Symantec IGA

Quick tip:

--------------

Take a look at the site minder trace excerpt below. This happened when a user who's enabled and with good standings and status was looking to perform any public task (such as Forgotten Password Reset and so forth). Note that the last line in that log is indicating user is disabled.

Why would this show as the user is not disabled?

Answer:

-----------

Identity Manager's public tasks , while invoked by regular users, are all actually executed by the same single user which is the 'public user' that's associated with the public realm. Since public tasks don't require authentication then they are all carried out by this public user. This public user is authenticating himself to Identity Manager but this is hidden for the normal users that use the public services. Therefore, if this public user is disabled you will get this kind of log activity and result as below. What you need to do of course is to make sure this public user is well enabled and have no problems:

From Site Minder trace:

------------------------

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][Sm_Auth_Message.cpp:127

8][CSm_Auth_Message::AuthenticateUser][00000000000000000000000052c4f70a-2d1b-5

42ae8e1-84c54940-357e775df88a][iamb2bextdmz][/iam/im/tpiPub/index.jsp?task.tag

=PasswordServices&SMENC=UTF-8&SMTOKEN={RC2}mujK+0BP2tH6hBQ/rxeEefQbYaYwAtiW2q4

RRx5yn+ANBwEt8N8SY4F7fvaEnh7SBbCifAC/HJ4=&USERNAME=anadig1382@gmail.com&SMAUTH

REASON=20&SMAGENTNAME=GLpXwBrRk4WNtFxOQL3DQZZP9qYEcE4fylkouUxGyo6Pi9Jc1lSSsoex

5reCeUFl&TARGET=-SM-https%3a%2f%2fiamb2b--acc%2eamfam%2ecom%2fiam%2fim%2ftpi%2

findex%2ejsp][][][tpi_pub_realm][tpiDomain][B2BUserStore][][][][][][][][][][][

][][Accumulating OnAuthReject policy responses...]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][Sm_Auth_Message.cpp:87]

[g_ServerTrace][][][][][][][][][][][][][][][][][][][][Cleaning

up][SmSamlDataContext::~SmSamlDataContext: Cleaning up]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][Sm_Auth_Message.cpp:340

9][CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter

function CSm_Auth_Message::SendReply]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][SmObjCache.cpp:824][CSm

ObjCache::Fetch][][][][][][][][][][][][][][][][][][][][][Retrieve an object

from the object cache.]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][SmObjCache.cpp:773][CSm

ObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached

object.]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][SmObjCache.cpp:773][CSm

ObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached

object.]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][SmAuthAnon.cpp:44][SmAu

thQuery][][][][][][][][][][][][][][][][][][][][][Enter function SmAuthQuery]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][SmAuthAnon.cpp:63][SmAu

thQuery][][][][][][][][][][][][][Sm_AuthApi_Success][][][][][][][][Leave

function SmAuthQuery]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][Sm_Auth_Message.cpp:406

9][CSm_Auth_Message::FormatAttribute][s15/r7][iamb2bExtDMZ][][][][tpi_pub_real

m][tpiDomain][B2BUserStore][][][][][][][][][][][][....][Send response

attribute 212, data size is 4]

[09/30/2014][12:31:13.342][12:31:13][4154][4020214672][Sm_Auth_Message.cpp:406

9][CSm_Auth_Message::FormatAttribute][s15/r7][iamb2bExtDMZ][][][][tpi_pub_real

m][tpiDomain][B2BUserStore][][][][][][][][][][][][User disabled][Send

response attribute 158, data size is 13]

Yours,

Sagi Gabay,

CA Technologies.