Evidian

Evidian Blog

April 24, 2025
in WAM
1 min read

How to read or analyse a Coredump File on WAM

ARTICLE TYPE
FAQ

TITLE

How to read or analyse a Coredump File on WAM

ANSWER

Go to WAM Installation Folder (by default /usr/evidian/lpf)

cd /usr/evidian/lpf

Change Directory

cd /ap2/bin/

Enter the below command

. envvars

Note

After the dot there is an espace

Execute the below command

gdb -c path_of_coredump_file httpd

Note

Some coredump file comes with compressed (may be on RHEL9) files, and in this case, you need to first decompress it using the Linux Tool, then analyse the Coredump file with the gdb -c path_of_coredump_file httpd command.

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles:
How to Generate snapshot of Web Access Manager

April 16, 2025
in WAM
1 min read

File is cached or blocked

ARTICLE TYPE
FAQ

TITLE
File is cached or blocked

ANSWER

Sometimes your hosting (e.g., GitHub Pages, Netlify, etc.) caches old versions of the site.

Fixes:

Do a hard refresh (Ctrl + Shift + R or Cmd + Shift + R)
Try in an incognito window
Re-deploy the site (mkdocs gh-deploy or re-trigger CI build)

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles:
How to Generate snapshot of Web Access Manager

February 11, 2025
in WAM
1 min read

How to print WAM Variables in the End User Page

ARTICLE TYPE
How to

TITLE
How to print WAM ENV Varibles in EUA

ANSWER

Go the folder under WAM /usr/evidian/lpf/eua/docs/uaseua/uas/include

[root@oracle lpf]# cd /usr/evidian/lpf/eua/docs/uaseua/uas/include
[root@oracle include]# ls
accountdeleted.htm  uas_footer.htm  uas_header.htm  uas_navbarpriv.htm  uas_navbarpub.htm  waitsocial.htm

2. on the last line of uas_footer.htm file add below line to get the print of the env variables.

<pre><!--#printenv --></pre>

3. Then we can see in the WAM Portal Footer End user Page

lpf_allow_cond_for_auth_remote=1
lpf_allow_cond_for_admin=1
lpf_allow_cond_for_remote=1
LPF_SERVER_URL=http://localhost:9140
SCRIPT_URL=/psl/portal_welcome.htm
SCRIPT_URI=http://localhost:9140/psl/portal_welcome.htm
LPF_SERVER_TYPE=LPF_EUA_SRV
LPF_QUERY_STRING_SANITIZED=
LPF_HTTP_REFERER=
LPF_CLIENT_IP=192.168.40.35
LPF_PORTAL_CN=lpfportal_491251711024
lpf_portal_display_name=DB Portal
LPF_IFRAME_DETECTION_MODE=yes
LPF_EUA_CUSTOM_ID=0
LPF_GOOGLE_ANALYTICS_ID=-1
LPF_AUTH_SERVER_URL=http://oracle.evidian.local:9130
LPF_PORTAL_URL=http://oracle.evidian.local
LPF_LOGOUT_AUTO_BACK_TO_PORTAL=0
LPF_COOKIE_NAME=lpfgtw
LPF_PORTAL_NAME=DB Portal
LPF_SPECIAL_TOKEN_CN=lpfToken_000000
LPF_AUTH_DESCRIPTION_URL=/pxpadmin/rest/auth/form/

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM

Related articles:

February 10, 2025
in WAM
3 min read

WAM Audit Configuration Service

ARTICLE TYPE
How to

TITLE
WAM Audit Configuration Service

ANSWER

Securtiy Gateway

Installation

With following commands we can check WAM installation verification such as installation successfull , file customization , file ownership and mode.

Info

verify: to verify a WAM installation

[root@oracle bin]# ./lpfsetuputil -u verify

[root@oracle bin]# ./lpfsetuputil -u verify
-<I>-| The dbaapi initialization with the WAM Directory ldap://oracle.evidian.local:390/o=lpfRoot is successful
-<I>-| Verifying WAM installed under '/usr/evidian/lpf' ...
-<I>-| Loading checksum file '/usr/evidian/lpf/data/installed.txt' ...
-<I>-| There is no rollback file
-<I>-| Checking file existence ...
-<I>-| Checking checksum for files that are not customizable ...
-<I>-| Checking checksum for files that are customizable ...
-<I>-| Checking file ownership and mode ...
-<I>-| Processing files that need to be removed ...
-<I>-| All files have been successfully verified

