Skip navigation
All Places > CA Security > Blog > 2016 > October
2016

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder)published or updated since 8th September 2016 for your reference:

 

WSFED entities not showing up in Partnership config dropdown
WSFED entities may not show up in a Partnership configuration if the entities themselves are configured improperly
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1305435

How to Use Multiple User Directories in a Partnership
This short guide is how to use multiple User Directories (i.e. LDAP and ODBC) in a Partnership. Helpful if migrating users from one User Store to another without having an outage.
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1725014

Certificates Uploaded to Policy Store don't show up in WAMUI
Occasionally, certificates that are uploaded to the WAMUI will not show up in the certificate list, and will show a "certificate already exists method"
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1259976

How to download CA Single Sign-On (formerly SiteMinder) components
Step b step procedure to download CA Single Sign-On (formerly SiteMinder) components from support.ca.com
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1364894

Best practice on importing Agent Keys
Importing agent keys results in duplicate set
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1392087

Failed updating KeyManagement object 1a-fa347804-9d33-11d3-8025-006008aaae5b. Status: 'Unknown Failure'
Unable to import KeyManagement object during smkeyimport. Agnet keys are imported fine , only the KeyManagement object fails to import.
Last Update: 2016-10-24    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1164436

Configuring SharePoint Workflow 2013 and the Single Sign On Agent for SharePoint 2010/2013
Details configurations required to integrate SharePoint 2013 and Workflow Manager Client 1.0 with the CA Single Sign On Agent for SharePoint
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1729148

Protecting my SOAP Resource with WS-Security, I get the error Signature-0 was not accepted
This technote discusses about a specific error when configuring ws-security with timestamp.
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1691635

Member group and Member Organizations search filter not working as expected
Member group and Member Organizations search filter not working taking the wild char or text based search filter
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1074542

ExecutionTimeThreshold Introudced
Purpose of ExecutionTimeThreshold
Last Update: 2016-10-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1390939

XPath expression for Web Service Variable returning only first result
XPATH expression not working
Last Update: 2016-10-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1303225

Policy Server : Policy Stores Failover : CA Directory in SSL
How to configure CA Directory Policy store in SSL
Last Update: 2016-10-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1852061

Client IP and SMSESSION IP do not match after WAOP upgrade
IP Validation Failing after WAOP upgrade to 12.52
Last Update: 2016-10-18    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1968307

XPSImport is failing due to AgentType missing error in WebAgent Actions
(FATAL) : [sm-xpsxps-05810] Import failed Rule Action(s) (HEAD) do not match AgentType Rule Action(s) do not match AgentType
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1427656

Accessing CA Directory Policy Store with restricted bind Users
This technote discusses the supportability to restrict the branches from the ldap tree for the bind user.
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1988193

How can I redirect Users with expired password to custom fcc instead of smpwservices.fcc?
How do I get Siteminder to redirect users with expired password to my custom fcc instead of out of the box smpwservices.fcc?
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1492067

Expired AD User password redirect customm fcc
Active Directory Users with expired password are being redirected to the out of the box smpwservices.fcc instead of our custom fcc while being redirected to change their password.
Last Update: 2016-10-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1942727

Policy Server :: Unable to Start : LDAP Policy Store Configuration
This technote discusses a problem when upgrading the Policy Server to R12.52 from R12.x which fails to start.
Last Update: 2016-10-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1525441

How to execute host registration for Java Agent API when ksh is not installed on the computer.
This explains how to execute host registration for Java Agent API when ksh is not installed on the computer.
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1956964

CA SSO Report Server strategy
CA Report Server from CA Technologies as a component of the product.
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1820619

About detail of Shared Secret between WebAgent and Policy Server.
What is the difference of Shared Secret, SmHost.conf and Policy Store ?
Last Update: 2016-10-12    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1089812

Agent for SharePoint :: SharePoint 2010 and SharePoint 2013 Instances : Protecting with the same Agent instance
I would like to use the same Agent for SharePoint instance, which is already protecting a SharePoint 2010 Server, to protect another distinct SharePoint 2013 Server. Can I do that?
Last Update: 2016-10-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1066617

Where can I find the CR Download Page for CA Single Sign-On (SiteMinder) ?
This technote discusses about where to find specific CR for SiteMinder
Last Update: 2016-10-10    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1616521

