Ujwol Shrestha

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [10/5/2016]

Blog Post created by Ujwol Shrestha Employee on May 9, 2016

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 2nd April 2016 for your reference:

 

R12 SP2 Application Server Agent for WebSphere (TAI) fails to initialize after Java upgrade on WebSphere.
After upgrading WebSphere with Java 1.7, the Application Server Agent throws the following error in the SystemOut.log; Trust Association Init Unable to load Trust Association class com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor.
Last Update: 5/9/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1286701

Task Failed on modifying a policy object in Web Administrative UI with Oracle Directory Server as Policy Store.
"Unknown Failure" was shown on the screen and an LDAP Error was recorded in the smps.log at the time.
Last Update: 5/9/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1056057

Global response not triggering for Application with multiple components
Why is our configured Siteminder global response not triggering for Application with multiple components?
Last Update: 5/9/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1140466

Password Policy redirect
Redirect to a customized error page when password services is invoked.
Last Update: 5/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1741076

Policy store load failure.
After upgrading SiteMinder and the policy store a custom app that implements the Policy Management API sporadically fails to update objects.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1989246

SharePoint Connection Wizard Errors
Getting "No existing SharePoint Connections!" when trying to create a new SharePoint Agent connection.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1972332

Undocumented Fixes of Secure Proxy Server 12.51/12.52 SP1
This article explains Undocumented Fixes of SPS12.51/12.52 SP1. WAOP fixes are included in SPS as well: 134371 - SPS 12.51 CR06 139030 - SPS 12.52 SP01 CR01
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1567644

Seeing many "Policy store failed operation 'MultipleSearch' errors in the SMPS.log with R12.52 SP1 Policy Server.
With CA Directory 12.0.14 as a Policy Store, we are seeing many "Policy store failed operation 'MultipleSearch' for object type 'Root'. LDAP Error Doing UserDirectory_Fetch: 82: Local error" in the SMPS.log.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1626754

Why password entries will be rejected when using the password dictionary for password services ?
What are the circumstances when a password will be rejected when using password dictionary feature for SiteMinder password services.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1444634

FSS UI Does Not Appear in Installed Components
How to install the FSS Administrative UI to manage Policy Store objects instead of the WAMUI.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1592822

Ignorable error message ”SEVERE: No global naming context defined for server” on SPS startup
This article explains an ignorable error message of SPS satrtup: ”SEVERE: No global naming context defined for server”.
Last Update: 5/6/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1557306

Policy Server showing spikes in connections multiple times a day
Policy server connections spike, normal queue grows – slow responses reported by the SSO agents on the webservers (20 seconds delays)
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1890108

CA Federation & Office 365 Integration: ObjectGUID as ImmutableID
This document explains CA Federation & Office 365 Integration: How to define ObjectGUID(binary attribute) as ImmutableID attribute in the Federation Partnership.
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1782098

'No SAML2 SP Provider found' Error in Federation
Meaning of 'No SAML2 SP Provider found' Error in Federation, SAML2 transaction.
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1689376

Dynamically setting AuthnContextClassRef in the assertions
Dynamically setting AuthnContextClassRef in the assertions based upon the authentication scheme or authentication level that the SSO user authenticated with; currently the Assertion Generator API does not have that information exposed to it.
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1354535

"Allow Protection Override" checkbook on the custom authentication-scheme.
Documentation(topic is, "custom-authentication-schemes") describes Allow Protection Override" checkbook on the authentication-scheme. This option specifies that the protection level in the library takes precedence over the protection level specified in t
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1674413

XSS Error in the browser, CA Federation & Office 365 Integration,
XSS Error in the browser, CA Federation & Office 365 Integration, as part of CA Federation and Office 365 integration when testing in Internet Explorer after authentication,
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1252731

SMPS Error: "Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework."
500 Error during CA Federation & Office 365 Transaction. SMPS Error: "Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework."
Last Update: 5/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1880219

How to resolve the "Error: Exception User might not have required permissions to get group information" when logging into the R12.52 SP1 ProxyUI.
When logging into the R12.52 SP1 Single Sign-On (fka SiteMinder) Access Control Gateway (fka Secure Proxy Server) ProxyUI an error message is displayed stating "Error: Exception User might not have required permissions to get group information"
Last Update: 5/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1304259

Unable to search for users or groups from SiteMinder in the PeoplePicker.
PeoplePicker searches from the Central Admin Server in SharePoint 2010 are not returning any results from SiteMinder.
Last Update: 5/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1808602

Disable Agent Discovery feature to prevent SiteMinder Policy Store corruption by Agent Instance objects in a Muti-Master replicated Policy Store environment.
Agent Discovery can cause corruption of Policy Store objects in a Multi-Maser replicated Policy Store environment and should be disabled in these environments.
Last Update: 5/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1889667

