Skip navigation
All Places > CA Security > CA Single Sign-On > Blog > 2016 > February
2016

Posted by Ujwol Shrestha - Principal Support Engineer in CA Security on Feb 29, 2016

 

Problem Summary

 

The “Password Data” user attribute value is commonly called the “Password Blob”. It is an enciphered collection of several virtual user attributes used by SiteMinder Basic Password Services.

These virtual attributes are:

 

  1. Current Login Failure Count
  2. Last Login Timestamp
  3. Previous Login Timestamp
  4. Disabled Timestamp
  5. Password History
  6. Last Password Change Timestamp (from the most recent entry in the Password History)

 

An authentication attempt against an active (not disabled) user’s account or any forced setting of a user’s password (via the Admin API) causes at least one read-modify-write access of the

Password Blob in the user directory. Note that the “modify” part includes deciphering and unpacking the blob, modifying some of the virtual attributes, then packing and enciphering the

attributes into the new Password Blob.

 

The Password History is a FIFO record of a user’s current and most recent passwords. Each entry comprises a password string and the timestamp of when the password was entered into the

history. The maximum number entries maintained for a user depends on the password reuse restrictions in all of the Password Policies that apply to that user when the Password Blob is updated.

 

The purpose of this article is to provide an utility to read these attributes from the Password Blob.

Please note :

  • This utility will not be able read the Password History attribute from the Password Blob.
  • This utility is developed using SiteMinder Java SDK API and requires JDK to be installed on the box where it is running from.

 

Instructions

 

Please follow below steps to run the Read Password Blob Utility:

1. Download and extract the attached RPB.zip

2. Ensure you have JAVA_HOME environment variable set to  <Path to JDK Install Directory/bin>

3. Open command prompt at "RPB" folder and execute rpb-build.bat (rpb-build.sh for unix). This will recompile the SDK code.

4. Edit rpb-run.bat (rpb-run.sh for unix), and modify the parameters as per your setup :

    e.g.

"%JAVA_HOME%\java" -classpath .;.\smjavasdk2.jar;.\smagentapi.jar;.\cryptoj.jar ReadPasswordBlob -psip ps-01.ca.com -agentip 127.0.0.1 -adminuser siteminder -adminpass siteminder -orgroot "CN=Users,DC=ad,DC=lab" -userdn   "CN=wonsa03,CN=Users,DC=ad,DC=lab" -userdir "AD2k8-01" -agentname "4x"  -agentsecret siteminder -debug true

 

Where,

psip = Policy Server IP/ Host Name

agentip = This is not relevant. You can leave it the default value.

adminuser = CA SiteMinder Admin UserID

adminpass  = CA SiteMinder Admin Password

orgroot = Search Root DN (For ODBC user store , give any dummy value)

userdn = DN of the user whose password blob attributes you want to read

userdir = Name of the User Directory as defined in the Administrative UI

agentname = Name of the 4x Agent (please ensure that the Supports 4x agent check box is checked in the Admin UI)

agentsecret = Shared secret value specified for the 4x agent.

debug = true|false to enable disable debugging

 

5. Save rpb-run.bat

6. Execute rpb-run.bat

 

TEST 1 : LDAP Directory 

Sample output: (with debug=false)

 

C:\Users\Administrator\Desktop\RPB>rpb-run.bat
C:\Users\Administrator\Desktop\RPB>"C:\Program Files (x86)\Java\jdk1.6.0_43\bin\java" -classpath .;.\smjavasdk2.jar;.\smagentapi.jar;.\cryptoj.jar Rea
dPasswordBlob -psip ps-01.ca.com -agentip 127.0.0.1 -adminuser siteminder -adminpass siteminder -orgroot "CN=Users,DC=ad,DC=lab" -userdn "CN=wonsa03,C
N=Users,DC=ad,DC=lab" -userdir "AD2k8-01" -agentname "4x"  -agentsecret siteminder -debug false

 

Output :

PS_IP=ps-01.ca.com AGENT_IP=127.0.0.1 AGENT_NAME=4x USER_DIR=AD2k8-01 ORG_ROOT=CN=Users,DC=ad,DC=lab USER_DN=CN=wonsa03,CN=Users,DC=ad,DC=lab ADMIN=siteminder
 
Get user directory list: STATUS_OK
Get user directory AD2k8-01: STATUS_OK
Get capabilities: STATUS_OK
 
Obtaining Password State:
LoginFailures: 0
LastLoginTime: February 24 2016 17:57:25
PrevLoginTime: January 10 2016 17:58:25
DisabledTime: January 01 1970 10:00:00
LastPWChangeTime: February 24 2016 17:57:05
C:\Users\Administrator\Desktop\RPB>

 

Sample output: (with debug=true)

 

C:\Users\Administrator\Desktop\RPB>rpb-run.bat
C:\Users\Administrator\Desktop\RPB>"C:\Program Files (x86)\Java\jdk1.6.0_43\bin\java" -classpath .;.\smjavasdk2.jar;.\smagentapi.jar;.\cryptoj.jar Rea
dPasswordBlob -psip ps-01.ca.com -agentip 127.0.0.1 -adminuser siteminder -adminpass siteminder -orgroot "CN=Users,DC=ad,DC=lab" -userdn "CN=wonsa03,C
N=Users,DC=ad,DC=lab" -userdir "AD2k8-01" -agentname "4x"  -agentsecret siteminder -debug true

 

Output :

PS_IP=ps-01.ca.com AGENT_IP=127.0.0.1 AGENT_NAME=4x USER_DIR=AD2k8-01 ORG_ROOT=CN=Users,DC=ad,DC=lab USER_DN=CN=wonsa03,CN=Users,DC=ad,DC=lab ADMIN=si
teminder
 
Get user directory list: STATUS_OK
        Result Code..................   [facility=4 severity=0 reason=0 status=0 message=]FederationWSCustomUserStore
                                        CADir-01
                                        AdvAuthExternalLDAPDir
                                        SAML2FederationCustomUserStore
                                        AD2k8-01
                                        AD2k8_AD
                                        FedBCCertUserDirectory
                                        FedBCCustomUserStore
Get user directory AD2k8-01: STATUS_OK
        Result Code..................   [facility=4 severity=0 reason=0 status=0 message=]SecureConnection=false
                                        EmailAddrAttr=mail
                                        ODBCQueryOid=00-
                                        GuidAttr=
                                        Server=ad2k8-01:389
                                        Username=CN=Administrator,CN=Users,DC=ad,DC=lab
                                        SearchTimeout=30
                                        Name=AD2k8-01
                                        Password=Siteminder1
                                        BlobAttribute=audio
                                        RequireCredentials=true
                                        SearchScope=2
                                        UserLookupEnd=)
                                        ChallengeRespAttr=
                                        SearchRoot=DC=ad,DC=lab
                                        EnableSecurityContext=false
                                        UserLookupStart=(sAMAccountName=
                                        UniversalID=sAMAccountName
                                        Oid=0e-40c066e3-ff0e-4bd2-94ca-115fb3697d71
                                        Desc=
                                        SearchResults=0
                                        DisabledAttr=carLicense
                                        PasswordAttribute=unicodePwd
                                        Namespace=LDAP:
                                        ObjectClassName=UserDirectory
Get capabilities: STATUS_OK
        Result Code..................   [facility=4 severity=0 reason=0 status=0 message=]133169663
 
Obtaining Password State:
LoginFailures: 0
LastLoginTime: February 24 2016 17:57:25

PrevLoginTime: January 10 2016 17:58:25

DisabledTime: January 01 1970 10:00:00

LastPWChangeTime: February 24 2016 17:57:05

LoginFailures=0,        LastLoginTime=Wed Feb 24 17:57:25 EST 2016,     PrevLoginTime=Sun Jan 10 17:58:25 EST 2016,     DisabledTime=Thu Jan 01 10:00:

00 EST 1970,    LastPWChangeTime=Wed Feb 24 17:57:05 EST 2016

C:\Users\Administrator\Desktop\RPB>


 

TEST 2 : ODBC Directory 

 

Please note , for ODBC user directory you must provide a dummy DN for Organization. This is due to some bug in sdk code.

