none
Problem in person view and edit RCDC or service authentication RRS feed

  • Question

  • I am doing some work for a client (on my own time - not STLCC) who has two different FIM Service/Portal sites configured.  On the sync server is a portal addressed by fimadmin.instution.edu and another by fim.institution.edu.  There are actually three servers:  a sync/service/portal server, and two FIM service/portal servers which are behind a load balancer.  Each server has a local hosts file entry pointing to itself for the site/service that it hosts.

    On the fimadmin site, the display of user details works fine.  There are additional tabs of user information configured.

    On the fim site, the loading of the user details stops with an error and the custom tabs do not appear.  At the bottom of the pop-up in red text:  "There's an error in the Person display configuration.  Please contact your system administrator."  When I turn on debug logging for the portal, I often see the error:  "The address of the security token issuer is not specified. An explicit issuer address must be specified in the binding for target 'http://fim.institution.edu:5725/ResourceManagementService/Enumeration' or the local issuer address must be configured in the credentials."  The two load-balanced servers are where the problem seems to be.  I ruled out a name association problem by putting in a fim.institution.edu entry in local hosts for the sync server (which is normally fimadmin) and it displayed the user detail just fine when accessed locally there.  The two problem servers also have SSL certs applied so that users accessing them can use https://fimadmin.institution.edu to reach the site and protect data, but it also is reachable by http and this really seems to be a problem in the authentication to the service and not to the web site.

    Does anyone have a suggestion as to what might cause that kind of error, or what I could do to try to resolve it?

    Thanks!

    Chris

    Saturday, December 14, 2013 8:21 PM

All replies

  • On Sat, 14 Dec 2013 20:21:09 +0000, Chris Clayton - STLCC wrote:

    Does anyone have a suggestion as to what might cause that kind of error, or what I could do to try to resolve it?

    Try making your load balancer sticky for 5725.


    Paul Adare - FIM CM MVP
    Yes, but they forgot to put in the essential checkbox:
    I am not a brain-damaged lemur on crack. -- Mark Hughes

    Saturday, December 14, 2013 9:15 PM
  • Paul,

    Thank you for the rapid response to my post!  (And thanks again for the excellent FIM Team presentation on FIM CM!)

    Load balancer stickies are definitely something to consider, but by my understanding I don't see how it could solve this problem.  The error happens even when I am logged in to the FIM portal server directly, running on IE on that server, and hitting that server's FIM portal via a local hosts entry.  The local hosts file entry should direct traffic to the FIM Service to the local box just as it does for the portal since they are addressed by the same FQDN.  Is there something in FIM that would bypass the OS-level name resolution and take DNS's word over the hosts file?  By my count, only traffic that would travel off-box would be the calls to the FIM Service database, which I believe is located on the same server as FIM Sync.

    Chris


    Sunday, December 15, 2013 5:07 AM
  • Chris,

    I know it has been a while since your question. For posterity's sake I thought I would my two cents: I just saw this same thing pop up when I traced the portal. Which I did after getting an RCDC error. However this error message had nothing to do with the RCDC error message. I resolved the RCDC by reverting to my previous version and making small changes until I found the issue. I had mistakenly put a rights query in a control on a create RCDC.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html

    Wednesday, March 29, 2017 2:18 AM