10.0 SOAP Policy Enforcement Point (011)

The SOAP Policy Enforcement Point (PEP) interface is used by the NetWare and Linux Access Gateways for policy evaluation.

Component 011

Subgroup 01: General/Configuration
Subgroup 02: Authorization PEP
Subgroup 03: Identity Injection PEP
Subgroup 04: Form Fill PEP

Messages are logged to the catalina.out for trace and application level logging when Identity Server logging is enabled.

Event Code	Description	Remedy
General/Configuration
501101010	Start Policy Soap Handler	Policy Soap Message Handler received start command. Cause: Embedded Service Provider has been started Action: None. Informational message only.
501101011	Stop Policy Soap Handler	Policy Soap Message Handler received stop command. Cause: Embedded Service Provider has been stopped Action: None. Informational message only.
101101012	Policy Evaluator Not Running	The Policy Evaluator has been stopped. Cause: The Embedded Service Provider has been stopped by an administrator Action: Restart the Embedded Service Provider for the device.
101101013	General Failure	General failure processing policy request. Cause: Most often caused by incorrectly formatted XML. Action: Check catalina.out for stack trace and possibly more detailed information regarding the failure.
501101020	Request Received	Soap request received. Cause: Informational message which logs the type of request received Action: None. Informational message used for checking soap handler interactions.
501101021	Response Sent	Soap response sent. Cause: Informational message regarding soap response to a request Action: None. Informational message used for checking soap handler interactions.
101101022	Unsupported request received	A NXPES command other than configure, evaluate or terminate was received. Cause: The policy engine revision is incompatible with the application. Action: Validate the software installation.
201101023	Unrecognized Policy Identifier	Policy evaluation was requested for an unknown policy. Cause: The policy identifier known to the Access Gateway is stale. Action: Most often, this problem is detected by the Access Gateway and the policies are reconfigured. If the problem persists, send an Apply or Apply Changes to the device from the CLI or Administrative Console.
501101030	Configure Success	Successful policy configuration. Cause: Policy configuration succeeded Action: None. Informational message used for checking policy configuration.
201101030	Configure Warning	Policy Configuration Warning. Cause: Policy configuration request reported a problem in retrieving configuration data from the config store Action: Check the policy definitions in the Administration Console to ensure the configuration store is working properly, then reapply the configuration to the device.
101101031	Configure Failure	The policy requested is malformed or causes an exception during the configuration process. Cause: This is accompanied with a possible reason for the failure. Action: Check the policy configuration in the administrative console and reapply the configuration to the device.
501101032	Configure - Empty Policy Set	The set of policies requested either do not apply to the policy enforcement point or the set of policies do not match the categories selected in the policy enforcement list. Cause: This may be normal operation. Action: If a policy is expected, check the category of the policy and make sure the policy is enabled for the device.
501101040	Terminating policy	The set of policies represented by the policy ID are no longer needed and will be removed from the operating policy set. Cause: This happens each time a configuration is applied to the device. Action: None. This is an informational message only.
501101050	Evaluating policy	An evaluation request has been received for the set of policies represented by the policy ID. Cause: This happens at least once per user session per configured policy enforcement point. Action: None. This is an informational message only.
501101051	Policy Evaluation - Invalid User Error	User session received for policy evaluation was not found or contains invalid data. Cause: The Identity Service Provider which authenticated the user is not accessible from the Embedded Service Provider. Action: Most often, this error will automatically restart the user identification process for the Access Gateway. If that doesn't occur: Administrator: If problem persists, check health status of Identity Service Provider and take appropriate action. End User: Retry request. If not redirected to the Identity Service Provider, force a refresh of the current browser page and the Access Gateway/Embedded Service Provider will reinitiate the authentication process.
501101052	Policy Evaluation - Information Query Error	The Policy Evaluator is unable to gain access to information required by the policy. Cause: This is accompanied with a possible reason for failure. Action: As the administrator, check the health status of Identity Service Provider and take appropriate action.
501101053	Policy Evaluation - WSC Query Error	An attempt to use the WSC query mechanism of the ESP failed, the requested policy data is unavailable. Cause: This is accompanied with a possible reason for failure. Action: As the administrator, check the health status of Identity Service Provider and take appropriate action.
501101054	Policy Evaluation - Cluster Data Query Error	Attempt to retrieve user session data from ESP cluster member failed. Cause: The Embedded Service Provider which authenticated the user may not be accessible from the Embedded Service Provider evaluating the policy. Action: Most often, this error will automatically restart the user identification process for the Access Gateway. If that doesn't occur: End User: Close browser and retry request. Administrator: Check the health status of Embedded Service Provider referenced by IP address in the log and take appropriate action.
501101055	Policy Evaluation - Cluster Query Retry Count	Informational message containing the number of retries the ESP has made to request policy information from another cluster member. Cause: The Embedded Service Provider which authenticated the user may not be accessible from the Embedded Service Provider evaluating the policy. Action: None, this is an informational message only.
Authorization PEP
501102050	Policy Evaluation Trace	Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation.
Identity Injection PEP
501103050	Policy Evaluation Trace	Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation.
Form Fill PEP
501104050	Policy Evaluation Trace	Trace of an individual policy evaluation. Cause: Policy evaluation. Action: None. Informational message used for checking policy evaluation.