MS SQL 2016 support for Single Sign-on stores
Does Single Sign-on currently support the use of Microsoft SQL 2016 for stores e.g. policy store, user store, session store, audit store and password services?
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1766333

CA Single Sign-On (SiteMinder) - Problem installing the SSO WAMUI on a drive other than the default C: drive
When trying to install the CA Single Sign-On (SiteMinder) AdminUI on a non-default drive, the service fails to install and the AdminUI fails to start when manually run via batch script.
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1035638

 

Configure WebAgent for Apache multiple virtual hosts
Does apache virtual host support separate WebAgent for each Host, so thatwe could assign separate WebAgent.conf file and ACO for each virtual host?
Last Update: 2016-10-06    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1355714

LLAWP process is buggy after executed kill -9 command
In R12.52 SP1 CR05, we encountered 500 error after shutting down LLAWP process by using "kill -9".
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1421423

LLAWP doesn't start
When httpd was started by apachectl -start, but LLAWP didn't start completely.
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1883834

Right format for specifying Ciphers in server.conf for CA Access Gateway (formerly Secure Proxy Server)
CA Access Gateway Ciphers format for server.conf
Last Update: 2016-10-06    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1643058

How to setup a policy to Authorize User by the Authentication level
configure an authorization policy based on the Authentication level
Last Update: 2016-10-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1845593

Is it require to reboot Policy Server for failover of ODBC data source?
The reboot of a policy server is unnecessary, since policy server will reconnect when a policy server detects restoration of DB#1 in the case of the premise and a work outline of an inquiry.
Last Update: 2016-10-05    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1176053

How to decrypt Federation Open Format Cookie (Java)
Steps to consume (decrypt) Federation OFC cookie generated by Policy server
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1539809

XPS Transaction COMMIT has failed errors for AgentInstance in smps logs
[CreateObject][ERROR][sm-xpsxps-00540] Previous error occurred on object "CA.SM::AgentInstance@PS-agent" [CommitOrTestRollback][ERROR][sm-xpsxps-00740] XPS Transaction COMMIT has failed. [CreateOrUpdateImpl][ERROR][CA-SM-Assert] Assert failed: Commit
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1596363

Could not find service provider information for sp/idp
Exception while attempting to retrieve passwords: java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.JceSecurity at javax.crypto.Cipher.getInstance(Cipher.java:643)
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1446925

Post Preservation going into loop when going to the Cookie Provider
This technote discusses about the limits of using and configuring a Web Agent to act as Cookie Provider
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1580684

How Webagent select the Policy Server where it will send request ?
This tech docs explains you how the WebAgent select PS to who it will send a request. It is doing intelligent round robin.
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1351868

How to troubleshoot Failover/Failback between WebAgent and Policy Server ?
If you exprience some Failover/Failback to may want to check why. You need to use the AgentConMgr.conf and decompose by PID/TID to check each invidual thread
Last Update: 2016-10-04    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1983777

Set-Cookie: SMSESSION=LOGGEDOFF missing from the response on a log off request
LogoffUri not working
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1494272

SPS is not able to connect to backend
Connection refused remotely, no process is listening on the remote address/port
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1369467

Can we have two Apache web servers protected with two Web Agents on the same server?
This document enumerates the conditions to have two different Apache web servers with two different Web Agents on the same box
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1012216

Performance Impact of Password Policy settings
The reason that password policy influences performance is for the writing to a user store to occur.
Last Update: 2016-10-03    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1210052

How to handle certificate authentication when UID is mapped to UserID or Email Address ?
This technote discusses about a workaround to make the certificate authentication succeeds when the UID should be found in more than one attribute.
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1074295

How to configure the Policy Server Registry Key EnableSearchFilterCheck ?
This technote discusses about the details on the registry key EnableSearchFilterCheck and its possible values
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1630034

Can access existing session from different browsers after Session Assurance setup
This document describes how to properly test the Session Assurance feature and explains why some tests could fail
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1392984

SiteMinder WebAS ERP Agent connectivity issues
We are observing intermittent SAP ERP agent connectivity issues with the Policy server
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1664939

username in smtoken being encoded
username in smtoken being url encoded during password change process.
Last Update: 2016-09-30    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1867466