Is a cookie provider necessary between the Web Agents on a reverse proxy server and backend web servers?
In the case of both the reverse proxy server and the backend web servers have Web Agents installed, their cookie domains can be different. This article explains such case.
Last Update: 5/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1399808

What are the possible handshake errors in policy server?
Bad security handshake attempt
Last Update: 4/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1543455

R12.52 SP1 Federation Manager AdminUI is not accessible after an upgrade
Upgrading to R12.52 SP1 CR04 CA Federation Manager from previous CR causes AdminUI to be unavailable.
Last Update: 4/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1599058

LIMIT_EXCEEDED(4) with partial result error showing when accessing a resource
Access to a protected resource is refused only when the user is member of more than one group.
Last Update: 4/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1244697

Howto enabled debugging of SSL connections from the proxy-engine to the backend server in CA Access Gateway (formerly CA Secure Proxy Server)
The java runtime setting -Djavax.net.debug=all will show details of the SSL connection handshakes as well as log the transferred data.
Last Update: 4/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1860387

Convert HTTP to HTTPS requests using Secure Proxy Server
Convert HTTP to HTTPS requests using SPS via Apache module or SPS proxy rules
Last Update: 4/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1945397

Secure Connection to AD User Directory with StartTLS
We currently have a secure connection to an AD USER DIRECTORY over 636. Can we use a Start TLS connection to connect over 389, and if so, how would we configure that?
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1469283

Question about HCO policy server clusters
When configuring the policy servers in a cluster in the HCO, it asks for a single port number. For non-clustered HCOs, the policy server is always coded with three ports (e.g., 44441, 44442, 44443). How do we configure the cluster ports?
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1231237

Policy Server's “ServerCommandTimeDelay” is renamed to “MaxTimeDeltaBetweenServers” from R12.51 and above
This article addresses change in the registry key name for the Policy Server.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1888869

Error: Username and password do not match
Increase entropy on policy server/WAM UI system
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1652849

There are consecutive spaces found in the installation home directory
'libidn.so.11' 32-bit library is not present on the machine
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1744609

Advanced Password Services only supports the Domain Model
Advanced Password Services is only supported by the Domain Model. Application Model is not supported.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1427491

What is the /config/XPS.cfg file used for?
XPS XPSConfig xps.cfg utility configuration
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1607105

SP-initiated POST Binding in r12.0 SP3
Our application works only as SP initiated request. This application would POST SAML request to SiteMinder 12.0 SP3. The application requires HTTP-POST binding and cannot use HTTP-REDIRECT. How can this workflow be implemented?
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1301206

Setup of Riskminder fails after already having policy server setup.
Steps to resolve the issue where Riskminder service will not run when configuring it with the Configuration Wizard without using the Configuration Wizard to also setup the Policy Store.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1951662

Federation not working in IE
Federated calls with IE are no longer working without re-authenticating, since upgrading to IE version 24
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1073418

Tombstoned object is preventing creation of new object with same name.
Tombstoned object is preventing creation of new object with same name. Will need to remove tombstoned object from Policy Store so that you can re-create it.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1103262

Failed Handshake between Webagent and Policy Server.
What are the reason of a Failed Handshake between Webagent and Policy Server (need to re-register the Agent)
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC559187

Cannot Delete User Directory
User Directory still has references to it, so it could not be deleted.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1866433

FSSUI: too many items
FSSUI will throw error about too many items when buffer is set too low.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1025064

Secure Proxy Server does not start with Java 8 JDK
Java 8 JDK is not supported by the Secure Proxy Server. JDK 7 is supported.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1308205

Resolving certificate errors for the SPS and Agent for SharePoint Tomcat Proxy.
Receiving a "Certificate for is not trusted or bad certificate" in the Secure Proxy Server/Agent for SharePoint Trace File when connecting to the back-end Server over SSL.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1628104

Change the hostname in SiteMinder Administrative UI
We have R12.x Admin UI installed on Windows Server. The hostname of the Server has changed, is there any way to change the hostname in admin UI configuration so that I can access AdminUI with new hostname without reinstalling or modifying local hosts file
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1041056

(WARN) : [sm-xpsxps-03500] CA.SPS: No product library
When I am trying to run the XPS tools through command line, I am receiving the below message: (WARN) : [sm-xpsxps-03500] CA.SPS: No product library.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1579314

User Directory with filter having 2 attributes for ID-From-Login
We are trying to allow the user to log in with the uid or email address. Even after creating a search filter to login with both Email ID/UID in User Directory definition, it does not get resolved to the ID entered by the user (ID-From-Login).
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1992791

Redirecting users after their idle session or maximum session times have been reached
This document covers the user of the IdleTimeoutURL and MaxTimeoutURL Agent Configuration Object settings.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC490906

How to disable Policy Server automatic restart after the crash?
This article covers a setting in siteminder.conf that controls smexec's behavior.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC507375

Tracksessiondomain parameter in ACO and use FQDN as the cookie domain
When we enable tracksessiondomain parameter in ACO and use FQDN as the cookie domain you get an error 10-0017 error log states that the domain is not in the cookie and when we run the agent in 4x compat mode.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1770774

Request to back end server is timing out after specified timeout parameter
Request to back end server is timing out after few seconds and resulting with an error when they were posting some information to the back end server.

 

Enable logging in secure proxy server
enable logging like FWStrace, mod_jk and httpclient log in secure proxy server
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1805983

Web Agent and Policy Server Network Communication Disruption
This article describes the TCP keepalive based environment variable used in the components of CA SSO for improving network communication.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1079236

Updating expired SSL certificates for the Virtual Hosts on the Single Sign-On Agent for SharePoint 2010/2013
This article discusses updating expired SSL certificates for the Apache Web Server Virtual Hosts on the R12.52 SP1 Single Sign-On Agent for SharePoint 2010/2013. These steps are also valid for updating the certificates for the Access Control Gateway.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1926033

When installing CA Secure Gateway (formerly Secure Proxy Server) What is the "Master Key for Policy Server' ?
The "Master Key for Policy Server" is the Session Assurance Encryption Master Key. It must match the same entry as that entered on the Policy Server
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1883207

How to fix the deployment location of login pages on CA Access Gateway (formerly SPS Secure Proxy Server)
The login.fcc page is not deployed in the usual location on CA Access Gateway and need to be copied to the correct location.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1977406

Details on install of JSafe JCE jar files : cryptoj.jar and cryptojFIPS.jar on CA Access Gateway (formerly Secure Proxy Server)
CA Access Gateway (formerly Secure Proxy Server) deploys several cryptoj.jar and cryptojFIPS.jar files this article explains what they do
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1243588

How to enabled CA Secure Gateway (formely Secure Proxy Server) to do NTLM authentication to the backend server
CA Secure Gateway (formerly Secure Proxy Server) can proxy onto backend servers that require NTLM authentication - this article shows how to setup that feature.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1887945

Resolving Problems installing the Java JCE Unlimited Strength Jurisdiction Policy Files package
Many problems with encryption result from the Oracle JCE Unlimited Strength Jurisdiction Policy Files package not being installed correctly.
Last Update: 4/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1698523

Can multiple values be configured for LogOffURI parameter?
This document outlines how to configure multiple resources as LogOffURI's with Single Sign-On (formerly SiteMinder)
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC487762

What LDAP queries does Single Sign-On (formerly SiteMinder) execute upon clicking the View Contents button in User Directory Properties dialog box?
The queries executed are controlled by a registry setting covered in this document.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC485119

Host Configuration Object clusters and EnableFailover
Details on when EnableFailover applies to a Host Configuration Object
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC583377

Single Sign-On Agent for PeopleSoft Agent API initialization error
The 12.51 version of the Single Sign-On Agent for PeopleSoft has new requirements on Unix operating systems to operate correctly.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1420786

Response attribute WebAgent-OnValidate-Redirect & WebAgent-OnAuthAccept-Session-Variable missing in WAMUI.
Unable to find Response attribute missing in WAMUI.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1120965

SAP WebAS agent 12.0 encrypted shared secret requirement
The 12.0 version of the SAP WebAS ERP agent requires the shared secret to be encrypted with a FIPS Compliant AES Algorithm
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1794035

CA Single Sign-On SAP WebAS ERP agent fails to initialize
A 10 second timeout value within the policy server may cause this, and newer versions of the policy server introduce a setting which allows the timeout to be increased.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1073455

SAML2.0 SP initiated Authnrequest failing on the IDP with 500 Error (java.lang.NullPointerException)
Why am I getting [Exception caught in class com.netegrity.affiliateminder.webservices.saml2.SSO, method doGet: java.lang.NullPointerException]
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1122526

After installing the SPS, the Admin UI does not start and it reports many errors with the java beans. How can I solve it ?
Incorrect installation of Java causes java bean errors and jboss not bo be listening on its port
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1265197

SM Response attribute
How Siteminder (Policy Server version- 12.0.312.911) returns via SM response some attribute from ODBC after user being authenticated in LDAP?
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1939587

Increase number of connections to a specific LDAP User Directory
This article explains a Tips to increase number of connections to a specific LDAP User Directory when some performance issue is observed.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1077574

