Hello CA Single Sign-On Community Users,
Please find below the list of the latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder)published or updated since 5th April 2017 for your reference:
What's the purpose of a Certificate Data Store (CDS) ?
This technote gives guidance to understand the purpose of Certificate Data Store and other Stores.
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1878895
After rebooting SPS, SPS doesn't listen on SSL Port. I need to start SSL manually to get SPS processing SSL request
This technote discusses about a specific configuration on SPS and provides the solution
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1944233
I don't find the ca_defaultconsentform.html file !
This technote discusses about a specific file location on SPS on Linux and it gives a sample of this file.
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1398462
Is the Apache MPM Event supported with the Web Agent ?
This technote discusses the supportability of a specific functionality on Apache when running with the Web Agent
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1281124
Web Agent Option Pack reports error : "Tried out all the decrypt keys, decryption failed"
This technote discusses about a specific problem with Web Agent Option Pack and Keys.
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1385152
FCCForcelsProtected doesn't work !
This technote discusses about a syntax problem about one of the Web Agent ACO parameter
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1114947
Is my Web Agent affected by the Apache CVE-2017-3167 vulnerability?
This document clarifies concerns about the vulnerability and explains how you could be affected
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1455085
When installing SPS in console mode on Linux the installation hangs with no error
This document explains why this happens, and in which release it is solved
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1333005
How can I force users to change password every 24 hours?
This document shows how you can configure Password Services to make users change password after 24 hours
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1596894
Invalid configuration: 'httpsports' has been specified more than once
This tech note speaks about a specific error message when using httpsports ACO. Should be single value.
Last Update: 2017-07-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1941884
Web Agent crashes when the FQDN requested is more than 256 chars
This technotes discusses about a limitation in hostname lenght, the problem it causes and its solution
Last Update: 2017-07-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1608399
RelayState Parameter Name is Case Sensitive
This technote discusses about the syntax of the RelayState parameter.
Last Update: 2017-07-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1513302
OneView Monitor write tons of logs lines permanently in Tomcat stdout logs
This technote discusses about a specific problem with OneView Monitor and Tomcat logging.
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1317386
Differences in IssuerDN when importing a certificate through smkeytool
This document explains how to solve this issue
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1862475
SPS servers vulnerable to an XXE injection attack
This document explains how you can configure SPS if affected by this vulnerability, and from which release this has been fixed
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1887706
How to activate a WSFedRPtoIDP partnership using XPSExplorer ?
In some situation, we can not activate a WSFedRPtoIDP partnership using the AdminUI, we try to activate it by using XPSExplorer and it works fine.
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1202421
Do you have a table of MIB OIDs and their related description?
This tech note provides a table of MIB OIDs and their related description
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC565843
Difference between EPM vs Domain policy configuration for multi line attributes
This tech note explain the difference between EPM vs Domain policy configuration for multi line attributes
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC565903
No Database Driver are present after installing SiteMinder Policy Server on Windows 2008 R2 (64 Bits)
This tech note explains why no Database Driver are present after installing SiteMinder Policy Server on Windows 2008 R2 (64 Bits)
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC565840
Does Policy server supports TLSv1.1/TLSv1.2 protocol for LDAP connectivity with Policy Store/User Store
Policy server support for TLS v1.1/1.2
Last Update: 2017-07-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC2147705
Issue with WS-Security Username and Password Digest authentication
this tech note discusses a limitation when using WS-Security Username and Password Digest authentication. It can not be used with AD.
Last Update: 2017-07-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1172838
Federation GUID cookie has expiration of only 3 minutes
This Tech note describes a limitation with the federation use case. Issue is fixed in 12.52SP1CR08.
Last Update: 2017-07-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1504468
Policy Server :: RSA / ACE : Did not continue to AceInit completion asynchAceRet = 23
This technote discusses about a specific error when configuring RSA ACE authentication at the Policy Server ends, and it provides guide line to trouble shoot and fix the error.
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC565904
Can we use Siteminder Test Tool to test Policy Servers load-balancing and failover ?
This technote discusses about a specific usage of SmTest tool delivered with the Policy Server.
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC565905
Policy Server :: The Last Key decoded to Null from the Keystore
This technote discusses a specific error related with keys and gives path to solve it
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC565906
Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.