About taskpersistence folder under derby folder.
What info is contained derby folder under adminui install path ?
Last Update: 2016-09-29    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1544737

How can we achieve high availability for Kerberos authentication?
Kerberos auth creating keytab files using FQND for smps service noting that the service MUST be resolved DNS forward and reverse. We have two policy server not option to add load balance service names in the Kerberos authentication scheme
Last Update: 2016-09-28    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1213853

How to get more information if CA Access Gateway (SPS) is failing SSL connection with back end ?
Tips to troubleshoot SSL connection between SPS and Backend : use -Djavax.net.debug=all
Last Update: 2016-09-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1950639

About the content of messages when XPSImport is executed.
About the meaning of messages which is output by executing XPSImport command.
Last Update: 2016-09-28    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1246825

 

Policy Server cannot connect to CA Directory through LDAPS when using TLSv1.1 only
This document shows the configuration parameters needed to be done in CA Directory to support TLSv1.1 for CA SiteMinder Policy Server connectivity.
Last Update: 2016-09-27    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1843713

How to validate SSO token
how to write a sample java SDK agent to validate existing SSO token(SMSESSION cookie )
Last Update: 2016-09-27    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1608436

XPSSweeper Auto Schedule not generating XPSSweeper log
Instructions/Best Practices on How to configure XPSSweeper Auto scheduling to generate XPSSweeper log
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1993675

Linux Smconsole java.io.IOException Cannot run program "null\system32\tasklist.exe" error
A console error happens when I start smconsole with policy server not running. If the policy server is running and I start smconsole, it comes up fine. The console error happens when I click the stop button.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1695471

Expression builder within Domain Policies do not work correctly
Trying to build a domain expression within the domain (domain policies edit policy expression edit) however, there are problems with the expression builder.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1924447

Policy server crashes after rule with response redirect
Rule for onAuthAttempt, and a response with WebAgent-OnReject-Redirect crashes policy server after the rule is hit.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1694225

Not able to start SessionLinker with apache WebServer
Using Session Linker with apache webserver there could be a problem on starting it because you are not sharing the /tmp directory.
Last Update: 2016-09-26    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1895555

How to migrate Affiliate domain from 12 SP3 to 12.52 using smobjexport and smobjimport tools
Migrate Affiliate domains from 12 SP3 to 12.52
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1830083

SPS Server will stop servicing requests after some time when STS is deployed / enabled
Exception: java.lang.StackOverflowError thrown from the UncaughtExceptionHandler in thread
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1467488

After Web Agent upgrade from 12SP3 to 12.52SP1, the .fcc page shows its code instead of the login page.
This technote discusses about the solution for the .fcc code that could be shown in the browser instead of the login page
Last Update: 2016-09-22    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1978163

Issues with using Regular expression in domain
We have many applications and webservices coming in. We tried to reduce the work by using regular expressions, however it is not functioning correctly.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1132122

XPSSweeper Output question
We see three numbers being displayed after running XPSSweeper. We want to know what they mean.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1530309

Users not Getting Authorized
We are unable to login, with no errors being reported in the logs. Disabling Single-Sign On allows the user to access the application.
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1126741

Report Server & Audit report connections details
Where does report server connection, audit report connections are stored
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1843996

Why is my SSL-enabled apache not starting with a message stating "cannot read password from file" ?
Having ssl-enabled apache in SPS using a server key and certificate, the http daemon fails to start with a message about a failure to read password from file
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1556076

TAI Connector configuration
Do we need to install the SIteMinder Agent for IBM WebSphere v12 to get this TAI connector functionality enabled?
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1917158

How to configure APS Forgot Password (FPS) Interface
Steps to configure APS FPS interface
Last Update: 2016-09-21    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1323498

SPS is not starting after applying the workaround solution for XXE (XML External Entity) vulnerability
ProxyServer initialization failed;Caused by: org.apache.catalina.LifecycleException: Failed to start component;Caused by: org.apache.catalina.LifecycleException: A child container failed during start;InitCatalina failed ('Failed to start component [Standa
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1840176

How much is the max length (in characters) of a SMSession cookie?
The SMSession cookie length is not fixed. The SMSession cookie will generally be between 800 bytes an 1K.
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC588181

