAA processing.
After upgrading to DataPower appliance release 5.0.0, any AAA processing that uses custom style sheets might fail due to the use of the 'tivoli' keyword for Tivoli Access Manager credential processing.
The keyword 'tivoli' is used by the DataPower appliance AAA code related to the Tivoli Access Manager credential during AAA processing. The use of the 'tivoli' keyword as the value of the 'type' attribute in custom AAA style sheets conflicts with standard AAA processing. Any custom AAA style sheet should use the value 'custom' for the 'type' attribute.
AAA policies that contain custom processing style sheets, particularly during the Authentication and credential mapping phases.
Diagnosing the problem
The DataPower appliance system logs might show the following errors:
Mapped-Credentials format is special. One or more 'entry' child elements are
tivoli authorization failed with credential 'SPECIAL-FORMAT-NOT-PRINTED' for
Resolving the problem
Inspect any custom AAA style sheets for 'entry' elements that have 'type' attributes with values other than 'custom'. For example, if a custom AAA style sheet outputs the following XML entry node:
More support for:
WebSphere DataPower Integration Appliance XI52
Software version: 5.0.0, 6.0.0, 6.0.1, 7.0.0
Operating system(s): Firmware
Reference #: 1633392
Modified date: 05 June 2013
Translate this page: