Ujwol Shrestha

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [2/4/2016]

Blog Post created by Ujwol Shrestha Employee on Apr 2, 2016

Hello CA Single Sign-On Community Users,

 

Please find below the list of the latest Knowledge Base Articles  for Single Sign-On (Formerly CA SiteMinder) published or updated since 10th March 2016 for your reference:

 

CA SSO/Siteminder ERP Agent compatibility with Session-linker.
Product ERP Agent for CA SSO/Siteminder referencing by SessionLinker Product release.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1422071

ASA Agent Configuration error "The SMSESSION cookie is malformed, the session spec field is missing".
ASA Agent configuration returns an error during initialization as a result of an incorrect Agent parameter,AcceptTpCookie=Yes
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1199389

CA SSO/Siteminder Product Support Matrix for ERP Server Agents and SessionLinker.
Product Support Matrix for CA SSO/Siteminder referencing Product by ERP Server Agent & SessionLinker.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1515173

ASA Agent Configuration error "Failed to Create Agent Configuration"
ASA Agent configuration returns an error during initialization as a result of an incorrect Java.home path variable.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1581017

Policy Server log showing error "Connection not open"
Policy server returns an error (IDM / SiteMinder intergration -"DO NOT REMOVE - For use by Identity Manager" ).
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1934643

CA SSO/Siteminder Build Mappings Matrix.
Product Information Matrix for CA SSO/Siteminder referencing product release by build number.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1911819

Introscope Error on Unix
We are receiving a "Failed to initialize event handler library" when attempting to initialize XPSConfig.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1530935

Introscope Error on Windows
We are receiving a "Failed to initialize event handler library" when attempting to initialize XPSConfig.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1322531

How to fully uninstall the Administrative UI on Windows
We are trying to uninstall and reinstall the adminui, but there seems to be residual files left over that prevent us from cleanly reinstalling, and fully wiping the server is not an option.
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1858775

SMPS logs is reporting failover and failback, however can’t determine which type of repository is failing over
SMPS logs is reporting failover and failback for Policy store, key store or session store we are unable to determine what store is failing the log is only reporting type
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1199337

Performance issues observed after deploying/enabling CA directory as a session store in the environment
Single sign-on policy server can get into a state where it is unable to keep up with Session store maintenance when CA LDAP Directory is deployed as the session store that is not properly configured performance degradation can occur on the policy server
Last Update: 4/1/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1948652

SiteMinder with CA Directory as policy store store high availability
SiteMinder with CA Directory as policy store high availability replication
Last Update: 4/1/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC577451

Login Error when trying to connect to Policy Server from Java SDK (Legacy_Onyx KB Id: 117673)
Login Error when trying to connect to Policy Server from Sample program Java SDK
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC450777

SPS support SSH (Secure Socket Shell) protocol
SSH (Secure Socket Shell) protocol
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1741952

Enable Unauthorized Access Redirect" is not working as expected
Enable Unauthorized Access Redirect" is not working
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1631483

How to change adminui/wamui SSL port number
Steps to change and update the adminui/wamui SSL port number.
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1942934

Warning message while when we are trying to start or stop the AdminUI jboss
WARN [JDBCSupport] SQLException caught, SQLState XCL18 code:20000- assuming deadlock detected, try:2
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1739135

Error while installing the secure proxy server or policy server in RHEL 6
In RHEL 6 Installer is looking at a different place i.e. /etc/issue instead of /etc/redhat-release; Error "cat : etc/issue: permission denied" while installing the SPS and PS.
Last Update: 3/31/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1793668

What is the meaning of the WebAgent error message 20-0004?
What is the meaning of the WebAgent error message 20-0004?
Last Update: 3/30/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC479707

Reasons why the affwebservices log might not be generated
Affwebservices Log Not Generated
Last Update: 3/30/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1564704

RelayState truncated in SAML 2.0 POST
How to post RelayState data while posting assertion to consumer service?
Last Update: 3/30/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC529287

Comma Added to Target
A comma is being added to the target page when multiple ISAPI filters are used.
Last Update: 3/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1871556

Backend server timeout
In certain versions of CA SPS, a timeout message shows up in the trace logs, ex.: timeout = 60000, and as needed, both the server.conf configuration file, as well as the proxyserver.sh script need to be adjusted to tweak this timeout value.
Last Update: 3/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1477716

Server Error 10-0004
The web agent logs are receiving 500 errors, followed by the agent error code 10-0004. However, users do not report this error, and this is only present in the logs.
Last Update: 3/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1605152

"http/1.1 405 Method not allowed" when trying to log in to an IIS site using forms authentication (Legacy_Onyx KB Id: 119928)
http/1.1 405 Method not allowed when trying to log in to an IIS site using forms authentication (Legacy_Onyx KB Id: 119928)
Last Update: 3/29/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC450780

What does the "1 Parameter(s) loaded from Policy Store, 1 total." refer to?
These parameters are actually a count of the XPSConfig Global Parameters that the Policy Store is loading.
Last Update: 3/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1128973

Weg Agent Error: Unable to load Smhost.conf file. (Legacy_Onyx KB Id: 119277)
Weg Agent Error: Unable to load Smhost.conf file. (Legacy_Onyx KB Id: 119277)
Last Update: 3/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC450779

Why is the encrypted admin password is different for each policy server?
The AdminPW for the policy store defined in the sm.registry is different between servers. However, they can all connect to the policy store. My understanding is that the value stored in the sm.registry file is encrypted with the encryption key entered at installation time, and that key should be the same for all servers that share a policy store. Why the encrypted admin password is different?
Last Update: 3/28/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1421115

We are getting a HTTP 500 Internal Server error when accessing an URL ending with ".sac" extension, how can we correct it?
This is caused as .sac extension matches Session Assurance flow data. Workaround available with SACExt ACO parameter.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1447652

The characters "\5c" are inserted into search filter resulting in a failed search.
Users incorrectly fail to authenticate due to characters added to the user search lookup filter.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1041189

How to configure event handling for SiteMinder Advanced Password Services.
This document explains how to configure the necessary objects for SSO Advanced Password Services event handling.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1605197

Unable to Import Identity Mapping Domain Object
This article discusses how to work around the problem of not being able to import an Identity Mapping Domain Object.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1299634

Cross-site Scripting with Smsession Cookie
Will a Smsession cookie be blocked once the cross-scripting check is turned on in Agent ACO?
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1654363

SPS installer gives error about older release existing during upgrade.
SPS installer fails in upgrade with getting error complaining about “SPS 6 exists and wants to do migration."
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1806446

Impersonation not working on some versions of agents
Impersonation not working on some versions of Apache agents, after upgrade of Siteminder to 12.52.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1683909

LDAP failover time interval
Can the LDAP failover CA Directory be configured for zero downtime?
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1630355

Maximum size limit on SAML attribute as POST parameter.
What is the SAML attribute Maximum size limit, as a POST parameter?
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1059183

Upgrade the SOA Security Manager Gateway from Version 12.1 to 12.1 SP3
This document outlines the procedure to upgrade the SOA Security Manager Gateway from Version 12.1 to 12.1 SP3.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC574134

Configure CA Directory as a user directory for SiteMinder Advanced Password Services.
How to configure CA Directory as a user directory for SiteMinder Advanced Password Services.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1919596

"Allow Nested Groups" checkbox not displaying
When configuring a SAML Service Provider object for legacy federation, the "Allow Nested Groups" checkbox is missing when you select a user store that is a non-LDAP directory.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1572423

Unable to disable XPSSweeper Autosweep
When trying to disable XPSSweeper from automatically running through the XPSConfig utility, the value for Autosweep will not update.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1453454

Assertion Generation Failure
Bad installation or configuration, Assertion handler can't be initialized. Leaving Assertion Generator Framework.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1791429

Create a Cron Job to dump Policy Server stats in the SMPS.log
This article details the steps necessary to create a cron job that will dump statistics related to the Policy Server processes into the SMPS.log for further troubleshooting for performance-related issues.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1348499

Apache service is not starting up on Windows
Apache Web Server fails to start while loading SiteMinder module mod_sm24/mod_sm22, and following error message appears in Windows event viewer.
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1957282

Does the policy server process all requests before the policy server has an normal shutdown?
The customer is asking if a SiteMinder policy server is shutdown, does it stop receiving new requests? Does the policy server process all requests before the policy server goes down?
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1990543

How do the ca single sign on custom sdk API agents get updated agent keys from the doManagement call function?
Just need confirmation on how the custom API agts get updated keys from doManagement call function?
Last Update: 3/24/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1171204

Why are we continually getting SmSessionServer Failed error code 2 and 3 in smps.log?
[SmSessionServer.cpp:571][ERROR][sm-Server-06007] failed. Error code : 2 and Error code : 3
Last Update: 3/23/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1440317

When trying to configure assertion encryption, there is an error in Policy Server: "Error Encrypting Assertion." and "Error Encrypting NameID." and "AssertionHandler postProcess() failed".
This technote discusses on how to solve issue reported as Error Encrypting NameID in the assertion generator of the Policy Server
Last Update: 3/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC510842

Error when adding some users with People picker to manage applications.
Policy server traces : Message : [Message='No results left in the page for UserDir=XXXXX.'][][Return from call CSmUserMgmtApi::SearchUsers]
Last Update: 3/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1722016

Could we have more information on IISEnableChildRequest ACO parameter?
Information about IISEnableChildRequest ACO parameter to control child request spawning on web server.
Last Update: 3/22/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1837667

Creating an “Idea” (Enhancement Request)
How to submit Ideas/Enhancement Requests through CA Communities.
Last Update: 3/21/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1579832

AuthContext not raising score
How to adjust a protection level of a particular resource in the Federation Partnership context.
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1132863

EPM Logging Relocated from SMPS.log to SMTraceDefault.log
The expected behaviors are that EPM Auth/Az role evaluation logging is 1) Set to "True" by default, and 2) expected to show in the smps.log.
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1387053

Unable To Import Certificate
An issue occurs when metadata import fails, but the Certificate within the metadata is successfully imported. The certificate appears in the CDS, but is not selectable in the Admin UI
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1193876

Back channel SLO not working
Back channel SLO will fail when OSCP is enabled on the Weblogic Application Server. A workaround to remove/comment out the ... code in the security.xml file will resolve the issue.
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1922098

Setting URLs generated by Federation Web Services to use "https" instead of "http".
When using FWS behing a SSL acceslerator URLS are transformed from SSL to non Secure port. The GetPortFromHeader and HTTPSPorts ACO parameters are not read
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC491578

SiteMinder ERP Agent for PeopleSoft - PeopleSoft User Auditing Limitation
This article discusses the need of having DEFAULT_USER instead of username in audit log for ERP Agent for PeopleSoft
Last Update: 3/18/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC484935

Is Policy server restart required after importing certificates?
Certificated added to the key store
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC529630

Is there a size Limit of SAML Assertion?
This article covers the size limit of a SAML Assertion
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC498765

Preventing Cross Site Scripting in Federation Web Services URLs.
This gives tips on how configure an environment to prevent cross scripting with federation
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC491841

Steps to Re-register Admin UI
These steps describe the process of re-registering an Admin UI with the Policy server
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1547349

Mapping AppID to an AgentName
AppID AgentName mapping
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1129454

Disable Client Loopback
The Agent for SharePoint has a client loopback feature that lets you create policies in your SharePoint environment using directory attribute values that do not yet exist.
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC581291

How do I use APSTestSettings to test my APS.cfg file?
This technote give a sample on how to use APSTestSettings to trouble shoot the configuration of APS configuration
Last Update: 3/17/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC477876

AJAX used by Wordpress admin UI blocked by SSO Web Agent
After a Wordpress admin has authenticated via SSO Agent, and is using Wordpress, the AJAX called are intercepted by the agent. This is not expected.
Last Update: 3/16/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1228728

IWA authentication creds.ntc issues 404 error
IIS, IWA, Creds.ntc, 404, Error
Last Update: 3/16/2016    Size: 82 kb    Type: Knowledge Base Articles    ID: TEC1657586

Does SiteMinder support SHA256 certificates for SSL connection to LDap Store ?
You can configure secure connections for SiteMinder to connect to an LDAP Store (User / PStore). You have to specify the rootCA certificate and create a cert8.db as specified in the doc. What kind of algorithm is supported? Is SHA-256 supported?
Last Update: 3/16/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1383762

Can we load custom jars at policy server start-up ?
using SDK to develop active responses, can we load them at PS startup to make sure that everything is correctly setup ?
Last Update: 3/16/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1301894

Administrative UI installation fails with error "Could not initialise deployment"
This technote give a possible solution for an error seen during the initialization of the AdminUI
Last Update: 3/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC528825

Running Policy Server ‘start-all’ shell script creates .java_pidNNNN file under /tmp directory
This article explains a Policy Server ‘start-all’ problem of .java_pidNNNN file left under /tmp directory as well as the workaround.
Last Update: 3/15/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC1599586

Why does the PeopleSoft PS Admin tool display all users as the default user?
Explanation on how the Users authenticated by SiteMinder are bounced to PeopleSoft by using the PSAdminTool
Last Update: 3/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC532985

Supplemental LoginLibrary API Documentation - SiteMinder ERP Agent v5.6 SP4 for PeopleSoft.
Additional documentation on the LoginLibrary API
Last Update: 3/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC486031

How do I tune Solaris 10 for semaphores and shared memory for the Siteminder Web Agent v6.x?
Guide for tunning Semaphores for Apache Webagent 6 on Solaris. It may be also be interesting for other webagent versions.
Last Update: 3/14/2016    Size: 83 kb    Type: Knowledge Base Articles    ID: TEC485876

Please note that you can always access the full list going to the following link:

http://www.ca.com/us/support/ca-support-online/support-by-product/ca-single-sign-on.aspx?d=t&language=en&type=Knowledge&…

 

Feel free to post your questions in the community if you have question about any of these KB article.

 

Best Regards,

Ujwol Shrestha

Principal Support Engineer

CA Technologies

Outcomes