This technote discusses about an internal problem with the Policy Server when users are in Active Directory.
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1901049
SPS affwebservices/router/session resources vulnerable to an XXE injection attack
This technote discusses a vulnerability to the federation services on SPS and the fix available for it.
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1317181
Policy Server crashes on RpcDispatcher::evalCall
This technote discusses about an internal problem in the Policy Server when modifying data to federation partnership. It gives its solution.
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1690534
Embeeded Apache version for Agent for SharePoint 12.52SP1CR07.
This technote gives the embeeded component version for Agent for SharePoint
Last Update: 2017-07-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1911525
When trying to create an affiliate domain in FSS UI we cannot as it fails with a popup: "Permission to modify this object was denied."
This document details in which version this issue is solved, and some details on FSS UI usage
Last Update: 2017-07-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1407135
Should we use start-all script to start the Policy Server if we are not using Session Assurance ?
This tech note speaks about the different ways to start the Policy Server on UNIX
Last Update: 2017-07-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1848748
I'm running a Web Agent, and when a given user is requested to change its password, it gets in the browser the result of the login.unauth instead of getting the Password Change page.
This technote discusses about a specific problem Web Agent has to handle properly the redirect to the Change Password page when User Store is Active Directory
Last Update: 2017-06-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1288394
MaxSessionCacheSize ACO parameter is not working as expected
This document explains a problem you can find in specific release, why it happens and how to solve it
Last Update: 2017-06-29 Size: 83 kb Type: Knowledge Base Articles ID: TEC1002317
Policy server fails to start with LDAP_ADMINLIMIT_EXCEEDED when using CA directory as Policy Store
Unable to search and fetch more data entries from the Data Store when starting the policy server with CA directory as Policy store
Last Update: 2017-06-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1023169
SPS URLHandling: SPS intercepts the space or its unicode value %20 as bad character in the URL
This tech not explain the SPS behavior as compare as standard apache WA behavior
Last Update: 2017-06-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1815824
Federation transaction not working : SmJavaAPI: Error finding class ActiveExpressionContext
This tech note explain one of the reason why Federation transactions could fail.
Last Update: 2017-06-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1247373
Unable to start application protected by a custom agent in Weblogic.
This tech note explains one of the reason why we can not start an application protected by a custom agent in Weblogic. Problem of FIPS mode..
Last Update: 2017-06-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1299728
Uninstalling WAOP, I get error : Windows Error 2 occured while loading Java VM
This technote discusses about a specific error when uninstalling the Web Agent Option Pack on Windows OS
Last Update: 2017-06-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1860229
Policy Server is not generating the metrics to APM Introscope provider related to specific User Store
This document explains in which situation this can happen and how we can solve it
Last Update: 2017-06-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1941829
How to remove the "javax.xml.bind.JAXBException: Unable to locate jaxb.properties for package com.sun.research.ws.wadl" warning from the logs when deploying FWS in WebLogic
This document details steps to avoid these messages to appear in the logs to help sysadmins to keep clean log files.
Last Update: 2017-06-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1054749
SPS service fails to start
SPS fails with logged errors. [mpm_worker:warn] [pid 3458:tid 4151666432] AH00291: long lost child came home! (pid 4307) [mpm_worker:notice] [pid 3458:tid 4151666432] AH00295: caught SIGTERM
Last Update: 2017-06-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1093399
systemctl and Web Agent startup settings for Red Hat Apache Web Server 2.4.x
This article explains how to setup Web Agent for Red Hat Apache Web Server 2.4.x/RHEL 7. It needs a special care of /etc/sysconfig/httpd and ca_wa_env.sh.
Last Update: 2017-06-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1340867
Red Hat 7 Apache 2.4 startup fails when SSO Web Agent is installed - fails to load Kerberos module mod_auth_gssapi.so
This expands on TEC1340867 and explains the Kerberos module issue and solution.
Last Update: 2017-06-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1859038
The sequence of Kerberos Authentication.
How does it work CA SSO kerberos authentication.
Last Update: 2017-06-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1543943
Locked User still can login into the application
This technote discusses about a problem at the Policy Server level which allows locked account to login further, and it gives its solution.
Last Update: 2017-06-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1476557
Solaris X86_64 WebAgent fails with error "Duplicate LLAWP processes not allowed, exiting."