Unable to start CA SPS Services after enable httpd SSL
SPS unable to startup after enable httpd ssl with error unable to read pass phrase
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1551985

Import certificate failed in WAMUI causing no certificate displayed in WAMUI
Import certificates failed causing two certificates with same alias in certificate store
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1326351

smobjimport invokes XPSSweeper when it is successfully completed.
This article explains the specification of smobjimport functionality in r12.5x.
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1067866

Encrypted Active Response
How to send and consume encrypted active response
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1703842

How to configure Open Format Cookie and consume it
Send and consume open format cookie
Last Update: 2016-09-20    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1487052

x509 Cert mapping case sensitive
defect - certificate mapping is case sensitive if custom expression mapping is used
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1730883

 

X.509 Cert Authentication with Apache Agent
How to configure X.509 cert authentication with CA Single-On Web Agent on Apache web server
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1741628

Workaround for XXE (XML External Entity) type attack
XXE (XML External Entity) type attack
Last Update: 2016-09-19    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1051415

Kerberos authentication using AES256 encryption
Use case Linux policy server, Secure Proxy Server, windows 2008R KDC conifgured with Kerberos authentication using AES256 SHA1 encryption
Last Update: 2016-09-16    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1940867

Kerberos authentication using AES 256bit encryption failing
Deployment use case Secure Proxy Server 12.52 SP1 Linux with policy server 12.52 SP1 also on Linux implement Kerberos Authentication using AES 256 bit encryption against Active Directory KDC
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1921291

Key Management tab is missing
Key Management tab is missing in adminui; how to add Key Management tab in adminui
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1702097

Failed to initialize event handler library error
Failed to initialize event handler library “/opt/CA/siteminder/lib/libEventIntroscopeprovider.so"
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1748102

Required Linux Libraries for Web Agent r12.51 CR06 or later (64-bit) on Red Hat 7.x (64-bit)
This article explains the installation requirement for newly certified platform.
Last Update: 2016-09-16    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1450842

How to change the admin password with Federation Manager ?
You may want to change the admin user password to login to the FedMa adminUI, please use XPSConfig
Last Update: 2016-09-15    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1529369

Temporary password
Is there a SiteMinder API that will create a temporary password which expires after 24 hours if not changed?
Last Update: 2016-09-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1411884

OAUTH Partnership Error Dispatcher object thrown unknown exception while processing the message
Dispatcher object thrown unknown exception while processing the message. Message: Connection timed out: connect Exception occurred while message dispatcher (srca) object trying to send SOAP request message to the SAML producer
Last Update: 2016-09-14    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1584113

Support for TLS 1.1 and TLS 1.2 on CA Access Gateway (formerly CA Secure Proxy Server)
support for TLS1.1 and TLS 1.2 on SPS; do we support TLS 1.1 and TLS 1.2 on SPS ?
Last Update: 2016-09-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1873991

Can't stop AdminUI service properly.
When customer stopped AdminUI service, Windows service manager error as below occured, and can't stop properly.
Last Update: 2016-09-13    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1319367

Juel Expressions in SAML Assertions
Juel expressions are not working
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1945124

Failed to create delegated GSSAPI token on behalf of HTTP/server03.domain.lab@DOMAIN.LAB for smps@server02.domain.lab: Minor Status=-1765328377, Major Status=851968, Message=Server not found in Kerberos database
While setting up kerberos authentication, I am getting "Server not found in Kerberos database" in the web agent trace log file.
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1214508

KDC has no support for encryption type while getting initial credentials
We are trying to setup kerberos on siteminder and running into the following error. kinit: KDC has no support for encryption type while getting initial credentials
Last Update: 2016-09-09    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1213796

SiteMinder Policy Server failed to load JVM library.
Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to get a JVM environment.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC477998

Password Data should be set to 0?
This document explains Password Data attribute type and why cannot be reset by a third party by setting the field manually.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1167658

SDK Agent cannot decode SMSESSION Cookie after rolling 3 Times the Agent Keys
This technote discusses about the behavior of the decryption when Agent Keys are rolled.
Last Update: 2016-09-08    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1853933

 

Please note that you can always access the full list going to the following link:

CA Single Sign-On 

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies