Hello CA Single Sign-On Community Users,
Please find below the list of the latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) published or updated since 10th March 2016 for your reference:
CA SSO/Siteminder ERP Agent compatibility with Session-linker.
Product ERP Agent for CA SSO/Siteminder referencing by SessionLinker Product release.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1422071
ASA Agent Configuration error "The SMSESSION cookie is malformed, the session spec field is missing".
ASA Agent configuration returns an error during initialization as a result of an incorrect Agent parameter,AcceptTpCookie=Yes
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1199389
CA SSO/Siteminder Product Support Matrix for ERP Server Agents and SessionLinker.
Product Support Matrix for CA SSO/Siteminder referencing Product by ERP Server Agent & SessionLinker.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1515173
ASA Agent Configuration error "Failed to Create Agent Configuration"
ASA Agent configuration returns an error during initialization as a result of an incorrect Java.home path variable.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1581017
Policy Server log showing error "Connection not open"
Policy server returns an error (IDM / SiteMinder intergration -"DO NOT REMOVE - For use by Identity Manager" ).
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1934643
CA SSO/Siteminder Build Mappings Matrix.
Product Information Matrix for CA SSO/Siteminder referencing product release by build number.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1911819
Introscope Error on Unix
We are receiving a "Failed to initialize event handler library" when attempting to initialize XPSConfig.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1530935
Introscope Error on Windows
We are receiving a "Failed to initialize event handler library" when attempting to initialize XPSConfig.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1322531
How to fully uninstall the Administrative UI on Windows
We are trying to uninstall and reinstall the adminui, but there seems to be residual files left over that prevent us from cleanly reinstalling, and fully wiping the server is not an option.
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1858775
SMPS logs is reporting failover and failback, however can’t determine which type of repository is failing over
SMPS logs is reporting failover and failback for Policy store, key store or session store we are unable to determine what store is failing the log is only reporting type
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1199337
Performance issues observed after deploying/enabling CA directory as a session store in the environment
Single sign-on policy server can get into a state where it is unable to keep up with Session store maintenance when CA LDAP Directory is deployed as the session store that is not properly configured performance degradation can occur on the policy server
Last Update: 4/1/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1948652
SiteMinder with CA Directory as policy store store high availability
SiteMinder with CA Directory as policy store high availability replication
Last Update: 4/1/2016 Size: 82 kb Type: Knowledge Base Articles ID: TEC577451
Login Error when trying to connect to Policy Server from Java SDK (Legacy_Onyx KB Id: 117673)
Login Error when trying to connect to Policy Server from Sample program Java SDK
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC450777
SPS support SSH (Secure Socket Shell) protocol
SSH (Secure Socket Shell) protocol
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1741952
Enable Unauthorized Access Redirect" is not working as expected
Enable Unauthorized Access Redirect" is not working
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1631483
How to change adminui/wamui SSL port number
Steps to change and update the adminui/wamui SSL port number.
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1942934
Warning message while when we are trying to start or stop the AdminUI jboss
WARN [JDBCSupport] SQLException caught, SQLState XCL18 code:20000- assuming deadlock detected, try:2
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1739135
Error while installing the secure proxy server or policy server in RHEL 6
In RHEL 6 Installer is looking at a different place i.e. /etc/issue instead of /etc/redhat-release; Error "cat : etc/issue: permission denied" while installing the SPS and PS.
Last Update: 3/31/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1793668
What is the meaning of the WebAgent error message 20-0004?
What is the meaning of the WebAgent error message 20-0004?
Last Update: 3/30/2016 Size: 82 kb Type: Knowledge Base Articles ID: TEC479707
Reasons why the affwebservices log might not be generated
Affwebservices Log Not Generated
Last Update: 3/30/2016 Size: 82 kb Type: Knowledge Base Articles ID: TEC1564704
RelayState truncated in SAML 2.0 POST
How to post RelayState data while posting assertion to consumer service?
Last Update: 3/30/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC529287
Comma Added to Target
A comma is being added to the target page when multiple ISAPI filters are used.
Last Update: 3/29/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1871556
Backend server timeout
In certain versions of CA SPS, a timeout message shows up in the trace logs, ex.: timeout = 60000, and as needed, both the server.conf configuration file, as well as the proxyserver.sh script need to be adjusted to tweak this timeout value.
Last Update: 3/29/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1477716
Server Error 10-0004
The web agent logs are receiving 500 errors, followed by the agent error code 10-0004. However, users do not report this error, and this is only present in the logs.
Last Update: 3/29/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1605152
"http/1.1 405 Method not allowed" when trying to log in to an IIS site using forms authentication (Legacy_Onyx KB Id: 119928)
http/1.1 405 Method not allowed when trying to log in to an IIS site using forms authentication (Legacy_Onyx KB Id: 119928)
Last Update: 3/29/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC450780
What does the "1 Parameter(s) loaded from Policy Store, 1 total." refer to?
These parameters are actually a count of the XPSConfig Global Parameters that the Policy Store is loading.
Last Update: 3/28/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1128973
Weg Agent Error: Unable to load Smhost.conf file. (Legacy_Onyx KB Id: 119277)
Weg Agent Error: Unable to load Smhost.conf file. (Legacy_Onyx KB Id: 119277)
Last Update: 3/28/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC450779
Why is the encrypted admin password is different for each policy server?
The AdminPW for the policy store defined in the sm.registry is different between servers. However, they can all connect to the policy store. My understanding is that the value stored in the sm.registry file is encrypted with the encryption key entered at installation time, and that key should be the same for all servers that share a policy store. Why the encrypted admin password is different?
Last Update: 3/28/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1421115
We are getting a HTTP 500 Internal Server error when accessing an URL ending with ".sac" extension, how can we correct it?
This is caused as .sac extension matches Session Assurance flow data. Workaround available with SACExt ACO parameter.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1447652
The characters "\5c" are inserted into search filter resulting in a failed search.
Users incorrectly fail to authenticate due to characters added to the user search lookup filter.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1041189
How to configure event handling for SiteMinder Advanced Password Services.
This document explains how to configure the necessary objects for SSO Advanced Password Services event handling.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1605197
Unable to Import Identity Mapping Domain Object
This article discusses how to work around the problem of not being able to import an Identity Mapping Domain Object.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1299634
Cross-site Scripting with Smsession Cookie
Will a Smsession cookie be blocked once the cross-scripting check is turned on in Agent ACO?
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1654363
SPS installer gives error about older release existing during upgrade.
SPS installer fails in upgrade with getting error complaining about “SPS 6 exists and wants to do migration."
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1806446
Impersonation not working on some versions of agents
Impersonation not working on some versions of Apache agents, after upgrade of Siteminder to 12.52.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1683909
LDAP failover time interval
Can the LDAP failover CA Directory be configured for zero downtime?
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1630355
Maximum size limit on SAML attribute as POST parameter.
What is the SAML attribute Maximum size limit, as a POST parameter?
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1059183
Upgrade the SOA Security Manager Gateway from Version 12.1 to 12.1 SP3
This document outlines the procedure to upgrade the SOA Security Manager Gateway from Version 12.1 to 12.1 SP3.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC574134
Configure CA Directory as a user directory for SiteMinder Advanced Password Services.
How to configure CA Directory as a user directory for SiteMinder Advanced Password Services.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1919596
"Allow Nested Groups" checkbox not displaying
When configuring a SAML Service Provider object for legacy federation, the "Allow Nested Groups" checkbox is missing when you select a user store that is a non-LDAP directory.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1572423
Unable to disable XPSSweeper Autosweep
When trying to disable XPSSweeper from automatically running through the XPSConfig utility, the value for Autosweep will not update.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1453454
Assertion Generation Failure
Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1791429
Create a Cron Job to dump Policy Server stats in the SMPS.log
This article details the steps necessary to create a cron job that will dump statistics related to the Policy Server processes into the SMPS.log for further troubleshooting for performance-related issues.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1348499
Apache service is not starting up on Windows
Apache Web Server fails to start while loading SiteMinder module mod_sm24/mod_sm22, and following error message appears in Windows event viewer.
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1957282
Does the policy server process all requests before the policy server has an normal shutdown?
The customer is asking if a SiteMinder policy server is shutdown, does it stop receiving new requests? Does the policy server process all requests before the policy server goes down?
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1990543
How do the ca single sign on custom sdk API agents get updated agent keys from the doManagement call function?
Just need confirmation on how the custom API agts get updated keys from doManagement call function?
Last Update: 3/24/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1171204
Why are we continually getting SmSessionServer Failed error code 2 and 3 in smps.log?
[SmSessionServer.cpp:571][ERROR][sm-Server-06007] failed. Error code : 2 and Error code : 3
Last Update: 3/23/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1440317
When trying to configure assertion encryption, there is an error in Policy Server: "Error Encrypting Assertion." and "Error Encrypting NameID." and "AssertionHandler postProcess() failed".
This technote discusses on how to solve issue reported as Error Encrypting NameID in the assertion generator of the Policy Server
Last Update: 3/22/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC510842
Error when adding some users with People picker to manage applications.
Policy server traces : Message : [Message='No results left in the page for UserDir=XXXXX.'][][Return from call CSmUserMgmtApi::SearchUsers]
Last Update: 3/22/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1722016
Could we have more information on IISEnableChildRequest ACO parameter?
Information about IISEnableChildRequest ACO parameter to control child request spawning on web server.
Last Update: 3/22/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1837667
Creating an “Idea” (Enhancement Request)
How to submit Ideas/Enhancement Requests through CA Communities.
Last Update: 3/21/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1579832
AuthContext not raising score
How to adjust a protection level of a particular resource in the Federation Partnership context.
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1132863
EPM Logging Relocated from SMPS.log to SMTraceDefault.log
The expected behaviors are that EPM Auth/Az role evaluation logging is 1) Set to "True" by default, and 2) expected to show in the smps.log.
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1387053
Unable To Import Certificate
An issue occurs when metadata import fails, but the Certificate within the metadata is successfully imported. The certificate appears in the CDS, but is not selectable in the Admin UI
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1193876
Back channel SLO not working
Back channel SLO will fail when OSCP is enabled on the Weblogic Application Server. A workaround to remove/comment out the ... code in the security.xml file will resolve the issue.
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1922098
Setting URLs generated by Federation Web Services to use "https" instead of "http".
When using FWS behing a SSL acceslerator URLS are transformed from SSL to non Secure port. The GetPortFromHeader and HTTPSPorts ACO parameters are not read
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC491578
SiteMinder ERP Agent for PeopleSoft - PeopleSoft User Auditing Limitation
This article discusses the need of having DEFAULT_USER instead of username in audit log for ERP Agent for PeopleSoft
Last Update: 3/18/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC484935
Is Policy server restart required after importing certificates?
Certificated added to the key store
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC529630
Is there a size Limit of SAML Assertion?
This article covers the size limit of a SAML Assertion
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC498765
Preventing Cross Site Scripting in Federation Web Services URLs.
This gives tips on how configure an environment to prevent cross scripting with federation
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC491841
Steps to Re-register Admin UI
These steps describe the process of re-registering an Admin UI with the Policy server
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1547349
Mapping AppID to an AgentName
AppID AgentName mapping
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1129454
Disable Client Loopback
The Agent for SharePoint has a client loopback feature that lets you create policies in your SharePoint environment using directory attribute values that do not yet exist.
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC581291
How do I use APSTestSettings to test my APS.cfg file?
This technote give a sample on how to use APSTestSettings to trouble shoot the configuration of APS configuration
Last Update: 3/17/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC477876
AJAX used by Wordpress admin UI blocked by SSO Web Agent
After a Wordpress admin has authenticated via SSO Agent, and is using Wordpress, the AJAX called are intercepted by the agent. This is not expected.
Last Update: 3/16/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1228728
IWA authentication creds.ntc issues 404 error
IIS, IWA, Creds.ntc, 404, Error
Last Update: 3/16/2016 Size: 82 kb Type: Knowledge Base Articles ID: TEC1657586
Does SiteMinder support SHA256 certificates for SSL connection to LDap Store ?
You can configure secure connections for SiteMinder to connect to an LDAP Store (User / PStore). You have to specify the rootCA certificate and create a cert8.db as specified in the doc. What kind of algorithm is supported? Is SHA-256 supported?
Last Update: 3/16/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1383762
Can we load custom jars at policy server start-up ?
using SDK to develop active responses, can we load them at PS startup to make sure that everything is correctly setup ?
Last Update: 3/16/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1301894
Administrative UI installation fails with error "Could not initialise deployment"
This technote give a possible solution for an error seen during the initialization of the AdminUI
Last Update: 3/15/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC528825
Running Policy Server ‘start-all’ shell script creates .java_pidNNNN file under /tmp directory
This article explains a Policy Server ‘start-all’ problem of .java_pidNNNN file left under /tmp directory as well as the workaround.
Last Update: 3/15/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC1599586
Why does the PeopleSoft PS Admin tool display all users as the default user?
Explanation on how the Users authenticated by SiteMinder are bounced to PeopleSoft by using the PSAdminTool
Last Update: 3/14/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC532985
Supplemental LoginLibrary API Documentation - SiteMinder ERP Agent v5.6 SP4 for PeopleSoft.
Additional documentation on the LoginLibrary API
Last Update: 3/14/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC486031
How do I tune Solaris 10 for semaphores and shared memory for the Siteminder Web Agent v6.x?
Guide for tunning Semaphores for Apache Webagent 6 on Solaris. It may be also be interesting for other webagent versions.
Last Update: 3/14/2016 Size: 83 kb Type: Knowledge Base Articles ID: TEC485876
Please note that you can always access the full list going to the following link:
http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…
Feel free to post your questions in the community if you have question about any of these KB article.
Best Regards,
Ujwol Shrestha
Principal Support Engineer
CA Technologies