Info

endinstall: to perform other operations done at the end of the installation

[root@oracle bin]# ./lpfsetuputil -u endinstall

-<I>-| Migrating Apache specific directives on WAM Authentication Servers ...
-<I>-| The WAM Authentication Server 'Built-in Authentication Server' already contains Apache specific directives for CORS
-<I>-| WARNING: You must check the specific directives for CORS for Authentication Server 'Built-in Authentication Server'
-<I>-| WARNING: New Specific directives for CORS should be:
-<I>-| WARNING:   ## CORS directives
-<I>-| WARNING:   Header  unset  Access-Control-Allow-Origin
-<I>-| WARNING:   # adapt this directive in order to take into account the domains allowed in CORS
-<I>-| WARNING:   # Example: SetEnvIf Origin "http(s)?://(.*.)?(test-pxp.frec.bull.fr)(:.*)?$" AccessControlAllowOrigin=$0
-<I>-| WARNING:   # to allow all domains: http or https, any domain, any port :
-<I>-| WARNING:   SetEnvIf Origin "http(s)?://(.*.)?(.*)(:.*)?$" AccessControlAllowOrigin=$0
-<I>-| WARNING:   Header always set  Access-Control-Allow-Origin %{AccessControlAllowOrigin}e  env=AccessControlAllowOrigin
-<I>-| WARNING:   Header always set Access-Control-Allow-Methods "*"
-<I>-| WARNING:   Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding, access-control-allow-origin, access-control-allow-credentials,Access-Control-Allow-Origin "
-<I>-| WARNING:   Header always set Access-Control-Allow-Credentials true
-<I>-| WARNING:
-<I>-| WARNING:   ## CIAM directives
-<I>-| WARNING:   Header always set X-Frame-Options SAMEORIGIN
-<I>-| WARNING:   # CIAM allowed domains must be identified, others must be rejected
-<I>-| WARNING:   # adapt this directive in order to take into account the allowed  domains
-<I>-| WARNING:   # by default all domains are allowed
-<I>-| WARNING:   # Example: SetEnvIf Referer "http(s)?://(.*.)?(test-pxp.frec.bull.fr)(.*)?" ALLOWEDORIGIN=1
-<I>-| WARNING:   # Comment the two following lines if you do not use the CIAM Connect JS SDK
-<I>-| WARNING:   SetEnvIf Referer "http(s)?://(.*.)?(.*)?" ALLOWEDORIGIN=1
-<I>-| WARNING:   Header always unset X-Frame-Options env=ALLOWEDORIGIN

info

WAM Version Check

[root@oracle bin]# ./lpfversion
WAM 9.0.10.8 (10359/240709163727) installed on oracle.evidian.local:/usr/evidian/lpf
LDAP schema version is 2.109
Provisioning Web Service version is 8.6.6
Portal JSP Welcome Server is Apache Tomcat/8.5.35
Welcome page server version is 4.1
Authentication server version is Apache/2.4.58
Security gateway version is Apache/2.4.58

Administration Server

Management of WAM Security Gateway administration server

Usage: ./lpfadmin <action> [Options]
action: -create, -delete, -start, -stop, -restart, -status

Options:
        -f: never check peer certificate with LDAPS
        -d <trace level>: the trace level
        -w <password>: old password for certificate database
        -l: for a deferred operation
        -b: for a background process
        -t <tempo>: temporization in seconds
        -p <ppid>: the parent process id
        -u <admin server URL>: the URL of the Admin Server
        -i [yes|no]>: does use IP listen ?

[root@oracle bin]# ./lpfadmin -status
http://oracle.evidian.local:9119 started
[root@oracle bin]#

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM

Related articles:

February 9, 2025
in WAM
2 min read

WAM Custom Localized Messages

ARTICLE TYPE
How to

TITLE
WAM Custom Localized Messages

ANSWER

Go to the WAM folder Localization

On Windows: C:\Program Files\Evidian\EWAM\config\localization
On Linux: /usr/evidian/lpf/config/localization

Under the localization folder we can see all types of language files such as eua.en,eua.fr and many more.
Uncomment the lines below only if files (eua.en, eua.fr) are modified under localization.conf

# EuaResourceFile en config/localization/eua.en
# EuaResourceFile fr config/localization/eua.fr
# EuaResourceFile ja config/localization/eua.ja

EuaResourceFile en config/localization/eua.en
EuaResourceFile fr config/localization/eua.fr
EuaResourceFile ja config/localization/eua.ja

4. Now override existing messages in a given language and you can comment on previous messages and add new messages corresponding to the Key ID.

# From sg/htmlerrors/errors/text401Reason31.html.fr
# LPF_MSG_EUA_174: Votre compte a été verrouillé,\nsoit après un trop grand nombre d’échecs d’authentification,\nsoit par décision de l’administrateur.
LPF_MSG_EUA_174: Votre compte a été verrouillé, soit après un trop grand nombre d’échecs d’authentification, soit par décision de l’administrateur.