This technote discusses about a specific error on Web Agent on SunOS, and gives its solution.
Last Update: 2017-06-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1311992
SmAgentConfig.removeAgentConfigProperties() method does not remove ACO properties that are commented out
This technote discusses about a problem with SDK API to manage Policy Store objects and gives its solution
Last Update: 2017-06-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1403809
BadCSSChars ACO parameter is not working when parameter value contains a single quote character (')
This document details why this is happening and how to modify the BadCSSChars values to solve this issue
Last Update: 2017-06-22 Size: 83 kb Type: Knowledge Base Articles ID: TEC1958813
AdminUI performance is slower for Federation Partnerships and Certificate management
This document shows how to solve this slowness problem
Last Update: 2017-06-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1550497
Error creating Certificate Database
This technote details how to solve a specific error while creating a certificate DB on the Policy Server
Last Update: 2017-06-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1350521
Policy Server is restarting when there are changes in the Policy Store
This document relates to a known issue which can affect Policy Servers index rebuild and how to solve it.
Last Update: 2017-06-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1115631
Getting the error "(CIMSDsLdapProvider::SetSelfSubscribingGroupBehavior) No property sections found" after integrating CA SSO/Siteminder with CA Identity Manager
This document shows why this happens, which symptoms you can see, and how to solve the issue.
Last Update: 2017-06-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1024697
The difference of "ADD" and "Merge" in Policy Store Data.
How is the difference of "ADD" and "Merge" ?
Last Update: 2017-06-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1811125
Error "Flexeraax0$aaa: Windows DLL failed to load" when trying to install Web Agent
This document explains why this error is occurring and which steps must be taken to solve this and be able to install the Web Agent.
Last Update: 2017-06-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1765216
FastCGI application with Webagent / Apache goes in to the zombie/defunct state on exit.
This tech note speaks about FastCGI application integration with Webagent on Apache that goes in to the zombie/defunct state on exit
Last Update: 2017-06-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1203724
How does the Web Agent determine the web server version when writing this Web Agent log line : "SiteMinder APACHE 2.2 WebAgent, Version 12.52 QMR01, Update HF-06, Level 2009" ?
This technote discusses internal functionality of the Web Agent
Last Update: 2017-06-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1056496
Agent for SharePoint sometimes printing Unknown SiteMinder WebAgent in the error log header
Roughly half of the time, the Sharepoint Agent is showing and "Unkown agent" header
Last Update: 2017-06-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1388091
Getting the error FAILED_INVALID_RESPONSE_RETURNED when enabling SLO on a working Federation Partnership
This document covers what is the first thing to check in order to solve this error when configuring SLO
Last Update: 2017-06-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1293434
Password expired in Active Directory allows Authentication and Authorization
SiteMinder is authenticating and authorizing the user even if the password is expired in the Active Directory when Password Policy enabled at the AD end
Last Update: 2017-06-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1618076
Unable to preserve POST data on Webagent with cookie provider
This tech note explains how to fix a problem with POST Data Preservation with cookie provider
Last Update: 2017-06-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1414336
javax.faces.el.EvaluationException: Exception getting value of property UserDirectories is obtained when adding a new directory to an existing domain
When having more than 90 user directories, trying to add a new user directory to a new directory to a domain results in Adminui throwing an error
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1980857
How can I fix the Apache Commons Collection 3.1 Java object de-serialisation vulnerability if I have CA SSO 12.52 SP1?
CA SSO 12.52 uses Apache Commons Collection version 3.1 in the Policy Server, Admin UI and Secure Proxy Server. This addresses how to correct the deserialization vulnerability
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1857407
AdminUI returns error when creating Identity Mapping : Fatal: Failed to execute CreateIdentityMappingEvent. ERROR MESSAGE: SmApiWrappedException:Insufficient rights
This document explains why this error occurs when trying to create an Identity Mapping in AdminUI, and how to solve it.
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1343341
Can SiteMinder session cookies be configured to be issued with the Secure flag?
This document explains how you can configure your ACO to enable the Secure flag in the session cookies.
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1191471
When using a DNS alias for the AdminUI we are always redirected to hostname
This document explains why this is happening and how to solve this issue to be able to access AdminUI with embedded JBoss using a DNS alias
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1212558
Should I need specific rights to install Web Agent on Windows?
This technote discusses about a specific requirement when installing Web Agent on Windows
Last Update: 2017-06-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1108696
X.509 Cert authentication fails returning the error NO_CERTMAP_OBJECT
This document explains the meaning of the NO_CERTMAP_OBJECT error message and how to solve it.
Last Update: 2017-06-14 Size: 83 kb Type: Knowledge Base Articles ID: TEC1344561
Is X11 library required?
X11 library is required on a machine of Policy Server since policy server administrative console is executed on the machine of Policy Server.
Last Update: 2017-06-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1154295
Two ways to log off a user
This explains two ways to log off a user.
Last Update: 2017-06-09 Size: 83 kb Type: Knowledge Base Articles ID: TEC1842221
LLAWP: Received local configuration update
This tech note describes when we would see the following message in the Webagent traces : LLAWP: Received local configuration update
Last Update: 2017-06-08 Size: 83 kb Type: Knowledge Base Articles ID: TEC1440582
Configure the r12.6 FSSAdminUI on Windows
How to configure the FSSAdminUI on an r12.6 Policy Server on a Windows Server.
Last Update: 2017-06-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1449824
Object # has parent #, which does not exist.
CA SSO Policy Store on LDAP returns orphaned object errors when XPSValidation is run. XPSValidation automatically runs when most XPS Tools are run.
Last Update: 2017-06-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1109274
ServletExec modules are still contained in Policy Server r12.6 unexpectedly.
This explains incorrect modules contained in PS 12.6.
Last Update: 2017-06-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1231149
HOW TO ENABLE POLICY SERVER TRACING LOG & ADD ALL THE COMPONENTS/DATA FIELDS
configuring policy server tracing
Last Update: 2017-06-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1482447
"Allow Protection Override" checkbook on the custom authentication-scheme.
Documentation topic, "custom-authentication-schemes" describes Allow Protection Override" checkbook on the authentication-scheme.
Last Update: 2017-06-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC1674413
Use of SM_SSO_ZONE_NAME with ASA Agent on WebLogic
This technote gives specific steps to configure SM_SSO_ZONE_NAME with ASA Agent for WebLogic
Last Update: 2017-06-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1597376
ASA Agent for WebSphere and ACO Parameters SSOZoneName and SSOTrustedZone
This technote discusses about the supportability of some specific ACO parameter on the ASA Agent for WebSphere
Last Update: 2017-06-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1074307
Access to SiteMinder download page returns error "This solution belongs to a product for which you do not have an active license"
This technote discusses about specific error when accessing SiteMinder download page.
Last Update: 2017-06-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1281969
Web Agent Option Pack return 403 when Service Provider has accentuated character
This technote discusses about configuration needed on third party when accentuated characters are in use in federation data
Last Update: 2017-06-02 Size: 83 kb Type: Knowledge Base Articles ID: TEC1925929
How to use the WADL file provided when protecting WebServices with REST interface to generate automatic Java Client Classes ?
This document describes how to use the WADL file provided when protecting WebServices with REST interface to generate automatic Java Client Classes. We provide an XSD schema that would need to be use in the Java (JERSEY) generator.
Last Update: 2017-05-31 Size: 83 kb Type: Knowledge Base Articles ID: TEC1800602
On Linux, running the command "smpolicysrv -stats" returns "The specified server is not currently running."
This explains another symtom of TEC456063: running smpolicysrv -stats or -publish returns "The specified server is not currently running." (Legacy_Onyx KB Id: 176999).
Last Update: 2017-05-31 Size: 83 kb Type: Knowledge Base Articles ID: TEC1730901
Registring Agent for JBoss, I get the error "Unsupported algorithm, MD5, selected for FIPS140 mode: FIPS140"
This technote discusses about a problem on Agent for JBoss when registring the agent with the Policy Server
Last Update: 2017-05-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1756665
I don't see IdleTimeout Reason when the Web Agent is configured for webappclientresponse
This technote discusses about some specific configuration needed when configuring webappclientresponse ACO parameter
Last Update: 2017-05-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1133821
Apache instance doesn't start and reports error "create child process failed. Exiting"
This technote discusses about a specific issue when running Web Agent on Apache on Windows OS.
Last Update: 2017-05-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1212876
AdminUI : Getting "An error occurred while displaying this page" error when trying to set a User Context variable on a Domain
This document shows a workaround for this error, and how you can solve this issue.
Last Update: 2017-05-30 Size: 83 kb Type: Knowledge Base Articles ID: TEC1706946
Failed to get the DD Reference for an Attribute
We are unable to access some or all of the functionality of Federation in the AdminUI.
Last Update: 2017-05-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1034861
Messages output by performing XPSExport
As long as you get Complete message (without FATAL and ERROR) and get an xml file, it is likely the export was successful.
Last Update: 2017-05-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1279406
About the difference of file descriptors messages in smps.log.
When seeing smps.log, two message contents are appeared about file descriptors.
Last Update: 2017-05-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1674795
The meaning of file descriptors messages in smps.log.
What is the difference of 'Maximum number of file descriptors' and 'Available file descriptors' in smps.log ?
Last Update: 2017-05-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1792227
Assertion encryption displays an error on the IDP side if the certificates contain non-ASCII characters in IssuerDN.
This Tech note discussed a fix provided in 12.51CR10 regarding Encyption assertion
Last Update: 2017-05-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1698116
Policy Server generate a core on restart with PS 12.52SP1CR05
Policy Server generate a core dump upon stopping with PS 12.52SP1CR05. Issue has been fixed in next release (12.52SP1CR06)
Last Update: 2017-05-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1882768
Apache crash at startup with Webagent 12.51CR07 and 12.52SP1CR04
Randomly apache crash at startup with Webagent 12.51CR07 and 12.52SP1CR04. Issue has been fixed in next release
Last Update: 2017-05-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1696312
Where is the smobjexport command gone ?
This technote discusses about modification on the available commands shipped with the Policy Server
Last Update: 2017-05-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1721698
Question on running multiple WebAgents on one Apache server
Apache supports for multiple ACO setting.
Last Update: 2017-05-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1882594
Troubleshooting a missing library for the CA Single Sign-On (SiteMinder) Policy server and Webagent installation on LINUX with the ldd command.
How to find the missing prerequisite, installation library.
Last Update: 2017-05-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1341823
How to view the CA Single Sign-On (SiteMinder) Policy server and WebAgent environmental variables with the UNIX/LINUX env and printenv commands.
Examples of the environmental variables displayed by the UNIX/LINUX env command when troubleshooting the Single Sign-On (SiteMinder) policy server and WebAgent.
Last Update: 2017-05-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1795091
Backslash character ‘\’ (0x5C) in a form can be detected by BadFormChars
If a backslash character [\] is set to BadFormChars, does Web Agent block both of [\] and [%5c] in the form data?
Last Update: 2017-05-23 Size: 83 kb Type: Knowledge Base Articles ID: TEC1447818
Administrative UI :How to increase the request time out
How to increase the request time out for the Admin UI request to Policy server
Last Update: 2017-05-19 Size: 83 kb Type: Knowledge Base Articles ID: TEC1609018
"Duplicate entry detected" and "Failed to create key" ERRORS (i.e. ObjectCalss=xpsKey)
It is caused by duplicate ObjectClass xpsKey.
Last Update: 2017-05-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1011896
Web Agent Configuration wizard does not detect OHS instance
Web Agent Configuration wizard does not detect OHS instance if the OHS instance is not installed in the default OHS instances directory
Last Update: 2017-05-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1045958
Agent install GUI fails to start
When trying to install the web agent CR08 or CR10 (64bit) on Windows 2008 R2 64bit with IIS 7.5, the GUI never starts and the install log file indicates a java stack overflow error.
Last Update: 2017-05-17 Size: 83 kb Type: Knowledge Base Articles ID: TEC1251197
Login Response times are high on SP Policy servers in Production
After upgrading the Policy server from R12.52 SP1 to R12.52 SP1 CR6 WILY is reporting response time increasing over time. R12.52 SP1 responses time average around 200 ms before, after the upgrade response time continue to increase above 400ms.
Last Update: 2017-05-16 Size: 83 kb Type: Knowledge Base Articles ID: TEC1049671
Troubleshooting Policy server and WebAgent with Unix command netstat.
This is a helpful Unix command you can use with CA SSO
Last Update: 2017-05-15 Size: 83 kb Type: Knowledge Base Articles ID: TEC1237403
File Downloads Slow when processed through Secure Proxy Server
An application that is protected by SPS is experiencing the following: A web server allows users to download a file from AWS (around 50 MB). When users try to download a file from a SPS protected URL, it will take around 2 minutes for it to complete. When
Last Update: 2017-05-12 Size: 83 kb Type: Knowledge Base Articles ID: TEC1473639
Policy Server Crashes with Stack at CSmContextContainer::GetContext
This technote discusses about a know issue fixed in 12.51CR04 and 12.52SP1CR01 when Policy Server crashes by executing active expression and response in federation journey
Last Update: 2017-05-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1287397
SPS Agent Returns Error : AcceptSecurityContext returned : 0x80090311
This technote discusses about a specific error when configuring SPS Agent to do NTLM authentication
Last Update: 2017-05-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1474226
Web Agent Installer Reports Error "Unable to find opmn.xml file"
This technote discusses about a specific error occuring by configuring the Web Agent with Oracle HTTP Server
Last Update: 2017-05-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1610937
What's the meaning of log line "Server State transition from INACTIVE to INTER" ?
This technote discusses the meaning of process state from Web Agent logs.
Last Update: 2017-05-10 Size: 83 kb Type: Knowledge Base Articles ID: TEC1814175
SDK on SOLARIS ZONES
SOLARIS ZONES, SDK, Custom Agent
Last Update: 2017-05-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC491891
DMS API: Bad password count being updated.
Bad password count being updated using DMS API
Last Update: 2017-05-05 Size: 83 kb Type: Knowledge Base Articles ID: TEC499226
Web Agent not failing back to recovered Policy Servers
This document explains why a Web Agent could not failback to first Policy Servers defined in HCO, if they were unreachable during Web Agent initialization.
Last Update: 2017-05-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1598086
ACO BadURLChars doesn't block /%2F from URL, request gets 404 from Apache instead of 500
This technote discusses about a specific behavior with BadURLChars Web Agent ACO
Last Update: 2017-05-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC1110205
How to generate Application Server Agent logs/traces (TAI)?
This Tech note describes how to generate Application Server Agent logs/traces (TAI)?
Last Update: 2017-05-04 Size: 83 kb Type: Knowledge Base Articles ID: TEC563489
Support for TLS 1.1 and TLS 1.2 on CA Access Gateway (formerly CA Secure Proxy Server)
support for TLS1.1 and TLS 1.2 on SPS; do we support TLS 1.1 and TLS 1.2 on SPS ?
Last Update: 2017-05-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1873991
Support for TLS 1.1 and TLS 1.2 on CA Agent for SharePoint
SSL protocol support for SPA
Last Update: 2017-05-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC1697623
SiteMinder :: Kerberos : HttpServicePrincipal and SmpsServicePrincipal
This technotes discusses about some Web Agent parameter format for Kerberos authentication
Last Update: 2017-05-03 Size: 83 kb Type: Knowledge Base Articles ID: TEC575562
Another option to resolve the proxyui error "Error: Exception User might not have required permissions to get group information". (Additional information to TEC1304259)
This article explains another resolution for the error stated in TEC1304259.
Last Update: 2017-05-01 Size: 83 kb Type: Knowledge Base Articles ID: TEC1634494
500 error after kill command of the LLAWP process
This tech note explains why do we receive a 500 error when killing the LLAWP process on Linux
Last Update: 2017-04-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1552244
Getting 500 error when trying to post SOAP docs when Transfer-encoding is chunked after upgrading to Apache 2.4 and WSS 12.52SP1
This tech note speaks about an issue fixed in R12.52 SP1 CR05
Last Update: 2017-04-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1496968
Password Services Does Not Work on Apache.
This document describes extra configuration details required to have PWS working with Apache
Last Update: 2017-04-28 Size: 83 kb Type: Knowledge Base Articles ID: TEC1835876
XCart with Replace mode does not replace trusted host object when performing XPSImport. Error Duplicate value
Replace mode matches on XID rather than the name of the trusted host object. This is expected behavior.
Last Update: 2017-04-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1373875
How to resolve a "403.4 - Forbidden" error at the browser on an IIS8.5 Web Server with the R12.52 SP1 CA Single Sign On Web Agent installed.
This article explains how to resolve a "403.4 - Forbidden" error on an IIS 8.x Web Server that results in the CA Single Sign On Agent to fail to generate any logs.
Last Update: 2017-04-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1398264
Do I need the exact required Linux libraries for 12.52 SP1 apache agent installation as indicated in the guide?
This document clarifies the Linux required libraries for an Apache webagent upgrade on RedHat 5
Last Update: 2017-04-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC1729414
What is the format of the smaccess.log?
This tech not explains what is the default format of the smaccess.log?
Last Update: 2017-04-26 Size: 83 kb Type: Knowledge Base Articles ID: TEC511548
How to Enable SPS logs
How to Enable Secure Proxy Logging to help troubleshoot
Last Update: 2017-04-25 Size: 82 kb Type: Knowledge Base Articles ID: TEC1528615
Policy Server does not fail back properly.
When policy stores are deployed as redundancy, fail back does not work properly.
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1991177
Can not access to AdminUI using SSL/TLS.
When accessing to AdminUI using https, but redirected to non TLS (http) URL.
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1036131
WebAgent reject encoded request contained "%c0".
Although customer set "no" to "DisallowUtf8NonCanonical", WebAgent reject URL encoded query contained "%b".
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1378153
Actions are not registered in AgentType.
When I tried to register WebAgent actions in AdminUI, they are not displayed.
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1764799
Multiple log files are created at the time (00:00) of rotating audit logs
When smaccess.log is rotated, 7 new rotated files are created.
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1428697
secureURLs can not encode hash(#) string.
Despite setting "yes" to SecureURLs in ACO, hash ("#") is not encoded.
Last Update: 2017-04-25 Size: 83 kb Type: Knowledge Base Articles ID: TEC1763229
Oracle LDAP bad password count not reset on successful authentication
If there is a mapping between AD for Authentication and Oracle LDAP for Authorization and Authentication, resetting the bad password counter does not reset it in Oracle
Last Update: 2017-04-24 Size: 83 kb Type: Knowledge Base Articles ID: TEC1052558
"This site is not secure" is displayed
SSL communication is performed between a Web server and a web browser, The certificate which SiteMinder has does not involve.
Last Update: 2017-04-21 Size: 83 kb Type: Knowledge Base Articles ID: TEC1204465
sps-ctl restart script is not loading changes done in server.conf and proxyrules.xml files
This document explains why the sps-ctl script cannot load any change done in server.conf or proxyrules.xml, and what it is the actual usage of this script, and how to restart taking these changes into account.
Last Update: 2017-04-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1270652
The sequence of communication between WebAgent and Policy Server.
How does WebAgent communicate with Policy Server ?
Last Update: 2017-04-20 Size: 83 kb Type: Knowledge Base Articles ID: TEC1001487
Adminui Crashing Intermittently on Solaris
This document describes an issue that was observed where Siteminder AdminUI was crashing intermittently
Last Update: 2017-04-19 Size: 83 kb Type: Knowledge Base Articles ID: TEC1738772
Is there any impact on CA Single Sign-On when Japanese era name changed?
There is no impact when the era name is changed since Japanese calendar is not used in the product.
Last Update: 2017-04-19 Size: 83 kb Type: Knowledge Base Articles ID: TEC1517326
Understanding Policy Server and Web Agent Caches
Component of Policy Server and Web Agent Caches
Last Update: 2017-04-18 Size: 82 kb Type: Knowledge Base Articles ID: TEC1172843
Why can we re-use SMSESSION cookie after Logout ?
This tech note speaks about SMSESSION cookie and the fact that it is still valid after logoff.
Last Update: 2017-04-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1286571
When accessing to WebAgent by multi threads, Policy Server output HandShake errors.
When increasing 'StartServers' value and accessing to WebAgent by multi threads, WebAgent send RST packets to Policy Server and Policy Server output HandShake errors.
Last Update: 2017-04-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1078762
SMSESSION Cookie for Unprotected Realm
This article explains SMSESSION cookie issuing function.
Last Update: 2017-04-18 Size: 83 kb Type: Knowledge Base Articles ID: TEC1819257
FMATTR doesn't work for User Attribute Mapped Experssions
FMATTR prefix for use in printing out multi-value attributes as separate assertion attributes, rather than one carrot (^) delineated single line does not work for User Store Attribute Mapping expressions.
Last Update: 2017-04-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1537107
Remove Tomcat Version Info from SPS Error Page
How to remove server.info=Apache Tomcat
Last Update: 2017-04-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1741883
Unable To Load Certificate - SPS https issue with Back End Server
This document describes an issue where SPS had issues connecting with backend server using TLSv1.3
Last Update: 2017-04-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1301348
Time-out interval elapsed, but the event's state is nonsignaled
This document explains why this message appears in Apache logs, and how to disable it.
Last Update: 2017-04-13 Size: 83 kb Type: Knowledge Base Articles ID: TEC1103263
How to remove SMSESSION logging in Apache access.log and IIS logs ?
This tech note discuss on how to remove logging of SMSESSION in the apache access.log and IIS log ?
Last Update: 2017-04-12 Size: 83 kb Type: Knowledge Base Articles ID: TEC1219649
Is there limitation on the number of realms and rules created?
There is no limitation clearly defined in design. However, there should be a limitation of hardware, OS, memory, etc.
Last Update: 2017-04-12 Size: 83 kb Type: Knowledge Base Articles ID: TEC1788323
What is the Purpose of from Body Section in SPS WS Auth/AZ ?
This technote discusses about specific parameter for WS Auth/Az Service.
Last Update: 2017-04-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1294671
Start and Stop the Policy Server Process on a UNIX System
policy server unix
Last Update: 2017-04-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1395977
Policy Server 12.52SP1 write Log Message "Evaluation period has expired"
This technote discusses about importance of a specific error message that might show up in the Policy Server logs.
Last Update: 2017-04-11 Size: 83 kb Type: Knowledge Base Articles ID: TEC1245301
Start and Stop Policy Server Services on Windows Systems
Policy Server Windows Services
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1172782
Where Can we Find CAPKI Documentation?
We can not find any public documentation on CAPKI formerly known as ETPKI
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1350033
Java SDK Agent Initialization Delays
java custom agent is taking about 3 seconds for initialization
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1197721
Force Password Change Sometimes does Not Work
when user is redirected to the change password page, he gets redirected to the login page while trying to change the password
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1730092
Starting Policy Server a Popup tells me that a Specific dll is either not designed to run on Windows or it contains an Error
This technote discusses about a technique to verify a file when a specific error message shows up on Windows Systems
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1660397
What's the expected Syntax of the Registry Key KeepAgentConnections when configuring the Registry on Unix / Linux Policy Server ?
This technote gives precision about writing a specific key in the Policy Server registry file on Unix Linux
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1569237
AdminUI Read Only Administrator cannot see the Identity Manager Roles in a Policy
This technote discusses about a limitation in the usage of AdminUI and Identity Manager objects.
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1839654
When IDP generates the SAML assertion with a set of attributes we would like to send the same attributes in different HTTP Request Headers.
This Knowledge Document explains how to pass SAML assertion attributes as HTTP Headers.
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1606775
FCC redirection when URL containing special characters like 'ä' is accessed.
This KB article explains why accessing URL containing special chars fails during the login using form FCC. This is due to a bad encoding setting
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1716583
In using Apache 'Prefork' MPM mode, Policy Server output HandShake Errors.
When accessing by multi threads per second, Policy Server output HandShake Errors.
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1385383
Behavior of Form authentication when login_sample.fcc exists
On the behavior of Form authentication when login_sample.fcc exists. login_sample.fcc is used instead of login_ja-JP.fcc. It happens when "localization=yes".
Last Update: 2017-04-07 Size: 83 kb Type: Knowledge Base Articles ID: TEC1126024
How to specify multiple pairs of method and URI to the ACO parameter OverlookSessionforMethodURI
This explains the usage of OverlookSessionforMethodURI.
Last Update: 2017-04-06 Size: 83 kb Type: Knowledge Base Articles ID: TEC1701486
Please note that you can always access the full list going to the following link:
CA Single Sign-On
Best Regards,
Ujwol Shrestha
Principal Support Engineer
CA Technologies