JVM Error in the SSO Policy Server trace logs.
Hello support, We're facing a big issue with our sharepoint agents. For some reason it seems that the smsession cookie being passed from the siteminder agent to the federation component of the agent isn't valid. This happens intermittently and a refresh sometimes fixes the issue which tells me that the cookie is valid. I have attached the logs that can help you troubleshooting. Here's some info on our ecosystem : SiteMinder Agent for SharePoint, Version 12.0 QMR03, Update HF-05, Label 443 running on windows 2008 R2 SP1 Siteminder policy server 12.52.0001.154 running on redhat 5.11 Regards, Pierre
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1157464

"No Session" error in adminui and "Failed to decrypt persistent key error" in SMPS log.
Multiple set of keys in keystore may cause "No Session" error in adminui and "Failed to decrypt persistent key error" in SMPS log
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1599716

Does Policy server use SSL/TLS channel for Web Agent Communication.
SSL/TLS Channel usage by Policy server for communication with Web Agent.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1893946

Where does Siteminder Management Console settings are saved?
Siteminder management console settings in policy server
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1899683

Failed to convert enabled state while trying to login to Admin UI with External admin store user.
Failed to convert enabled state while trying to login to Admin UI with External admin store user.
Last Update: 4/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1418057

Configuration Oracle HTTP webserver manual steps
WebAgent configuration for R12.0 Sp3 CR12 does not properly configure the webserver to allow it start apachectl and opmn.xml

SiteMinder with CA Directory as policy store store high availability
We have CA Directory as policy store we need to have high availability for disaster recovery purposes - minimize downtime in the event of network or system failure
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC577451

Dynamic LDAP groups for user store Oracle iPlanet LDAP directories ONLY
Does SSO support dynamic LDAP group for Oracle LDAP, if so how do we configure it
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1676115

Policy Server reports error "Failed to initialize Management Thread"
This technote gives solution about the specific error "Failed to initialize Management Thread"
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1764868

Not able to launch Smconsole through command line
Smconsole not getting started, when trying to open using ./smconsole command
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC587035

SP-Initiated POST request results in 400 Error
SP-Initiated POST request results in 400 Error: No SAMLRequest or SPID parameter in request to SAML2 Single Sign-On Service Ending SAML2 Single Sign-On Service request processing with HTTP error 400
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1344266

Policy Server start-all command throw error : /netegrity/siteminder/../aas/sbin/arrfenv: cannot open [No such file or directory]
This technotes explain how to fix an issue by running start-all command on the Policy Server
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1416985

Error message "The AuthnRequest with AuthnContexts is not supported." in Siteminder 12.0 SP3 acting as SP.
We are getting the below error when Siteminder posts a SAML assertion. This is an SP-initiated use case. ERROR: The AuthnRequest with AuthnContexts is not supported.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1832259

Unable to connect to an Oracle 12c RAC during installation.
I have installed CA Federation Manager 12.52 and during configuration step it is unable to connect to an Oracle 12c RAC. The configuration fails after this step.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1472153

Alternatives to renaming /dev/random to /dev/urandom
Your recommendation in your documentation to create a symlink of /dev/urandom and /dev/random has resulted in security concerns in our internal teams.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1730285

Java Virtual Machine failed memory allocation issue when starting the WAMUI in 32-bit Windows 2008.
We're getting the following error when trying to start up the WAMUI service in Windows 2008. There is insufficient memory for the Java Runtime Environment to continue. Native memory allocation (malloc) failed to allocate (X) bytes for Chunk::new
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1316487

The Secure Proxy Server Cannot Be Started Without a Valid Set Of Proxy Rules.
There is an issue with proxyrules.xml file. I saw an error in default log. [ERROR] - The Secure Proxy Server Cannot Be Started Without a Valid Set Of Proxy Rules. There was http 502 error return back to the user
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1929479

Error when setting up SSL between SPS 12.52 and backend application.
We have a backend IIS server, that we need to setup SSL between the Secure Proxy Server and the backend server. We are getting an error: "java.lang.RuntimeException: Unrecognized cipher suite" in the SPS nohup.out log.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1439974

Advanced Password Services - Message of the Day
Message of the Day will show the designated page to all applicable users the first (and only the first) time that they log in each day.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1195168

Which is default value of "EnableSearchFilterCheck" ?
In R6 SP3 and later version, default value of "EnableSearchFilterCheck" is "1" internally.
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1060277

IWA authentication creds.ntc issues 404 error
IIS, IWA, Creds.ntc, 404, Error
Last Update: 4/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1657586

how to control the session expiry in a Federation setup
in an SP Partnership federation ,how to control the "Idle Timeout" and "Maximum Timeout" .
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1458523

what is the smVarType session attribute created in the session Store
smVarType session attribute can have multiple value ,what is the difference between all these values
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1771825

Configure Signing option in Legacy Federation (same concept applies to Partnership)
How to configure Siteminder to sign and process signatures in Federation setup
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1052508

Expression calculated header in a URL in a "WebAgent-OnAccept-Redirect"
how to Create expressions which retrieves an http header and insert value into URL
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1481041

Persistent cookies to transient cookies.
Process to change the agent configuration object persistent cookies configuration to transient cookies configuration.
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1493385

FSS Administration UI file extensions.
What file extensions are used by the FSS Administrative UI
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1578486

CA Single Sign On Integration With Offiice 365
CA Single Sign On policy server Active directory and Office 365
Last Update: 4/25/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1498134

Policy Server's LDAP store servers with load balancing
Information to assist customer in choosing to individually define host within CA SSO (f.k.a. SiteMinder) software to do health check and to load balance traffic. Or, to use an external software or hardware based load balancer.
Last Update: 4/25/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1513892

How to run an Unattended Standalone Upgrade Installation of the Wamui (Windows and UNIX)
SiteMinder 12.52.0101.640 silent install and silent upgrade do not work. How to run an Unattended Standalone Upgrade Installation of the Wamui (Windows and UNIX)
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1524313

Increase MaxObjects value for the policy store in the Windows Registry
When running Siteminder/SSO FSSUI or AdminUI, user attempts to modify a policy by clicking on Add/remove. In the User tab the following message appears: “Search operation failed: timed out”
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1295883

How to export a SAML 2.0 partnership from one environment to another
If you would like to move a SAML 2.0 partnership from one environment to another, e.g. development to production, you can use the XPSexport function to move all objects associated with the partnership without needing to export the entire policy store.
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1893904

Commonly used CA Access Gateway (SPS) logs and configuration files
If you run into issues on Secure Proxy Server now known as CA Access Gateway, here is a guide on logs to troubleshoot and their locations
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1563845

Does Ca Single Sign-On Sdk Web Agents have to initiate the call to pull the new Agent key from Policy Server to retrieve a new Agent key?
Ca Single Sign-On Sdk is used by clients to built custom web agents. These agents retrieve Agent keys ,used to encrypt CA Single... cookies that may be read by all agents in a single sign-on env. This docs explains one of the sdk agents key processes.
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1459616

When dynamic agent keys are used, does the custom agt need to call doManagement to get agt cmds each time before it calls login or decodeToken
This q and a relates to sdk agents key management process flow.Agent keys are used to encrypt CA Single Sign-On cookies that may be read by all agents in a single sign-on env. Agent keys can be dynamic . Agent commands run before a login or decodeToken.
Last Update: 4/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1292002

After installing IDM, the Wamui displays '???key: page.display.error???' in red text.
This case/issue type document covers a particular problem when configuring idm in the ca sso admin ui.
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1917165

How to display IPv4 IPs OneView monitor
We tried to pull agent info from OneView Monitor. But it is posting in ipv6 format for hosts running on IIS. We need to convert the display to ipv4 on OneView monitor.
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1643575

How to enable Agent Discovery
We are trying to view agent-specific details in the Agent Instances list, however Agent Discovery seems to be disabled.
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1287121

Post Preservation encoding
Form post information is encoded and stored in form data SmPostPreserve. Can this be decoded manually?
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1579173

SessionLinker Installation and Configuration Documentation.
This document contains where to locate the Session Linker Installation and Documentation Guides.
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1067008

ERROR: Agent API initialization failed when running SmPortalVfy.exe
Getting below errors when running SmPortalVfy.exe from \CA\webagent\bin 4/16/16 6:39 AM [SM-APS-61103] Server MyServer at 127.0.0.1... 4/16/16 6:39 AM [SM-APS-61070] ERROR: Agent API initialization failed.
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1220238

Message: "Could not resolve agent" ; Returned Error Code = -14 while running SmPortalTest
Getting below errors when running SmPortalTest.exe from \CA\webagent\bin C:\CA\webagent\binSmPortalTest.exe abc [APS Version 12.52.0101.640 - SmPortalTest Rev 12.52.0101.640] Returned Error Code = -14 Message: "Could not resolve agent"
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1244998

Policy Server failed to connect to the LDAP policy store
Policy Server is logging “Error 91 - Can't connect to the LDAP server“ against the LDAP policy store
Last Update: 4/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1391568

How to solve the Linux AdminUI error "wrong username or password"
This technote gives a way to solve a specific error happening on Linux AdminUI.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1639062

What does this error mean, SmServerConnection, connect, Exception calling TCP transport connect: java.nio.channels.UnresolvedAddressException?
java sdk pure jni SmServerConnection UnresolvedAddressException exception checkaddress
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1233665

How to enable mod_jk logging for CA Access Gateway (SPS)
In order to see more information for runtime events of communication from Apache to Tomcat you would want to enable mod_jk logging and set it to debug.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1313831

How to update your Java JDK for your CA Access Gateway (SPS)
If you need to update your Java JDK version on your SPS server, follow these steps to tell the SPS to use the new versions.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1918365

How to change the logging level of the server.log for CA Access Gateway (SPS)
In case you are having issues with you CA Access Gateway (SPS) and need to enable more logging in server.log to determine the cause of the issue.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1369844

How to enable HTTPclient logging for CA Access Gateway (SPS)
In order to see transactional information and runtime events of communication from the SPS to a backend application you would want to enable HTTPclient logging.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1073996

SAML assertions are not getting generated
Looping between the redirect.jsp and the authenticationURL
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1430667

systemctl and Web Agent startup settings for Red Hat Apache Web Server 2.4.x
This article explains how to setup Web Agent for Red Hat Apache Web Server 2.4.x/RHEL 7. It needs a special care of /etc/sysconfig/httpd and ca_wa_env.sh.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1340867

Ignore APS during authentication call.
How to Ignore APS during authentication call.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1566779

Cannot authorize with the group membership in Active Directory when the group is the Primary group.
Users are not authorized from Active Directory User Store when the user policy is Group Membership and the group is set to the Primary group of the users.
Last Update: 4/20/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1392334

Creating an “Idea” (Enhancement Request)
How to submit Ideas/Enhancement Requests through CA Communities.
Last Update: 4/19/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1579832

Starting LLAWP process under different user identities.
How to start the LLAWP process under Network service, Local system, LocalService, Custom Account.
Last Update: 4/19/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1901339

SM_USER header value in IWA authentication scheme.
How to change the format of SM_USER header from DOMAIN\UID format to UID in IWA authentication.
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1500602

AuthnRequest sign verification issue
Missing configuration data of DSigVerInfoIssuerDN or DSigVerInfoSerialNumber
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1449712

Performance issues observed after deploying/enabling CA directory as a session store in the environment
Single sign-on policy server can get into a state where it is unable to keep up with Session store maintenance when CA LDAP Directory is deployed as the session store that is not properly configured performance degradation can occur on the policy server
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1948652

smfedexport tool example non-functional
We are trying to use use the smfedexport tool to generate a federation metadata file using the example provided in the documentation, but we are getting errors complaining that invalid tags were entered.
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1909494

LDAP Error 81 user store in the smps log
Policy server error log shows LDAP Error 81 for connections to our user store why does this occur, under what circumstance, and can this be prevented?
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1536754

Enhancement Changes to SiteMinder Thread Model in version SM6.0.5.22 & R12.1.3
We have been using the product for many years is seems to have change over time. We are trying to understand how policy server process works as a single process/multiple threaded applications.
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC491240

LDAP Connections manager error to our active directory user store
Policy server error log shows LDAP Connections manager error in function prldap_set_session_option is not supported. Why does this occur, under what circumstance, and can this be prevented?
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1872328

Unable to Log Into Adminui
SunOne Oracle Directory Server XPSNumber=*
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1129233

LLAWP 100% CPU Consumption with 6.x Agent
permissions are missing
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1263416

Deformed response from webserver with webagent enabled
Webserver responded with deformed packets when webagent is enabled.
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1740224

Federation login failed with error 400
SP-initiated SSO is failing with error 400 - Reason: UNSUPPORTED_AUTHN_REQUEST_BINDING
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1351614

Getting SetCryptoConfig error while installing Policy server.
ERROR - Command failed: "C:\Users\Administrator\AppData\Local\Temp\1\487853.tmp\smreg" SetCryptoConfig "******" "0" "" "" ""\nReturn Value: 1\nStdout: {2}\nStderr: {3}
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1359533

LDAPPingTimeout Explained
LDAPPingTimeout
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1466133

AgentWaitTime Explained
AgentWaitTime
Last Update: 4/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1149456

How to Reset Encryption Key using MSSQL Databases
SQL Server as Policy Store
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC537906

Usage of JUEL in SAML Assertion Configuration
Passing assertion attributes in an assertion using a JUEL expression in partnership federation.
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1696554

Report Instance Was Not Successfully Created
Audit reports installation
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1783432

SAML assertions are not getting generated
LOOPING between the redirect.jsp and the authenticationURL
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1544433

Web agent unable to process SMSESSION
cookie is custom from a third party and not accepted
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1412751

How to restrict the use of Forgotten Password Service (FPS)?
Max Attempts Frequency in APS.cfg
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1044754

Why the ProxyUI login page does not load logo images correctly
SPS login page without images
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1014525

Why am I getting user account lockout issues when a User ID exists on 2 user Directories attached to siteminder Domain ?
user authenticates with the password from the second UD then the invalid password account on the first increments
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1613415

Federation Users Disappear
After modifying a partnership, the list of federation users is disappearing, effectively disabling the partnership.
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1234422

HCO Configuration: Cluster vs. Legacy failover/Load Balance
Which will take precedence when both a cluster and traditional or legacy failover/load balance hosts are configured?
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1304907

what version of Policy server is "CA Access Gateway for NetScaler SDX" supported with
is a license required for Citrix Netscaler agent and is it supported with 12 SP3 Siteminder Policy server
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1507074

XPSExport -xb and Host-specific configuration data
XPSExport; -xb option; Host-specific configuration data; XPSImport
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1328124

Attribute based access Authorization
I am unable to configure user Authorization based on an attribute value
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1928817

Accented characters included in SAML assertion attributes show up as '?'.
Some user attributes that are being included in SAML assertions contain accented characters such as è. Instead of showing up as they do in the user store, these accented characters are showing up as question marks (?).
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1155183

Are Windows Patches/Hotfixes Supported?
Do CA Single Sign-On components support all Windows patches, or only Service packs?
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1184304

SessionNotOnOrAfter parameter Causing Timeout on SP
Upon consumption of the assertion generated by Siteminder .the third party SP is generating a session for the user ,however this session is getting expired after 5 min
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1543175

clean up semaphores and shared memory by process ID on Redhat OS
I am using the kill-9 to stop the LLAWP process ,how can I cleanup the semaphores and shared Memory that are related to the LLAWP process
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1008266

Unable to run the audit report from admin ui.
Error returned upon running audit report from WAMUI: Unable to find servers in CMS Servername:6400 and cluster @Servername:6400 with kind fileserver and service FileStoreV2.All such servers could be down or disabled by the administrator.(FWM 01014)
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1709612

Deactivate the Federation partnership using XPSExplorer .
How to deactivate the federation partnership using XPSExplorer?
Last Update: 4/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1580417

Secure Proxy Server hangs under load
Secure Proxy Server becomes unresponsive as load increased to a certain level with following exception logged : java.lang.OutOfMemoryError: unable to create new native thread
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1435512

SM password policy is not invoked
User is not disabled after max failed login attempts defined in the SM password policy
Last Update: 4/14/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1426162

Special Characters in Password Policy Name
Ampersand Wildcard illegal values
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1564684

CertDB Folder Missing after Upgrade
policy server upgrade
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1978875

Multiple one-view Monitors in policy server management console.
How to configure multiple policy servers to send one-view monitoring requests to a remote policy server.
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1988591

Open SQL Connections
Policy server ODBC open connections.
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1055844

Getting access denied when using SmX509CertAuth Version 3.7.3
SmX509CertAuthscheme usage with Policy server.
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1150946

Disable Advanced Auth in SPS
Modifying the server.conf file
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1844843

Cannot Enable Sign-Out in Office365 Partnership
Sign-Out Options Disabled
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1108228

Federation Single Logout Does Not Work
Logout fails with a 500 error
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1071309

Policy server ODBC open Connections to policy store.
Open connection of the policy server to the ODBC policy store and the housekeeping policy server query to the policy store database.
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1776037

RelayState truncated in SAML 2.0 POST
How to post RelayState data while posting assertion to consumer service?
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC529287

Security Token Service (STS) URL returns 404 error
Cannot access STS URL
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1454069

How to control authorization cache at policy server?
Use of DsInfoEnabled registry key
Last Update: 4/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC527999

How to download CA Single Sign-On (formerly SiteMinder) components
Step b step procedure to download CA Single Sign-On (formerly SiteMinder) components from support.ca.com
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1364894

Cannot fetch agent agent
This error is seen in smps log, indicating the policy server cannot fetch agent.
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1138796

Reasons why the affwebservices log might not be generated
Affwebservices Log Not Generated
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1564704

What do the values in the policy server stats output mean?
smpolicysrv -stats parameters
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1882665

Where do I find CA Single Sign On (SiteMinder) Downloads?
product download
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1920083

I cannot log in to Adminui Directly after Configuring Adminui External Authentication Store
error on adminui login
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1988243

Unable to launch the Policy Server Management Console
Error: Couldn't load javasmconsoleapi
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1332206

smreg –su password fails
Setting the CA Single Sign-On (Siteminder) Super User Password returns a popup
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1284157

Unable to logoff the ProxyUI
Unsuccessful logoff
Last Update: 4/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1960756

Do we need all certificate chain in the cert8.db when using SSL to connect to stores ?
when using complex cert chain to connect to LDAP Store, only one certificate from the chain is mandatory in the trusted store
Last Update: 4/11/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1765462

WS-Fed Lifetime entity timestamp error
Our WS-Fed partnership is failing due to an incorrect timestamp format generated for the Lifetime entity, rather than the expected ISO8601 format.
Last Update: 4/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1550216

The different CA SiteMinder Single sign on WebAgent modules on Windows.
The document will explain the different WebAgent modules (isapi6webagent.dll) and (IIS7webagent.dll).
Last Update: 4/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1867088

DSigException: Error in DSigVerifier
This exception occurs when no certificate can be found in the smkeydatabase which matches the issuer DN.
Last Update: 4/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC486187

Separating Affwebservices with only the Application Server and Agent option pack
Can Affwebservices be used with only an Application Server or is a WebServer required for Federation?
Last Update: 4/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC486229

Adminui Reinstall Fails On Unix/Linux
installation errors
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1924814

OneView Monitor displays ip of policy server as 0.0.0.0:1
In oneview monitor, all the ip address of the policy servers are displayed as 0.0.0.0:1 instead of its ipv4 ip address.
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1696832

CA Siteminder SMTestTool fails to launch with error referencing "Microsoft.VC80.MFC"
What should we do when we get this error message. “Activation context generation failed for "C:\setup\sso\aabbccx100\smtest.exe". Dependent Assembly Microsoft.VC80.MFC"
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1344887

SAML Service Provider User Attributes not seen in 12.52 SP1 Adminui After Upgrade from V6
SALM service provider Attributes ,legacy Federation migration
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1271764

Does EnableDynamicHCO work with traditional failover/load balance HCOs, or only clusters?
Dynamic HCO Details: clusters vs. traditional failover/load balance
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1428454

X.509 client certificate authentication results 403 error
Certificate Mapping must have an Issuer DN which is composed of comma-connected RDNs. Authentication is failed if RDNs are connected by "comma+space".
Last Update: 4/7/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1129895

SiteMinder SNMP logging on Unix
This article describes the three logs the SiteMinder SNMP process writes to on the Unix operating system.
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1642705

Policy Server crashes because it shares JVM with Wily
This technote discusses how to fix problems with the Policy Server when using Wily.
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC599368

How to solve a leakage of Privileged Information when running Apache as Reverse Proxy in front of a Web Agent.
This technote give tips on how to prevent leakage of priviledged information from an Apache Reverse Proxy in front of a Web Agent.
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC565902

When trying to reach the AdminUI, I get in browser "Page cannot be found"
This technote give tip when getting page cannot be found error when reaching the AdminUI.
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC584448

Is Policy Server restart required after importing certificates ?
This technote discusses about the need of restart the Policy Server when Certificates are added to the SmKeyDatabase
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC529630

How can we disable SSLv2/SSLv3 protocol in Federation Manager?
Modify server.conf and httpd-ssl.conf files to set SSL protocol and cipher configuration on FEDMA.
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1552086

What is the meaning of the WebAgent error message 20-0004?
What is the meaning of the WebAgent error message 20-0004?
Last Update: 4/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC479707

CA Directory connection failure / need to restart directory every 30 mins
When using CA Directory as user Store, need to restart it every 30 mins as connection becomes invalid due to bad syntax
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1616173

Why can't I change Idle timeout and Maximum timeout under partnership settings for a federation 3rd party product on the SP side
This question and answer is part of the subject of changing settings on the 3rd party product from the Ca Single Sign-On federation partnership side.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1676776

How to make the Apache 2.4 to accept Web Agent Header Variables with Underscore Characters
This technote discusses the way to let the Apache 2.4 to accept header names with underscores.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC606939

Why does LLAWP Process Not Start after Starting Web Server?
agent startup issue
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1928682

Smkeydatabase : How to Rebuild the Smkeydatabase for Federation
This technotes give a sample on how to recreate the Federation SmKeyDatabase from scratch.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC542090

How to check which version of the Progress / DataDirect driver are we running ?
As we are using a 3rd party software for DB connection, it may be interesting to know the exact version
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1090197

Compatibility note about support of RSA 8.1 with CA Single Sign-On 12.52SP1
This technote gives precisions about supportability of the RSA Server.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1934108

Tips on how to troubleshoot the SAML "DSigSigner Initialization Failing" error
This technote gives tips on how to troubleshoot the DSigSigner Initialization Failing error in the Policy Server
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC542084

SharePoint Office integration with CA Single Sign-On Web Agent as Reverse Proxy
This technote discusses about integration of office documents protection with CA Single Sign-On Web Agent.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC537670

Multiple and Frequent initialization or Startup Stop Messages in Web agent Logs.
This technote discusses about informative logs lines that are seen in the log of the Web Agent.
Last Update: 4/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC541462

Apache service is not starting up on Windows
Apache Web Server fails to start while loading SiteMinder module mod_sm24/mod_sm22, and following error message appears in Windows event viewer.
Last Update: 4/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1957282

Steps to Re-register Admin UI
These steps describe the process of re-registering an Admin UI with the Policy server
Last Update: 4/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1547349

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

Outcomes