# From sg/htmlerrors/errors/text401Reason31.html.fr
#LPF_MSG_EUA_175: Pour faire déverrouiller votre compte, veuillez contacter votre\nadministrateur.
LPF_MSG_EUA_175: Veuillez patienter 20 minutes puis réessayer de vous authentifier. À la suite d’une réinitialisation du mot de passe, ce délai doit aussi être respecté.<br />\n<br>Dans le cas où le verrouillage persiste, nous vous invitons à prendre contact avec le service d’assistance compétent :<br />\n- Support Pharmaciens : `0122333122333<br/>\n- Support Conseillers / Utilisateurs : Numéro interne

5. Restart the WAM

./lpfrestart

6. Now check the result on the end-user page.

February 8, 2025
in WAM
1 min read

How to verify WAM Health Check

ARTICLE TYPE
Troubleshootings

TITLE
How to verify WAM Health Check

ANSWER

By default installation Directory

On Windows via Powershell
C:\Program Files\Evidian\EWAM\bin

On Linux via Terminal
/usr/evidian/lpf/bin

WAM Service status

$LPF_ROOT_DIR/bin
./lpfstatus

Verify WAM Installation

$LPF_ROOT_DIR/bin
./lpfsetuputil -u verify

Retrieve the status of the WAM and all Users Directories

$LPF_ROOT_DIR/bin
./lpfldaputil -u checkdirectory

Retrieve information about the WAM Directory

$LPF_ROOT_DIR/bin
./lpfldaputil -u getpxpdir

Check the SSL communication with a Web Server

$LPF_ROOT_DIR/bin
./lpfldaputil -u s_client -e [ldaps://Server HOSTNAME.acme.com:636]

Where :
s_client: to check the SSL communication with a Web Server, using the command: openssl s_client

The other options are used only for some utilities: 
-e <port|url>: to specify the port or url to be used with`the 's_client' utility. 
May have one of the following form:
- NULL or empty: use the LDAPS port found in lpf.conf
- <port>: to specify the ldaps port of the PXP directory
- <host>:<port>: to specify a remote ldaps server
- <ldaps|https>://<host>:<port>: full URL of a SSL web server

To perform some check on declared certificate authorities

$LPF_ROOT_DIR/bin
./lpfldaputil -u checkcertauth

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles:

February 7, 2025
in WAM
13 min read

Evidian WAM FAQ

ARTICLE TYPE
FAQ

TITLE
Evidian WAM FAQ

ANSWER

2. Q009591 - WAM: How to verify Certificate Signatures in WAM?

4. Q009564 - How to optimise WAM performance?

5. Q009548 - WAM: How to Gather System Logs in Linux

7. Q009549 - WAM: How to set indexation on WAM attributes on an OpenDJ Directory?

9. Q009547 - WAM: How to Enable Web Sockets in the WAM?

11. Q009546 - WAM: IWA connections pool: When should it be turned on?

13. Q009545 - WAM: How to Modify Audit ID in the WAM?

15. Q009528 - CORS Problem

17. Q009527 - Cookies redirection

19. Q009524 - Certificate to renew for Push Authentication method

21. Q009519 - How to Set Tomcat Logs INFO to DEBUG Mode for OIDC?

23. Q009518 - How to Activate OpenID Expired Tokens Clean on WAM Node?

25. Q009512 - WAM Inaccessible

26. Q009490 - Methodology to simulate the access to an application to test and adapt the SSO on a complex formular.

27. Q009486 - No longer able to launch the Evidian WAM console after upgrading Java

28. Q009485 - How to Generate WAM GUI Logs

29. Q009484 - WAM: How to collect Microsoft Event Viewer Logs

30. Q009468 - Xalan Vulnerability Update for Jaspersoft Products (CVE-2022-34169)

31. Q009467 - How to Generate snapshot of Web Access Manager

32. Q009466 - How to Generate the HAR (HTTP Archive Viewers) Logs

33. Q009413 - Vulnerability Log4Shell

34. Q009410 - Failed to access some Windows backend servers since update to 9.0.8.11.

35. Q009409 - Failed to start the Windows service for the WAM Tomcat.

36. Q009401 - Security recommendation for the WAM Self Registration Service to prevent huge number of mails to be sent.

37. Q009356 - WAM: Error "HTTP Error 400. The size of the request headers is too long"

38. Q009369 - How to Configure Background Image in WAM Portal

39. Q009353 - WAM: Redirection from HTTP to HTTPS

40. Q009352 - WAM: How to Manage the Logout Button of IGA Policy Manager

41. Q009303 - WAM: Managing Users with LDAP

42. Q009302 - How to Enable/Disable a Specific TLS/SSL Protocol Version/Outdated Versions for Apache in WAM?

43. Q009316 - WAM: How to Set Server Name in Certificate Used for E-SSO WebService Access

44. Q008127 - Is It Possible to Redirect WAM Apache Log Files to syslog?

45. Q009226 - Maximum Number of Virtual Hosts Supported by WAM

46. Q009269 - Is the Portal JSP Welcome Server Component Required by WAM?

47. Q009263 - WAM: Bind Password of the E-SSO Interface Has Been Changed by Mistake. How to reconfigure it?

48. Q009189 - EUA: How to Set an Authentication Page Background Image

49. Q009205 - WAM: How to Remove "My lost password form" from Self Administration Window

50. Q009214 - WAM: How to Come Back to Portal Page Instead of Connection Page after Disconnection from IGA Request Manager

51. Q009169 - "Invalid DN syntax: invalid DN" at WAM Installation

52. Q009182 - WAM Upgrade with a Replicated 389DS Configuration Directory

53. Q009168 - Traces and Logs of Web Access Manager 9

54. Q009167 - WAM: Reverse-Mapping Problem when Several Portals Deployed

55. Q009166 - WAM: Encoding Issue when Injecting Password such as "@" and "!" in the Form Attribute through EPO

56. Q009152 - WAM Restart Failure with "Failed to restart the JSP server"

57. Q009120 - WAM: Error "Mixed Content: The page at 'https://URL1' was loaded over HTTPS, but requested an insecure resource 'http://URL2'. This request has been blocked"

58. Q009118 - WAM Does Not Start. WAM 389 DS Configuration Directory Corrupted

59. Q008633 - How to Restore a WAM OpenLDAP Configuration Directory

60. Q009063 - How to set indexation on WAM attributes on an AD-LDS Directory

61. Q009064 - Attributes that need to be indexed on WAM Directory for AD-LDS or 389 DS

62. Q009111 - WAM: Error 405 Returned on HTTP Request

63. Q009073 - WAM: Configuration Template for IGA10 Request Manager

64. Q009050 - WAM Configuration Not Applied

65. Q009065 - WAM: How to check and set cache configuration

66. Q009062 - WAM: How to trace: "Error: [-] The process 'httpd' has returned the code 1 (why=1 exit=1 signal=0 signal core=0"

67. Q009061 - WAM does not Restart on Linux after Addition of New Portals or web Agents

68. Q008174 - Synchronization of SafeKit Load Balancing with WAM Application

69. Q009040 - How to Suppress a Specific Cookie in the Header Received from the Browser Dynamically with WAM

70. Q008961 - WAM: Basic and NTLM Authentications

71. Q009003 - Authorized Applications Not Displayed on User's WAM Portal

72. Q008945 - About WAM Automatic User Unprovisioning

73. Q008980 - WAM: Is it Possible to Force the Header Accept-Language Information Given by the Browser?

74. Q008978 - Some Users Cannot Open "Excel" and "PDF" File on Application Page via WAM

75. Q008979 - WAM: SSO Fails if a User is Member of 2 Different Groups Granting the Same Shared Account

76. Q008977 - WAM: How to Prevent the HTTP Header "Server" from Being Sent to the Browser

77. Q008975 - How to recover the configuration after deletion of an Installed Host in the Global Tab of the WAM console

78. Q008976 - WAM: Error java.lang.assertionError:null when Launching the Console with JNLP

79. Q008885 - How to Save and Restore WAM and its OpenLDAP Directory

80. Q008866 - WAM: User Unable to Login. "Size limit exceeded" Error in Log

81. Q008839 - WAM: How to Import a Key from Another Server

82. Q008857 - DPNS 24-18020 "Improvement of Mobile when account are provisioned by IGA"

83. Q008105 - WAM: Error "Request Entity Too Large" Received when Transmitting Very Big POST

84. Q007934 - WAM: How to Install New Certificates?

85. Q008897 - WAM: Portal Does Not Start Because Too Many Tokens Are Used

86. Q008829 - WAM: Error at Creation of a Web Agent when a lot of Web Agents or Portals Already Exist on Windows OS

87. Q008797 - WAM: The Filter of the URL Collection Can Be Case Insensitive

88. Q008856 - WAM and Safekit Migration

89. Q008798 - WAM: How to Suppress the Deployed Gateways for BAA

90. Q008710 - WAM: No Error Message with HTTP Basic Authentication with Option "authentication delegated to authentication server"

91. Q008796 - How to Renew openldap Certificate with a WAM Key Pair

92. Q008847 - How to Interact with Application Cookies with WAM

93. Q008844 - WAM: How to Prevent the Access to a Portal or Web Agent for a Specific Browser

94. Q008845 - How to Check the Evidian WAM Licenses Count

95. Q008843 - WAM: How to Inject the Primary or Secondary Account Credentials Thru LpfSubstitute Directive

96. Q008846 - WAM lpfauth cgi Availability to Manage the Kerberos Token

97. Q008665 - WAM: How to Force the Redirection from Document Root to a Specific Document on a Portal or Web Agent

98. Q008794 - HTTP code 403 when Trying to Connect using a WAM Interdomain Authentication Server

99. Q008795 - WAM: How to Force the Use of a Specific URL Collection even when Using Multiple / in URL Address

100. Q008792 - "Error while loading shared libraries" when Launching Some Internal WAM Commands

101. Q008793 - WAM: Precision for the ACE of Type "SAML User"

102. Q008746 - WAM: Two Licenses Used for One User

103. Q008728 - WAM: Server Switching for Web Service E-SSO

104. Q008666 - WAM: How to Change Mail Template of Password Reset

105. Q008828 - WAM Runs out of Memory because of High Consumption of HTTPD.exe Process on VMware

106. Q008624 - WAM: Is it Possible to Change the Icon of a New Folder in the Browser when the Application Opens?

107. Q008640 - In a WAM Environment How to Change URL to Request Manager

108. Q008598 - WAM: Difference between "default" and "new attribute" for "Source of data" at Injection

109. Q008623 - How to Copy a Key-Pair from a WAM Source to Another WAM?

110. Q008642 - Impossible to restart the WAM services due to undefined variable JAVA_HOME

111. Q008596 - Unable to Connect to WAM Server in High Availability

112. Q008620 - How to add a new mime type to be parsed by WAM?

113. Q008621 - WAM: How to Add a Special Parameter in the HTTP Header?

114. Q008622 - WAM: How to Change Dynamically a Link in the Page Depending on the IP Address of the Browser?

115. Q008593 - How to Integrate Start and Stop of WAM 389-DS Directory in SafeKit

116. Q008542 - How to Export a WAM Configuration

117. Q008605 - How to Inject the Secondary Account Password in a Form when Password Tag Contains Dollar Character

118. Q008586 - Kerberos Authentication Does Not Work with WAM

119. Q008582 - Error when Trying to Access WAM Management Console

120. Q008575 - Message when Starting WAM Administration Console: "N % of users of the license are used"

121. Q007788 - WAM: How to Delete Users No Longer Present in Directory

122. Q008464 - LPFSG1:failure(142) when Generating a Test Certificate with the built-in Web Access Manager Certificate Authority

123. Q007937 - Impossible to Start WAM Portal on Linux. "Permission denied" Error

124. Q008551 - How to Inject the WAM Secondary Account Credentials through LpfSubstitute Directives?

125. Q008550 - How to Inject the WAM Primary Account Credentials through LpfSubstitute Directives?

126. Q008394 - How to Define the WAM server in /etc/hosts file?

127. Q008549 - How to Change the lpfadmin password in a WAM cluster environment?

128. Q008528 - WAM: How to Inject User Name in a HTTP Request Header

129. Q008523 - DROWN Attack Proof

130. Q008391 - How to Get a List of All WAM Environment Variables

131. Q008307 - How to Hide Application Icon on WAM Portal by Access Control

132. Q008353 - WAM Gateway SafeKit Module Does Not Check WAM Status

133. Q008340 - WAM Portal: How to Modify Button Appearance

134. Q008347 - How to Modify the Messages Displayed in the WAM Output HTML pages?

135. Q008314 - WAM: What Happens when Number of User Accounts Exceeds Defined Limit?

136. Q008311 - How to Manage SafeKit Load Balancing on More than 10 Ports with ewam_gw Module?

137. Q008412 - How to Change the Language of the WAM Administration Console?

138. Q008414 - WAM: Error "Bad Gateway"

139. Q008399 - WAM-Tomcat Service Absent from Windows Service List

140. Q008378 - Important information concerning the WAM Administration Console (GUI) when launched using Java 7 Update 51 or higher

141. Q008254 - Impossible to Start ewam_gw Module after Installation of WAM and SafeKit

142. Q008288 - Which Fedora Directory (389 DS) is Stable for WAM versions 8.0.7.x and 9.0.0.x?

143. Q008244 - Important Information for Mobile E-SSO with Enterprise SSO 8.06

144. Q008199 - SSL Error at Integration of an Application Working with TLSv1 Protocol in WAM with HTTPS

145. Q008206 - Mobile E-SSO Does Not Work after Migration to Enterprise SSO 8.06 Patch Level 3

146. Q008165 - Failure of Server Restart after Removing Remote Web Agents Server

147. Q008169 - Impossible to Restart WAM after WAM Configuration Modification

148. Q007978 - WAM: At Connection to a Portal, Services Not Linked to this Portal Are Also Visible

149. Q008141 - Is It Possible to Authenticate a User on a Directory via WAM and to Inject in HTTP Header the Groups He Belongs To?

150. Q007902 - Processes, Traces and Logs of Web Access Manager in Version 8 Evolutions 4 and 5

151. Q007900 - Processes, Traces and Logs of Web Access Manager in Version 8 Evolutions 6 and 7

152. Q008107 - Authentication Failure on WAM Portal with Radius Identikey on VASCO

153. Q008027 - WAM: The Delete Button Does Not Work with OWA 2003

154. Q007553 - Web Access Manager: Files to Be Saved

155. Q007930 - Is There Any Way in Web AccessManager to Configure the Maximum Size of the Apache Header that Can Be Managed by WAM?

