These steps are performed by someone who has had Access Manager training and understands the significance of the messages in the log files. This can be an IDP Administrator or a specialist.
On Identity Server, change to the Tomcat log directory.
/var/opt/novell/nam/logs/idp/nidplogs
Open the file that begins with the user identifier to which a session ID is appended.
If the user does not log out (just closes the browser window or the problem closes it), the session remains in the list of logged sessions. After 10 minutes of inactivity, the session is closed and the lock on the logging file is cleared. As long as the file is locked, no other application can read the file.
When a ticket expires, logging is stopped automatically. If you know that user is experiencing a problem that prevents the user from logging out, you might want to create a ticket with a short time limit.
(Conditional) If the user was experiencing a problem with an ESP, change to the Tomcat log directory on the Access Gateway server:
/opt/novell/nam/webapps/nesp/WEB-INF/logs
Open the file with the same user identifier and session ID.
After solving the problem, delete the file from each Identity Server in the cluster and each Access Gateway in the cluster.