Symantec Access Management

Hello All,

Getting "500 Internal Server Error" when trying to perform SLO from application at SP side. Getting below error in the logs. Any Help?

FWSTrace log -

[07/03/2015][07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Transaction with ID: 1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a failed. Reason: SLO_GET_EXCEPTION]

[07/03/2015][07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.SLOService, method doGet: java.lang.NullPointerException

smtracedefault log -

[07/03/2015][07:18:25.960][07:18:25][34928][4054997872][CServer.cpp:5947][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Enter function CServer::Tunnel]

[07/03/2015][07:18:25.960][07:18:25][34928][4054997872][CServer.cpp:6050][CServer::Tunnel][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][][][][][][][][][][][][][][::ffff:10.118.210.13][][][][Lib='smjavaapi', Func='JavaTunnelService', Params='com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService', Server='', Device=''][][Resolved all the input parameters]

[07/03/2015][07:18:25.960][07:18:25][34928][4054997872][CServer.cpp:6204][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function JavaTunnelService...]

[07/03/2015][07:18:25.960][07:18:25][34928][4054997872][CServer.cpp:6233][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Start of tunnel call JavaTunnelService]

[07/03/2015][07:18:25.961][07:18:25][34928][4054997872][SmJVMSupport.cpp:161][GetJVMEnv][][][][][][][][][][][][][][][][][][][][][SmJVMSupport, Successfully attached JVM to thread]

[07/03/2015][07:18:25.961][07:18:25][34928][4054997872][LdapStore.cpp:375][Lock_LdapHandle][][][][][][][][][][][][][][][][][][][][][Lock LDAP handle. slot=0 ld=0xf1b237c0]

[07/03/2015][07:18:25.961][07:18:25][34928][4054997872][LdapStore.cpp:1351][SearchObject][][][][][][][][][][][][][][][][][][][][][Searching for objects in container smSessionId=Ny0bw4g3Llt1NLhjxE9SN9LRy60\=,ou=sessionstore,dc=smsession,dc=com, (filter:"(&(objectClass=smSessionVariable)(smFullVariableName=StateSLO.*.*))")]

[07/03/2015][07:18:25.961][07:18:25][34928][4054997872][LdapStore.cpp:1767][SmSearchPLDAP][][][][][][][][][][][][][][][][][][][Handle='0xa894418', Root='smSessionId=Ny0bw4g3Llt1NLhjxE9SN9LRy60\=,ou=sessionstore,dc=smsession,dc=com', Scope=1, Filter='(&(objectClass=smSessionVariable)(smFullVariableName=StateSLO.*.*))', attrsonly=0][][Start of call ldap_search_st:Search LDAP.]

[07/03/2015][07:18:25.962][07:18:25][34928][4054997872][LdapStore.cpp:1779][SmSearchPLDAP][][][][][][][][][][][][][32][No such object][][][][][Handle='0xa894418', Root='smSessionId=Ny0bw4g3Llt1NLhjxE9SN9LRy60\=,ou=sessionstore,dc=smsession,dc=com', Scope=1, Filter='(&(objectClass=smSessionVariable)(smFullVariableName=StateSLO.*.*))', attrsonly=0][][Return from call ldap_search_st]

[07/03/2015][07:18:25.962][07:18:25][34928][4054997872][LdapStore.cpp:1735][CLdapStore][][][][][][][][][][][][][][][][][][][][][Trying to get a list of objects from LDAP server, LDAP returned an error message: No such object, (ldap_search_s returned LDAP err=0x20]

[07/03/2015][07:18:25.962][07:18:25][34928][4054997872][SmSessionServer.cpp:979][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-06007] failed. Error code : 2]

[07/03/2015][07:18:25.962][07:18:25][34928][4054997872][SmJavaAPI.cpp:1467][JavaTunnelService][][][][][][][][][][][][][866][][][][][][][][Active Expression evaluated for SmJavaAPI: JavaTunnelService successfully invoked.  Parameter to follow:]

[07/03/2015][07:18:25.963][07:18:25][34928][4054997872][CServer.cpp:6361][CServer::Tunnel][][][][][][][][][][][][][866][][][][][][][][Return from tunnel call JavaTunnelService]

[07/03/2015][07:18:25.963][07:18:25][34928][4054997872][CServer.cpp:6379][CServer::Tunnel][][][][][][][][][][][][][966][][][][][][][][Leave function CServer::Tunnel]

[07/03/2015][07:18:25.963][07:18:25][34928][4054997872][CServer.cpp:5854][CServer::ProcessRequest][][][][][][][][][][][][][966][][][][][][][][Leave function CServer::ProcessRequest]

Hi Venga,

From the following message, it seems that the persistent session (with session ID= Ny0bw4g3Llt1NLhjxE9SN9LRy60\=) failed to be fetched:

[Trying to get a list of objects from LDAP server, LDAP returned an error message: No such object, (ldap_search_s returned LDAP err=0x20]

SLO requires a valid SiteMinder persistent session. which is established during Single Sign-on.

Best regards,

Kelly

Couple of questions and things to verify:

1. Test connectivity with your Session Server from SiteMinder Policy Server Management Console.

2. Is the issue happening for all user sessions or only some user sessions ?

3. If this is one off case, then it is also possible that the user session was already deleted from the session store due to expiry/inactivity?

4. If the issue reoccur, please also verify if the specified session exists on the session store using some external LDAP tool like JXplorer .

    Here is what you will need to search for :

  smSessionId={SessionID_Having_Issue}\=,ou=sessionstore,dc=smsession,dc=com, (filter:"(&(objectClass=smSessionVariable)(smFullVariableName=StateSLO.*.*))

Hi Venga,

Please let us know if you have had a chance to check if the issue is related to the session store setup.

Best regards,

Kelly

Hi All,

Thank you for your support. We were able to solve this issue. It's because server time was in non-sync between Policy Server and Session Store.

After syncing the time issue got resolved.

Regards,

Venga