156. Q008074 - How to Prevent the Access from Internet to the Pages Managed by the WAM Authentication Server

157. Q008081 - WAM: Is Kerberos Authentication with IIS Server Working with Google Chrome Browser

158. Q008080 - WAM: How to Prevent Google and other Internet Indexers to Register the Authentication Server Pages?

159. Q008062 - "Error: [-] Failed to retrieve the gateway" Error at WAM Start on SafeKit Cluster

160. Q008064 - WAM: How to Forward to the Application the Physical hostname of a Safekit Cluster

161. Q008063 - WAM: How to Forward to the Application the Information on the Authentication Level Really Used by the End User

162. Q008051 - Cache Validity Duration in WAM / Mobile E-SSO

163. Q008061 - "Error deleting openladap-data" Error at WAM Update on Windows 2008 R2

164. Q008060 - OWA Application No More Usable on IE Since Update to WAM 806 PL1 or PL2

165. Q008049 - WAM: What is the Consequence of the Certificate Expiration on the E-SSO Mobile Interface?

166. Q008032 - Web Access Manager: How to Create a Certificate with Existing Private Key and Certificate

167. Q007990 - WAM: "Error while generating Self Signed Certificate for KeyCertificate"

168. Q007985 - How to Set OpenLdap Directory Trace?

169. Q007944 - WAM: Mobile E-SSO Does Not Work

170. Q007872 - Procedure to Migrate Linux Operating System, Web Access Manager and SafeKit

171. Q007876 - Web Access Manager: How to Take Into Account a New SSL Certificate on a HTTPS Portal?

172. Q007887 - Access to the WAM Service through DNS Name or IP Address

173. Q007924 - WAM Does Not Work after Java Update

174. Q007842 - Web Access Manager: Memory Used

175. Q007823 - How to Recover a Corrupted WAM Directory in version 8.0.5?

176. Q007806 - After Installation of Web Access Manager and SafeKit on Two Systems, spread.exe Does Not Start

177. Q007464 - Web Access Manager: How to Prevent the Directory Browsing thru http?

178. Q007764 - WAM: How to Have Different Authentication Forms Depending on the Service to Access?

179. Q007481 - How to Prevent the Display of a Web Access Manager Authentication Window when Opening an IFRAME?

180. Q007480 - Web Access Manager: How to Delete a Cookie by EPO?

181. Q007461 - WAM: How to Redirect the End User to the User's Services List Portal Page at User Disconnection?

182. Q007760 - WAM: Meaning of "Your session has expired, please reauthenticate" Error Message

183. Q007810 - Web Access Manager: How to Force a Mapping by EPO (Extended Parse Over) Rule?

184. Q007718 - Web Access Manager: Index to Improve Performance on OpenLDAP WAM Directory

185. Q007765 - Web Access Manager: Impossible to Integrate a New Certificate in Remote Agent

186. Q007593 - AccessMaster: How to Use in WAM a New Attribute Created in OpenLDAP?

187. Q007761 - Mapping Not Done with Web Access Manager thru a Portal. 403 http Error.

188. Q007759 - How to Create or Modify SAM Web / Web Access Manager Console Administrator Password?

189. Q007715 - Primary Account Not Displayed in Web Access Manager Administration Console

190. Q007680 - Password Change Impossible via Self-Service after Migration from SAM Web to Web Access Manager

191. Q007670 - DPNS 24-11016 "Capacity to provisioning wam credentials from policy manager"

192. Q007661 - Web Access Manager: How to Log User-Agent Field in Access Log File

193. Q007317 - SAM Web / Web Access Manager: "InvalidSearchFilterException: Unbalanced parenthesis" during Creation of a Group in an Access Control with Java 1.6.0_19

194. Q006955 - Web Access Manager and Self Signed Certificate

195. Q006818 - SAM Web / Web Access Management: Cannot Perform SSO to a Target Web Server as the Logon Form is Built Dynamically by Javascript

196. Q006850 - SAM Web / Web Access Manager: Is it Possible to Limit Access to Some URL Path?

197. Q006868 - Account Created in SAM SE Is Not Visible in SAM Web / Web Access Manager

198. Q007452 - Web Access Manager / SAM Web: Is it Possible to Get Accounting Information on SAML Assertion Sent to User?