C:\Users\Administrator\Desktop\RPB>rpb-run.bat
C:\Users\Administrator\Desktop\RPB>"C:\Program Files (x86)\Java\jdk1.6.0_43\bin\java" -classpath .;.\smjavasdk2.jar;.\smagentapi.jar;.\cryptoj.jar Rea
dPasswordBlob -psip shruj01-i1849.ca.com -agentip 127.0.0.1 -adminuser siteminder -adminpass siteminder -orgroot "DUMMY_ROOT" -userdn "Lisac" -userdir "SMUSER" -agentname "agent_iis_01" -agentsecret siteminder -debug true

 

 

Output :

PS_IP=shruj01-i1849.ca.com AGENT_IP=127.0.0.1 AGENT_NAME=agent_iis_01 USER_DIR=SMUSER ORG_ROOT=DUMMY_ROOT USER_DN=Lisac ADMIN=siteminder
Get user directory list: STATUS_OK
Result Code.................. [facility=4 severity=0 reason=0 status=0 message=]FederationWSCustomUserStore
CADir-shruj01-I2069
SMUSER
AdvAuthExternalLDAPDir
SAML2FederationCustomUserStore
CADir-shruj01-I2069(APS)
FedBCCertUserDirectory
jsdksample-userdir
AD2K12-shruj01-i2077
FedBCCustomUserStore
Get user directory SMUSER: STATUS_OK
Result Code.................. [facility=4 severity=0 reason=0 status=0 message=]SecureConnection=false
EmailAddrAttr=
ODBCQueryOid=18-308a73ec-62c1-41a4-9b24-38db73d23a33
GuidAttr=
Server=SMUSER
Username=sa
SearchTimeout=30
Name=SMUSER
Password=interOP@1876
BlobAttribute=PasswordData
RequireCredentials=true
SearchScope=2
UserLookupEnd=
ChallengeRespAttr=
SearchRoot=
EnableSecurityContext=false
UserLookupStart=
UniversalID=Name
Oid=0e-1ae8b0f6-4751-486e-b1a8-e20ce89be8e1
Desc=
SearchResults=0
DisabledAttr=Disabled
PasswordAttribute=Password
Namespace=ODBC:
ObjectClassName=UserDirectory
Get capabilities: STATUS_OK
Result Code.................. [facility=4 severity=0 reason=0 status=0 message=]28311965
Obtaining Password State:
LoginFailures: 0
LastLoginTime: March 26 2018 10:23:28
PrevLoginTime: March 26 2018 10:23:07
DisabledTime: January 01 1970 10:00:00
LastPWChangeTime: March 26 2018 10:23:07
LoginFailures=0, LastLoginTime=Mon Mar 26 10:23:28 AEDT 2018, PrevLoginTime=Mon Mar 26 10:23:07 AEDT 2018, DisabledTime=Thu Jan 01 10:00:00 AEST 1970, LastPWChangeTime=Mon Mar 26 10:23:07 AEDT 2018

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 15th-Feb-2016 for your reference:

 

Cross-site Scripting with Smsession Cookie
Will a Smsession cookie be blocked once the cross-scripting check is turned on in Agent ACO?
Last Update: 2/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1654363

SPS installer gives error about older release existing during upgrade.
SPS installer fails in upgrade with getting error complaining about “SPS 6 exists and wants to do migration."
Last Update: 2/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1806446

Impersonation not working on some versions of agents
Impersonation not working on some versions of Apache agents, after upgrade of Siteminder to 12.52.
Last Update: 2/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1683909

LDAP failover time interval
Can the LDAP failover CA Directory be configured for zero downtime?
Last Update: 2/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1630355

Maximum size limit on SAML attribute as POST parameter.
What is the SAML attribute Maximum size limit, as a POST parameter?
Last Update: 2/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1059183

What is the impact of not to have the SiteMinder module at the first position in the module list in Apache ?
When we install the SiteMinder agent for Apache WebServer, we modify the httpd.conf file and will put the siteminder module at the first position in the apache module list. To make sure that the SiteMinder module will be the first one to be invoked
Last Update: 2/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1861707

How does the "InResponseTo" Attribute in SAMLResponse impact the Federation flows ?
When using Federation, the SAMLResponse contains some attributes and some of them will impact the flows and especially how Siteminder will redirect to the Initial Target page.
Last Update: 2/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1653345

SAML Affiliate Agent throws HTTP 404 after upgrade.
SAML Affiliate Agent throws HTTP 404 after upgrade
Last Update: 2/19/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC492025

Where do I find the Product Support Matrix (PSM) for Applications Server Agent (ASA).
PSM , ASA , IBM WEBSPHERE, ORACLE/BEA WebLogic.
Last Update: 2/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1845324

Where do I find Build Mappings-Product Information Matrix
PSM,asa,IBM WebSphere,Oracle WebLogic,
Last Update: 2/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1911819

Archiving Data from a CA SiteMinder Audit Store
You have configured CA Siteminder Audit Logs to use an ODBC Audit Store. Over time the Audit Store database continues to grow. You no longer need the oldest audit data and would like to purge the oldest data to remove it from the database.
Last Update: 2/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1389829

The characters "\5c" are inserted into search filter resulting in a failed search.
Users incorrectly fail to authenticate due to characters added to the user search lookup filter.
Last Update: 2/16/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1041189

Does the policy server process all requests before the policy server has an normal shutdown?
The customer is asking if a SiteMinder policy server is shutdown, does it stop receiving new requests? Does the policy server process all requests before the policy server goes down?
Last Update: 2/16/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1990543

 

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 8th-Jan-2016 for your reference:

 

smc.AdvAuthDataSourceEmpty Error Message
After the upgrade, while runing smconsole as the correct user (smuser). When trying to save/apply after enabling the Profiler, smconsole gives an error stating: key not found: smc.AdvAuthDataSourceEmpty
Last Update: 2/12/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1612266

How do I unprotect resources in my Microsoft Office Sharepoint Server (MOSS) 2007 integration that includes the Siteminder R12 Agent for Sharepoint?
When trying to unprotect resource in Sharepoint 2007 integrated with Siteminder, you can have some errors, you would need to follow this technical document to set it up correctly
Last Update: 2/11/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC534750

Agent Api function failed when load balancer is introduced between agent and policy server
Sm_AgentApi_IsProtectedEx' returned '-2' , Sm_AgentApi_LoginEx' returned'-1'
Last Update: 2/10/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1227692

User is not re-directed back to a Custom Login Form after a POST
User is not re-directed back to a Custom Login Form after a POST to the login.fcc with a blank Username and/or Password.
Last Update: 2/10/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC451680

How to run smtest tool on command line?
Users can utilize smtest tool to run multiple transactions at the same time using a command line instead of the smtest interface which allows to run one transaction per click.
Last Update: 2/10/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC547520

Search target="root" info="base, objectClass=*"
objectClass=* searches
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC454675

Federation Users Disappear
After modifying a partnership, the list of federation users is disappearing, effectively disabling the partnership.
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1234422

Domino Agent Fails to Initialize
Domino agent fails to initialize - error claims path to agent config file can't be found.
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1593232

Exporting/Importing a Single Policy Domain
What are the best practices when exporting a policy domain from one environment to be imported to another? We have questions regarding the auth scheme and agent identities needed to support the domain after import.
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1659822

Can CDS certs be queried via API calls?
Does either the policy or federation SDK have calls to query the certificates that are installed in the CDS?
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1178169

How to fix Tombstones related error messages?
When importing an smdif file, these errors might be found in the SiteMinder and directory logs "Delete of Tombstones failed" and "Error occurred during "Search" for "Tombstones", text: Operations error"
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC590094

Diffie-Hellman key error with Firefox and Chrome browsers connecting to CA SSO Administrative UI
When using the Chrome or Firefox web browsers to connect to the CA SSO Administrative UI, the connection fails and the browsers return Diffie-Hellman key errors.
Last Update: 2/8/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1346659

 

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 25-Jan-2016 for your reference:

 

Where do I find the Product Support Matrix (PSM) for Applications Server Agent (ASA).
PSM , ASA , IBM WEBSPHERE, ORACLE/BEA WebLogic.
Last Update: 2/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1845324

Not able to display details of a particular ACO by using the AdminUI
Using the AdminUi, can not display all attributes, getting an exception in the Jboss errror.log meaning that there is a problem with the URLDecoder : IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
Last Update: 2/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1510887

Active Expression failed after upgrade : java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle
After upgrading the policy server to 12.52SP1, can not execute custom code anymore. Each time that custom code is invoked, getting an exception. This is a known issue.
Last Update: 2/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1063854

List of objects not refreshed when deleting an object using XPSTools : XPSExplorer / XPS Security
When using XPSTool like XPSExplorer and XPSSecurity and we delete a specific object. The list is not automatically refreshed and object still appears. You need to exit from the object menu and list them again to have the acurate list.
Last Update: 2/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1787322

How to change ACO individual attributes without the AdminUI ?
In some situations you may want to change some configuration parameters but you cannot use the AdminUI, this knowledge document describes you how to change ACO attributes with Policy Server tools (XPSExport) as you can not do it neither with XPSExplorer
Last Update: 2/5/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1313183

Deeplinks in SITEMINDER
How to configure deeplinks in SITEMINDER federation
Last Update: 2/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1120114

Getting handshake errors for AAS(Advanced Authentication Service) in smps logs
Handshake error: Unknown client name '*_aas' in hello message
Last Update: 2/4/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1547953

Relay State was getting truncated in SAML POST
The target in auth schema is partially HTML encoded by the Apache web agent when submitted to the credental collector. The exact same schema works fine when used wuth IIS web agent. The Apache web agent encodes '?' and '=' in the URL causing a 500 error
Last Update: 2/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1652264

Query String in Agent's LogoffURI
Are query strings allowed in the web agent's LogoffURI parameter values?
Last Update: 2/3/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1100491

SAML assertion truncation when the size is more than 1024
SAML assertion was getting truncated at the relying party when the attributes are being sent in an assertion and if user is a part of groups which has size more than 1024.
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1200653

Siteminder Session renaming
How to rename the siteminder session?
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1936625

Anonymous Authentication Scheme with Federation
Can Anonymous Authentication Scheme be used with Federation ?
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1932126

OAUTH Partnership Error Dispatcher object thrown unknown exception while processing the message
Dispatcher object thrown unknown exception while processing the message. Message: Connection timed out: connect Exception occurred while message dispatcher (srca) object trying to send SOAP request message to the SAML producer
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1584113

Non-Printable Characters in CA SSO/Siteminder Password Services
A complete list of all the Non-Printable Characters in CA SSO/Siteminder Password Services.
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1713316

WAMUI Returns an HTTP 404 Error
When attempting to launch and logon to the CA SSO/Siteminder Web Access Management User Interface (WAMUI) the browser returns an HTTP 404 "File Not Found" error.
Last Update: 2/2/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1299057

 

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

A recent CA IAM TechValidate survey shows that 78% of customers say that CA IAM is supporting their digital transformation efforts. Rob Blucker, IT Director with Everence Financial remarked, "CA Single Sign-On (formerly SiteMinder) has significantly simplified securing our environment." But don't just let me tell you, check out the survey results and find out for yourself.

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 25-Jan-2016 for your reference:

 

Diffie-Hellman key error with Firefox and Chrome browsers connecting to CA SSO Administrative UI
When using the Chrome or Firefox web browsers to connect to the CA SSO Administrative UI, the connection fails and the browsers return Diffie-Hellman key errors.
Last Update: 2/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1346659

Force Upper/Lower Case in NameID/Assertion Attributes
Is there an easy way to force the Name ID being sent in a SAML 2.0 HTTP Browser POST binding to always be upper or lower case, regardless of what is in the AD User Directory? How to change the assertion attributes to lower/upper case?
Last Update: 2/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1557095

OAUTH Partnership Error - Exception caught in class OAuthTunnelClient
Exception caught in class OAuthTunnelClient, method getAuthzServerByID: java.lang.IllegalArgumentException: "Cannot parse bytes to a ProviderDataResponseData" java.lang.ClassNotFoundException: com.ca.federation.tunnel.oauth.OAuthAuthzServerByIDTunnelServ
Last Update: 2/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1339511

XPSExport -xb and Host-specific configuration data
XPSExport -xb and Host-specific configuration data
Last Update: 2/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1328124

