Symantec Access Management

  • 1.  Tech Tip - CA Single Sign-On : Error removing Fed Partnership using the AdminUI

    Posted Jul 30, 2015 05:56 AM

    CA Single Sign-On Tech Tip by Julien Nitot, Sr Support Engineer for July 30th, 2015

     

    Problem

     

    When trying to remove a partnership using the AdminUI (12.52SP1CR1) you may have an error :

    Error deleting partnership XXXXX

    Checking the adminui server.log there are more details on the errors:


    ERROR [com.ca.federation.adminui.backingbean.federation.PartnershipListBean] (http-***.YY.ZZ.QQ-8443-5)
    **ERROR** com.ca.fedxps.api.remote.FedXPSException during UI operation.
    com.ca.fedxps.api.remote.FedXPSException: com.ca.federation.client.XPSException: Cannot delete a related record.
    (CA.FED::AuthnContextMapping@41d45474-a920-49b5-b0d6-2fd674dd9af1:
    CA.FED::PartnershipBase@f7fa6c3c-e5ee-421b-a350-3b1bc573a3af(YYYYYYY).CA.FED::PartnershipBase.AuthnContextURIsLink)
    ....

    >> Problem is that there is some AuthContextMapping defined for other partnership and could not be removed because they are also used.


    Solution

     

    You need to use XPSExplorer tool to delete the partnership

     

    XPSExplorer

     

    1)Go to partnership
    2)Navigate to dproblematic partnership that you want to delete
    3)Type W to get a writable copy
    4)Look for attribute number of AuthnContextURIsLink(it should be 10)
    5)Enter B to blank out the attribute
    6)Type V to validate the record.
    7)Type U o update it.
    8)Type Q to come out of it.
    9)Finally, delete the partnership itself in XPSexplorer


    >> Restart the policy server / Restart the AdminUI



  • 2.  Re: Tech Tip - CA Single Sign-On : Error removing Fed Partnership using the AdminUI

    Posted Aug 22, 2016 04:42 PM

    This tech tip was very useful! Saving me time and aggravation!



  • 3.  Re: Tech Tip - CA Single Sign-On : Error removing Fed Partnership using the AdminUI

    Posted Oct 23, 2017 10:01 AM

    Very useful, indeed. However, why does this happen? Is there a way to prevent this from happening in the first place?



  • 4.  Re: Tech Tip - CA Single Sign-On : Error removing Fed Partnership using the AdminUI

    Posted Oct 23, 2017 10:21 AM

    This Tech note helps us navigate around the issue in the interim and move ahead.

     

    The core issue has to be fixed in code either in the WAMUI or XPS mappings layer. This would be the real fix to the problem.



  • 5.  Re: Tech Tip - CA Single Sign-On : Error removing Fed Partnership using the AdminUI

    Broadcom Employee
    Posted Oct 23, 2017 10:28 AM

    The Tech Note says, this issue is specific to r12.52SP1CR1, does that mean this issue was fixed on higher version (r12.6/12.7) ?