199. Q007352 - Remote Web Agent Does Not Take Into Account Start URL of the Associated Service

200. Q007509 - Web Access Manager / SAM Web: SSO Does Not Work when Secondary Login Form Has multipart/form-data Encoding Type

201. Q007262 - How to Change the Service Name in Web Access Manager / SAM Web Console?

202. Q007239 - Is It Possible to Change Web Access Manager / SAM Web Configuration via a LDAP Browser?

203. Q007193 - Web Access Manager / SAM Web: How to Redirect the HTTP Requests on a Server to the Same Server in HTTPS?

204. Q007028 - Web Access Manager / SAM Web: How to Differentiate URL Collections when Only One Parameter Differs?

205. Q007133 - Web Access Manager / SAM Web: How to Suppress Links Containing a Given Character Chain?

206. Q007072 - SAM Web / Web Access Manager: Problem to Display PDF Files with IE6 in HTTPS

207. Q007117 - Web Access Manager / SAM Web: Is It Possible to Customize Error Page?

208. Q007147 - Web Access Manager / SAM Web: What Are proxy-lpfportal_xxx/core/core.yyy Files

209. Q007148 - Web Access Manager / SAM Web: Difference Between Entering "/" at the End of the URL and Not

210. Q007113 - Web Access Manager / SAM Web: End User Administration Listen Address

211. Q006889 - Web Access Manager / SAM Web: POST of user/password Does Not Work

212. Q007109 - Where Can We Install a New Apache Module in Web Access Manager / SAM Web?

213. Q007106 - Web Access Manager / SAM Web: Password Policy Questions and Answers

214. Q006972 - Is It Possible to Configure Two AccessMaster Servers in SAM Web / Web AM in the Same Time?

215. Q006991 - Web AM / SAM Web: Information on File Compression

216. Q006483 - SAM Web / Web Access Manager: How to Make a Rotation on catalina.out Log File?

217. Q007108 - How to Enable Apache mod_status for SAM Web / Web Access Management?

218. Q007022 - Connection Refused though SSO Logon Form is Correctly Filled and Automatically Sent by SAM Web / Web Access Manager

219. Q007036 - Web Access Manager / SAM Web: How to Migrate an EWAM Directory from Linux Machine to Windows Machine?

220. Q006904 - Web Access Manager: Difficulty to Configure Portals Listening to Two Different Ports to Make them Listening to the Same Port

221. Q006689 - SAM Web / Web Access Manager: Additional Field for Form Authentication

222. Q006765 - SAM Web / Web Access Manager: Is It Possible to Authenticate with the "Multi Users Directories" Followed by RADIUS?

223. Q006963 - Web Access Manager / SAM Web: "Failed to lock the cache 'SAM Web cache 1': no thread mutex" Error

224. Q005930 - SAM Web / Web Access Manager: Information on Performance

225. Q007027 - SAM Web / Web Access Manager: What is the Meaning of "Force flush to browser" Parameter in Advanced Tab of the URL Collection?

226. Q007033 - SAM Web / Web Access Manager: Performance Issue with Page Retransmission

227. Q007032 - SAP Performance Problem Behind SAM Web / Web Access Manager

228. Q007016 - Web Access Manager Does Not Get SSO Data from Enterprise SSO Directory

229. Q006973 - Web Access Manager / SAM Web: Is It Possible to Have Two Different Authentication Forms for Two Portals on the Same Application ?

230. Q006958 - SafeKit Script start_both Does Not Start SAM Web / Web Access Manager Processes

231. Q007049 - How to Configure SAM Web / Web Access Manager to Provide a /robots.txt (Search Engine and Spider Instructions)?

232. Q007037 - SAM Web / Web Access Manager: Authentication Failure when Password Contains Accent

233. Q007045 - SAM Web / Web AccessManager: Is It Possible to Have a Mapping One to One of Primary Login ID and Secondary Login ID?

234. Q006902 - Web AM / SAM Web: How to Configure URL Filter for Multi-Domain SAML Authentication?

235. Q006901 - Web AM / SAM Web: How to Configure SAML Authentication?

236. Q006387 - After Migration to Web Access Manager Login Forms Have a Different Behavior

237. Q006769 - SAM Web: How to Add a Certification Authority (CA) in Command Line?

238. Q006906 - Web AM / SAM Web Changes HTML UTF-8 Application Encoding

239. Q006894 - Web AM / SAM Web: How to Specify Star Condition in Filter of URL Suffixes in URL Collection Menu?

240. Q006821 - Web AccessManager / SAM Web: Which Is the Rule to Apply to Change 'var path:"/"' to 'var path="/Test/"'

241. Q006886 - Web Access Manager / SAM Web: IE6 Security Warning Stating the Page Content Is Not Secured because of Mixed Content

242. Q006792 - Web AccessManager / SAM Web: IE6 Security Warning Stating the Page Content Is Not Secured because of Mixed Content

243. Q006819 - How to Modify SAM Web to Make It Working with a New AccessMaster User Directory Similar to the Current One?

244. Q006710 - SAM Web / WAM: How to Define the Number of Connections to User Directory Established by the Security Gateway?

245. Q005023 - IIS 7 Configuration for Kerberos Authentication

246. Q006590 - Web AM / SAM Web Configuration for Outlook Web Access

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , FAQ

January 1, 2025
in WAM
2 min read

WAM: How to Clean OIDC Token in WAM?

SUBJECT / PROBLEM DESCRIPTION

How to Clean OIDC Token in WAM?

ANSWER / SOLUTION

Yes , there is a possibility to removed/cleaned expired tokens on Evidian WAM via Command Line or automatic way.

Verify the default configuration Clean Expired Tokens under $LPF_ROOT_DIR/config/lpf.conf

Default validity duration for tokens used for authentication,

in seconds (Default value: 600 seconds).

DEFAULT_AUTH_TOKENS_VALIDITY=600

Expired tokens clean frequency, in minutes

(Defaut value: 15 minutes).

EXPIRED_TOKENS_CLEAN_FREQUENCY=15

Remove/Clean Tokens via CLI :

Go to the WAM installation Directory $LPF_ROOT_DIR/bin

./lpfldaputil -u [-d ] [-I ]

cleantokens: to remove tokens that are older than days

Execute below command to clean token and this command will clean older than 1 day.

./lpfldaputil -u cleantokens

[root@rocky bin]# ./lpfldaputil -u cleantokens

Removing expired authentication tokens ...

0 authentication tokens have been removed

Removing authentication tokens that are older than 1 day(s) ...

Success: Authentication tokens older than 1 days have been successfully removed

Clean Token more than 10 days older

[root@rocky bin]# ./lpfldaputil -u cleantokens -D 10

Removing expired authentication tokens ...

0 authentication tokens have been removed

Removing authentication tokens that are older than 10 day(s) ...

Success: Authentication tokens older than 10 days have been successfully removed

There is also a possibility to Export WAM config without authentication tokens

Execute below command to have WAM config without Tokens

[root@rocky bin]# ./lpfldaputil -u export -g

Exporting the branch 'o=lpfRoot' of the WAM Directory ...

Exporting the branch 'o=lpfuserroot' of the WAM Directory ...

Success: The WAM Directory has been successfully exported to file '/usr/evidian/lpf/tmp/pxpbackup_22_Oct_2024_15_16_33'

[root@rocky bin]#

Where :

-D : the number of days for the 'cleantokens' option

-g: for the 'export' utility, ignore authentication tokens

If you would like to clean OpenID Expired Tokens automatic way , please refers to below FAQ : How to Activate OpenID Expired Tokens Clean on WAM Node?

PRODUCT VERSION(S)

WAM 9.0.8 , WAM 9.0.9 , WAM 9.0.10

KEYWORDS

Clean Tokens , OIDC Clean Tokens , OIDC , Expired Tokens

Knowledge Base Id:	Q0xxxxx
Article Type:	Technical Note
Last Reviewed:

August 21, 2024
in WAM
1 min read

Evidian WAM Password Policy

ARTICLE TYPE
FAQ

TITLE
Evidian WAM Password Policy

ANSWER

By using Web Access Manager Password Policy, you can define rules regarding the modifications of Primary Account passwords and set the Primary Accounts lock out policy. You can also set one primary password policy per User Directory.The Built-in Password Policy in the object is created when Web Access Manager is installed. You can either use this object or create new Password Policy objects.

WAM Password Quality

The Password Quality objects allow you to define the format of the passwords that should meet your password quality requirements. Upon the installation of Web Access Manager, a Built-in Password Quality object is automatically created. You can either use this object or create new Password Quality objects.

Managing Characters Sets

To meet your password quality requirements, you can use different character set, through the Web Access Manager characters sets objects. Upon Web Access Manager installation, Characters Sets are automatically created. This enables you to define immediately your password quality requirements, using the Password Quality objects.

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles:

August 16, 2024
in Safekit, WAM
1 min read

No WAM access via Safekit VIP

Troubleshoot

Test TCP load balancing on a virtual IP address

A mosaic test is delivered with SafeKit and Set the following load balancing rule in userconfig.xml:

<rule port="9010" proto="tcp" filter="on_port"/>

On an external workstation, connect a browser to the URL: http://virtual_ip:9010/safekit/mosaic.html
Enter the module name and the URL with the virtual IP
```
http://virtual_ip:9010/safekit/mosaic.html
```

Safekit TCP Load Balancing — Safekit Loadbalancing

Special command to check the load balancing bitmap for port 9010 on each node

safekit –r vip_if_ctrl –l

Solutions

Check that you are on an external workstation and not on the nodes themselves

On each node, check the connections on the virtual IP

On Windows:
netstat –an | findstr <virtual IP>

On Linux:
netstat –an | grep <virtual IP>

Stop/start the module on each node to check which one is taking connections