How do I unprotect resources in my Microsoft Office Sharepoint Server (MOSS) 2007 integration that includes the Siteminder R12 Agent for Sharepoint?
When trying to unprotect resource in Sharepoint 2007 integrated with Siteminder, you can have some errors, you would need to follow this technical document to set it up correctly
Last Update: 2/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC534750

User is not authenticated in IWA
User 'NT AUTHORITY\IUSR' is not authenticated by Policy Server
Last Update: 1/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1791747

Error 91 in smps logs during the fail-over from one data center to another data center for policy/session/key store.
LogMessage:ERROR:[sm-Ldap-00350] SmObjLdapConnMgr Bind. Server . Error 91 - Can't connect to the LDAP server]
Last Update: 1/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1282046

Query String in Realm Resource Filter.
Are query strings allowed in Realm Resource Filters?
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1824419

Maximum size limit on SAML attribute as POST parameter.
SAML attribute Maximum size limit
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1059183

LDAP failover time interval
LDAP failover CA Directory
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1630355

AdminUI External Admin Store CERT Management
AdminUI External Admin Store CERT Management
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1003798

Adminui Fails to install successfully on Windows OS when 8dot3name disabled on the Drive
8dot3name causing Adminui not to start with Error: Could not find or load main class Files
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1041145

SESSION IDENTIFIER in Policy server smaccess.log
Enhance Tracing SESSION IDENTIFIER in Policy server smaccess.log
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1958315

Register Trusted Hosts with External Admin Account
How to Register Trusted Hosts with External Admin Account
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1521722

Accented characters included in SAML assertion attributes show up as '?'.
Some user attributes that are being included in SAML assertions contain accented characters such as è. Instead of showing up as they do in the user store, these accented characters are showing up as question marks (?).
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1155183

Dynamic LDAP groups for user store Oracle iPlanet LDAP directories ONLY
Dynamic LDAP group support for policies in siteminder for Oracle LDAP
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1676115

Configure SPS to allow Encoded Slashes in URI
How to configure SPS to allow encoded Slashes in URI
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1490316

Configuration Oracle HTTP webserver manual steps
WebAgent configuration for R12.0 Sp3 CR12 does not properly configure the webserver to allow it start apachectl and opmn.xml
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1675486

Partnership not working when SPID contains "&" chars
When Configuring Partnership and especially IDPID and SPID, you can use URI as per documentation but if you are using special chars like "&" it is failing.
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1291037

Impersonation not working on some versions of agents
Impersonation not working on some versions of agents
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1683909

Policy Server crashes during user role evaluation.
Policy Server crashes during user role evaluation 12SP2 12SP3 mapping
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC532730

What is the port on which TOMCAT runs on an SPS instance ?
how to identify Tomcat port for monitoring purpose with SPS
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1940797

How to fix Tombstones related error messages
How to fix Tombstones related error messages
Last Update: 1/27/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC590094

SPS installer gives error about older release exist during upgrade.
SPS installer fails upgrade getting error complaining about “SPS 6 exist and want to do migration."
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1806446

Cross site scripting with smsession cookie
Cross site scripting with smsession cookie
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1654363

Policy Server FSSUI reports error : Search operation failed : timed out
This article duscuss about the timed out error in FSSUI
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1791335

Federation :: IdP and SP in the same Domainname
This articles cover the use of the same domainname among IdP and SP for federation
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1832051

Policy Server reporting "Invalid session ip"
Invalid session ip means that the IP of the sessionspec doesn't correspond to the one the Web Agent receives.
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1694636

Policy Server :: Can we set more than 1 Global Domain in the Policy Store
This article precise if we can have more than 1 global domain in the Policy Store
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1904056

How works WebAgent ACO parameter CustomIPHeader
This article discusses on the possible values for Web Agent ACO CustomIPHeader
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1998043

In the Web Agent 12.52SP1CR01, I don't find smpwservicescgi.exe
This article discuss about the removal of the smpwservicescgi.exe cgi from Web Agent
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1304474

Policy Server on Windows writes "Unable to obtain OS random data" in logs
This article discusses about Policy Server and Crypto Service access on Windows
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1344068

Could the Web Agent remove the "Authorization: Basic" header
This articles cover the removal of the Authorization basic header
Last Update: 1/26/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1119657

 

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies