Symantec Access Management

Accroding the pdf "CA SiteMinder® Agent for Oracle WebLogic Server"
when i do config step Chapter 5: Configure the SiteMinder Authorization Provider and
after config "Configure the SiteMinder Authorization Provider in WebLogic " , restart the WebLogic Server
it occur error
####<2013/5/30 下午02時13分37秒 CST> <Notice> <Security> <mvdis-reverse> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1369894417067> <BEA-090082> <Security initializing using security realm myrealm.>
####<2013/5/30 下午02時13分37秒 CST> <Critical> <Security> <mvdis-reverse> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1369894417114> <BEA-090404> <User administrator is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.>
####<2013/5/30 下午02時13分37秒 CST> <Critical> <WebLogicServer> <mvdis-reverse> <AdminServer> <main> <<WLS Kernel>> <> <> <1369894417114> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User administrator is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User administrator is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1010)

at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)

at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)

at weblogic.security.SecurityService.start(SecurityService.java:148)

at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
sitetminder agent ver. is r12
WebLogic Server ver. is 12C

do i lost any step ?

Are you configuring a WebAgent.conf file for each individual provider or are you using a single WebAgent.conf file for all the providers?

Did you Delete the Default Authorization provider from the list an select only the Siteminder Authorization Provider?

Hi,

Probably you deleted the Default Authorization Provider and therefor the user which starts the server (probably weblogic) can not be authenticated anymore.
Please look over the troubleshoot chapter from ASA bookself. It explain how to fix this which can be found under "Solve Configuration Problems ":

Symptom : WebLogic Server failed to start. Message in the WebLogic console says that "user weblogic failed to boot the server"



Possible Cause : You have configured the SiteMinder Authorization Provider incorrectly



Resolve problem:


If you have already configured the SiteMinder Authorization Provider:

1. Create a /* rule in the Authorization Provider realm.

2. Add this rule to the policy that contains all users of the user directory.

If you have not configured the SiteMinder Authorization Provider, verify that the group of user "weblogic" is being returned as "Administrators". You can configure groups to be returned by using SiteMinder responses.