Symantec Access Management

Please find the server log for the same

01:05:30,445 INFO  [STDOUT] Error initializing AgentLogger

Message: Failed to load smerrlog

Exception:

com.netegrity.smerrlog.SmLogException: Failed to load smerrlog

        at com.netegrity.smerrlog.SmLogger.<init>(SmLogger.java:104)

        at com.netegrity.affiliateminder.webservices.utils.z.<init>(DashoA10*..:66)

        at com.netegrity.affiliateminder.webservices.utils.y.<init>(DashoA10*..:58)

        at com.netegrity.affiliateminder.webservices.admin.aj.r(DashoA10*..:129)

        at com.netegrity.affiliateminder.webservices.admin.d.g(DashoA10*..:294)

        at com.netegrity.siteminder.agentcommon.framework.e.<init>(DashoA10*..:69)

        at com.netegrity.affiliateminder.webservices.admin.d.<init>(DashoA10*..:60)

        at com.netegrity.affiliateminder.webservices.admin.d.a(DashoA10*..:77)

        at com.netegrity.affiliateminder.webservices.admin.d.b(DashoA10*..:106)

        at com.netegrity.affiliateminder.webservices.c.init(DashoA10*..:270)

        at com.netegrity.affiliateminder.webservices.saml2.dk.init(DashoA10*..:99)

        at com.netegrity.affiliateminder.webservices.saml2.ManageNameIDService.init(DashoA10*..:136)

        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)

        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:950)

        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4122)

        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4421)

        at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)

        at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)

        at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)

        at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)

        at org.jboss.web.deployers.WebModule.start(WebModule.java:97)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)

        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)

        at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)

        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)

        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)

        at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)

        at com.sun.proxy.$Proxy39.start(Unknown Source)

        at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)

        at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)

        at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)

        at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)

        at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)

        at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)

        at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)

        at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)

        at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)

        at org.jboss.system.ServiceController.doChange(ServiceController.java:688)

        at org.jboss.system.ServiceController.start(ServiceController.java:460)

        at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)

        at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)

        at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)

        at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)

        at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)

        at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)

        at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)

        at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)

        at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)

        at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)

        at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)

        at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)

        at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)

        at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)

        at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)

        at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)

        at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)

        at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)

        at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)

        at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)

        at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)

        at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)

        at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)

        at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)

        at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)

        at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)

        at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)

        at org.jboss.Main.boot(Main.java:221)

        at org.jboss.Main$1.run(Main.java:556)

        at java.lang.Thread.run(Thread.java:745)

Caused by: java.lang.UnsatisfiedLinkError: no smerrlog in java.library.path

        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1886)

        at java.lang.Runtime.loadLibrary0(Runtime.java:849)

        at java.lang.System.loadLibrary(System.java:1088)

        at com.netegrity.smerrlog.SmLogger.<init>(SmLogger.java:99)

        ... 82 more

Exception history:

        java.lang.UnsatisfiedLinkError: no smerrlog in java.library.path

        com.netegrity.smerrlog.SmLogException: Failed to load smerrlog

01:05:30,454 INFO  [STDOUT] FATAL ERROR: Exception from System.loadLibrary java.lang.UnsatisfiedLinkError: no smcommonutil in java.library.path

01:05:30,454 INFO  [STDOUT] FATAL ERROR: Exception from AgentAPI.initialize() java.lang.UnsatisfiedLinkError: netegrity.siteminder.javaagent.AgentAPI.initialize()V

01:05:30,456 ERROR [[/affwebservices]] StandardWrapper.Throwable

java.lang.UnsatisfiedLinkError: netegrity.siteminder.javaagent.AgentAPI.javaagent_api_getConfig(Lnetegrity/siteminder/javaagent/InitDef;Ljava/lang/String;Ljava/lang/String;)I

Please assist.

Thanks,

Alok

Hi Alok.Kumar ,

Thanks for your question! I have moved this thread to the CA Security community, where it's more likely that product experts will see it and respond.

Thanks!

Melanie

Alok

This looks to  me like we haven't sourced the ENV variables after installing WAOP and before deploying on Application Server.

The steps are pretty much well documented on the CA SSO WiKi.

Set Up JBOSS or Tomcat to Work with Federation Web Services - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentat…

Regards

Hubert

Hi Hubert, Thanks for your quick reply. I am setting the environment before deploying the war but no go. Here env variable means waop shell script which I am running before creating war. I am seeing value for LD_LIBRARY_PATH after setting the env var.

Please guide me if I am missing something.

Regards!

Alok

Alok,

Could you confirm for me the following please

1. WAOP version being used (with bit version).
2. OS (with bit version) of the Server where Jboss5 / WAOP is installed.
3. JDK Version (with bit version) being used.
4. Jboss5 (with bit version).

Regards

Hubert

This typically happens when the ENV variables are not being loaded in JVM Classpath. There are times when we see that we do source the SM ENV variables on the Shell. However Java does not pick it. We then have to source it explicitly within the Application Servers Startup Scripts OR in a place from where the Application Server reads ENV variables. It is a bit of investigation here, but pretty sure this is what could be happening.

Regards

Hubert

Please find the details: Waop 12.5

Jdk 1.8 32 bit

OS redhat

Thanks,

Alok

JDK 1.8???? Are we using JDK 8 .... Please check support matrix if JDK8 is supported or not.

1. WAOP version being used (with bit version).
2. OS (with bit version) of the Server where Jboss5 / WAOP is installed.
3. JDK Version (with bit version) being used.
4. Jboss5 (with bit version).

Hi Hubert,

Everything was working fine with java 8 so i used latest version. Now I am trying to use tomcat 7.

I have updated all the required software based upon support matrix

Java 1.6 32 bit

tomcat 7

redhat 6 64 bit

waop 12.5

Still I am getting same error, please see below:

SEVERE: Servlet [saml2nid] in web application [/affwebservices] threw load() exception

java.lang.UnsatisfiedLinkError: netegrity.siteminder.javaagent.AgentAPI.javaagent_api_getConfig(Lnetegrity/siteminder/javaagent/InitDef;Ljava/lang/String;Ljava/lang/String;)I

        at netegrity.siteminder.javaagent.AgentAPI.javaagent_api_getConfig(Native Method)

        at netegrity.siteminder.javaagent.AgentAPI.getConfig(AgentAPI.java:1543)

        at com.netegrity.siteminder.agentcommon.framework.g7.a(DashoA10*..:310)

Thanks,

Alok

Alok

This is a different error from the one reported earlier.

Are you sure WAOP is R12.5 and not R12.52???

I am assuming Tomcat is 32bit and not 64bit???

If JDK is 32bit, then everything i.e. Tomcat / WAOP has to be 32bit. OS can be 64bit, that does not matter.

Regards

Hubert

Have we patched the JDK with JCE unlimited strength Cryptography Extension?

No patching of JDK done from my end. Please provide some reference if I have to do so.

Earlier error was from jboss, this error is from tomcat7.

Regards!

Alok

Alok

Are you sure you are using Tomcat7 and not Tomcat8 - just being overcautious and asking because the subject line suggested Tomcat8 whereas your last comment suggested Tomcat7. Check Support Matrix.

What Version is the Policy Server you are connecting too?

I just installed WAOP on TOMCAT7 and it works fine if we follow the WiKi steps. In your Environment, it looks like the NAMEID Servlet did not get initialized.

My Setup Info

Machine-1 :

• RHEL6 64bit,
• Tomcat7 32bit,
• jdk1.7.0_79 32bit (with JCE applied),
• ca-wa-opack-12.52-sp01-cr02-linux.bin
• Tomcat7 and WAOP use the same JAVA_HOME Environment Variable i.e. /programfiles/java/jdk1.7.0_79
• Install JDK, Apply JCE Path, Set JAVA_HOME, Stop and Start Tomcat7, Check Startup logs whether the JDK Path has been picked.

Machine-2 :

• RHEL6 64bit,
• jdk1.7.0_79 32bit (with JCE applied),
• Policy Server R12.52 SP1 CR02.

On your question of JCE. Download from here and then there are notes within the zip file on how to apply them over JDK.

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download

TOMCAT7 STARTUP LOG

[root@server bin]# ./startup.sh

Using CATALINA_BASE:   /F6/apache-tomcat-7.0.23

Using CATALINA_HOME:   /F6/apache-tomcat-7.0.23

Using CATALINA_TMPDIR: /F6/apache-tomcat-7.0.23/temp

Using JRE_HOME:        /programfiles/java/jdk1.7.0_79

Using CLASSPATH:       /F6/apache-tomcat-7.0.23/bin/bootstrap.jar:/F6/apache-tomcat-7.0.23/bin/tomcat-juli.jar

TOMCAT7 CATALINE LOG

[root@server logs]# more catalina.2015-11-16.log

Nov 16, 2015 12:55:55 PM org.apache.catalina.core.AprLifecycleListener init

INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /programfiles/CA/webagent_optionpack/b

in:/programfiles/CA/webagent_optionpack/bin/thirdparty::/usr/java/packages/lib/i386:/lib:/usr/lib

Nov 16, 2015 12:55:55 PM org.apache.coyote.AbstractProtocol init

INFO: Initializing ProtocolHandler ["http-bio-8080"]

Nov 16, 2015 12:55:55 PM org.apache.coyote.AbstractProtocol init

INFO: Initializing ProtocolHandler ["ajp-bio-8009"]

Nov 16, 2015 12:55:55 PM org.apache.catalina.startup.Catalina load

INFO: Initialization processed in 876 ms

Nov 16, 2015 12:55:55 PM org.apache.catalina.core.StandardService startInternal

INFO: Starting service Catalina

Nov 16, 2015 12:55:55 PM org.apache.catalina.core.StandardEngine startInternal

INFO: Starting Servlet Engine: Apache Tomcat/7.0.23

Nov 16, 2015 12:55:55 PM org.apache.catalina.startup.HostConfig deployWAR

INFO: Deploying web application archive /F6/apache-tomcat-7.0.23/webapps/affwebservices.war

Nov 16, 2015 12:55:58 PM com.sun.jersey.server.impl.application.WebApplicationImpl _initiate

INFO: Initiating Jersey application, version 'Jersey: 1.17 01/17/2013 03:31 PM'

Nov 16, 2015 12:55:58 PM com.sun.jersey.server.impl.application.DeferredResourceConfig$ApplicationHolder <init>

INFO: Instantiated the Application class org.odata4j.jersey.producer.resources.ODataApplication

Nov 16, 2015 12:55:59 PM org.apache.catalina.startup.HostConfig deployDirectory

INFO: Deploying web application directory /F6/apache-tomcat-7.0.23/webapps/manager

Nov 16, 2015 12:56:00 PM org.apache.catalina.startup.HostConfig deployDirectory

INFO: Deploying web application directory /F6/apache-tomcat-7.0.23/webapps/host-manager

Nov 16, 2015 12:56:00 PM org.apache.catalina.startup.HostConfig deployDirectory

INFO: Deploying web application directory /F6/apache-tomcat-7.0.23/webapps/examples

Nov 16, 2015 12:56:00 PM org.apache.catalina.startup.HostConfig deployDirectory

INFO: Deploying web application directory /F6/apache-tomcat-7.0.23/webapps/ROOT

Nov 16, 2015 12:56:00 PM org.apache.catalina.startup.HostConfig deployDirectory

INFO: Deploying web application directory /F6/apache-tomcat-7.0.23/webapps/docs

Nov 16, 2015 12:56:00 PM org.apache.coyote.AbstractProtocol start

INFO: Starting ProtocolHandler ["http-bio-8080"]

Nov 16, 2015 12:56:00 PM org.apache.coyote.AbstractProtocol start

INFO: Starting ProtocolHandler ["ajp-bio-8009"]

Nov 16, 2015 12:56:00 PM org.apache.catalina.startup.Catalina start

INFO: Server startup in 4575 ms

FWSTRACE LOG

[root@server log]# more FWSTrace.log

[Date][Time][Pid][Tid][TransactionID][SrcFile][Function][Message]

[====][====][===][===][=============][=======][========][=======]

[11/16/2015][12:55:57][8348][2932185968][][FWSConfigurationManager.java][initializeResourceDirectory][Product Release is WA-OP - setting resource path]

[11/16/2015][12:55:57][8348][2932185968][][FWSConfigurationManager.java][initializeResourceDirectory][resourcePath: /programfiles/CA/webagent_optionpack/resources]

[11/16/2015][12:55:57][8348][2932185968][][FWSConfigurationManager.java][initializeResourceDirectory][setResourceDirectory result: 1]

[11/16/2015][12:55:57][8348][2932185968][][FWSConfigurationManager.java][initializeResourceDirectory][Setting the resource directory succeeded]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][There are doManagement messages]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][Obtaining agent keys from the Policy Server]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][The persistent key for the agent is being set]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][The last key for the agent is being set]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][The current key for the agent is being set]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][The next key for the agent is being set]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][The Configuration Management thread was sucessfully created ]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][Parsing data for Agent Config Object Name "wac_waop"]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][Completed parsing data for Agent Config Object Name "wac_waop"]

[11/16/2015][12:55:58][8348][2932185968][][ManageNameIDService.java][doInitLog][------------------------------------------------]

[11/16/2015][12:55:58][8348][2932185968][][ManageNameIDService.java][doInitLog][SAML2 NameID Management Service Initialization.]

[11/16/2015][12:55:58][8348][2932185968][][ManageNameIDService.java][doInitLog][------------------------------------------------]

[11/16/2015][12:55:58][8348][2932185968][][FWSBase.java][init][Fips140Mode = 1]

[11/16/2015][12:55:58][8348][2932185968][][CustomPostPageCache][init][Initializing CustomPostPageCache]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][Requesting data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentConfig ID /programfiles/CA/w

ebagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:55:58][8348][10521456][][CustomPostPageCache][performUpdate][Checking for updates]

[11/16/2015][12:55:58][8348][2932185968][][agentcommon][][Administration Manager is returning data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentCon

fig ID /programfiles/CA/webagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:55:58][8348][10521456][][CustomPostPageCache][performUpdate][No custom pages cached.]

[11/16/2015][12:55:58][8348][2932185968][][ManageNameIDService.java][init][SAML2 NameID Management Service has been successfully initialized.]

[11/16/2015][12:55:58][8348][2932185968][][ManageNameIDService.java][init][Manage NameID Asynchronous processing thread is not enabled in Affwebservices.properties]

[11/16/2015][12:56:28][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:56:28][8348][8854384][][agentcommon][][There are doManagement messages]

[11/16/2015][12:56:58][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:56:58][8348][8854384][][agentcommon][][There are doManagement messages]

[11/16/2015][12:56:58][8348][10521456][][CustomPostPageCache][performUpdate][Checking for updates]

[11/16/2015][12:56:58][8348][10521456][][CustomPostPageCache][performUpdate][No custom pages cached.]

[11/16/2015][12:57:28][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:57:28][8348][8854384][][agentcommon][][There are doManagement messages]

[11/16/2015][12:57:58][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:57:58][8348][8854384][][agentcommon][][There are doManagement messages]

[11/16/2015][12:57:58][8348][10521456][][CustomPostPageCache][performUpdate][Checking for updates]

[11/16/2015][12:57:58][8348][10521456][][CustomPostPageCache][performUpdate][No custom pages cached.]

[11/16/2015][12:57:59][8348][2932517744][][AssertionRetriever.java][doInitLog][---------------------------------------------]

[11/16/2015][12:57:59][8348][2932517744][][AssertionRetriever.java][doInitLog][Assertion Retriever Service Initialization]

[11/16/2015][12:57:59][8348][2932517744][][AssertionRetriever.java][doInitLog][---------------------------------------------]

[11/16/2015][12:57:59][8348][2932517744][][FWSBase.java][init][Fips140Mode = 1]

[11/16/2015][12:57:59][8348][2932517744][][agentcommon][][Requesting data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentConfig ID /programfiles/CA/w

ebagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:57:59][8348][2932517744][][agentcommon][][Administration Manager is returning data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentCon

fig ID /programfiles/CA/webagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:57:59][8348][2932517744][][AssertionRetriever.java][init][Assertion Retrieval Service has been successfully initialized.]

[11/16/2015][12:57:59][8348][2932517744][][agentcommon][][Requesting data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentConfig ID /programfiles/CA/w

ebagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:57:59][8348][2932517744][][agentcommon][][Administration Manager is returning data for ConfigManager ID /programfiles/CA/webagent_optionpack/bin/SmHost.conf and SmAgentCon

fig ID /programfiles/CA/webagent_optionpack/bin/WebAgent.conf]

[11/16/2015][12:58:28][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:58:28][8348][8854384][][agentcommon][][There are doManagement messages]

[11/16/2015][12:58:58][8348][8854384][][agentcommon][][The Configuration Management thread is calling doManagement()]

[11/16/2015][12:58:58][8348][8854384][][agentcommon][][There are doManagement messages]

AFFWEBSERV LOG

[root@server log]# more affwebserv.log

[8348/2932185968][Mon Nov 16 2015 12:55:57][agentcommon][INFO][sm-FedClient-00010] The SiteMinder Agent is initializing ..

[8348/2932185968][Mon Nov 16 2015 12:55:57][agentcommon][INFO][sm-FedClient-00010] SiteMinder Product Details: PRODUCT_VERSION=12.52, PRODUCT_NAME=Federation Web Services, PRODUCT_UPDATE=

0102 , PRODUCT_LABEL=766.

[8348/2932185968][Mon Nov 16 2015 12:55:57][agentcommon][INFO][sm-FedClient-00010] Administration Manager is trying to create configuration for the SiteMinder Agent

[8348/2932185968][Mon Nov 16 2015 12:55:57][agentcommon][INFO][sm-FedClient-00010] Creating agent connection using file : /programfiles/CA/webagent_optionpack/bin/WebAgent.conf

[8348/2932185968][Mon Nov 16 2015 12:55:58][agentcommon][INFO][sm-FedClient-00010] Registering the Configuration Manager with the Policy Server

[8348/2932185968][Mon Nov 16 2015 12:55:58][agentcommon][INFO][sm-FedClient-00010] Obtained data from the Policy Server for Agent Config Object "wac_waop"

[8348/2932185968][Mon Nov 16 2015 12:55:58][agentcommon][INFO][sm-FedClient-00010] Configuration Manager is creating the Configuration Management thread with pspollinterval of 30 seconds

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00070] Default agent name: wa_waop

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00080] Transient ID Cookies: NO

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00220] Accept Third Party Cookies: NO

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-02920] Transient IP Check: NO

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00100] Cookie domain:

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00120] Cookie domain scope: 0

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00160] FWSMaxProviderCacheSize not specified.  Using default: 700

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00190] SSOZoneName not specified.  Using default: SM

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00200] SSOTrustedZone specified as: [SM]

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00240] FedDeploymentMode not specified.  Using default:

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00260] FedSmConnectorEnabled not specified.  Using default:

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00280] FedSmConnectorRealmFilter not specified.  Using default:

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00090] Use Secure Cookies: NO

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-03100] No ValidFedTargetDomain specified. ()

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-03370] Client Locale Preferred: YES

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-03380] Localization: YES

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-03390] Default Locale: en-US

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-03400] Log Locale: en-US

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAgentConfig.java][INFO][sm-FedClient-00170] Creating Federation Web services cache. ()

[8348/2932185968][Mon Nov 16 2015 12:55:58][FWSAdministrationManager.java][INFO][sm-FedClient-00030] Federation Web services initialization succeeded. ()

[8348/2932185968][Mon Nov 16 2015 12:55:58][ManageNameIDService.java][INFO][sm-FedClient-01530] SAML2 NameID Management Service Initialization.

[8348/2932185968][Mon Nov 16 2015 12:55:58][ManageNameIDService.java][INFO][sm-FedClient-01520] SAML2 NameID Management Service has been successfully initialized.

[8348/2932517744][Mon Nov 16 2015 12:57:59][AssertionRetriever.java][INFO][sm-FedClient-00530] Assertion Retriever Service Initialization ()

[8348/2932517744][Mon Nov 16 2015 12:57:59][AssertionRetriever.java][INFO][sm-FedClient-00620] Assertion Retrieval Service has been successfully initialized. ()

Regards

Hubert

Hi Hubert,

Subject line having wrong tomcat description, I am using tomcat7.

Thanks for your clear and elaborated explanation.

I will try this on this weekend and let you know the result.

Right now we are facing some other issue which having more priority and business impact.

Thanking you!

Alok

I am seeing the same issue, with both Tomcat 7 and 8. I am using Java 1.8 32 bit with JCE applied. It seems that cannot really choose the architecture with Tomcat, so it seemed that the same bundle can run 32 or 64 bit.

WAOP: 12.52 sp1

OS: Centos 6.7 32 bit

Policy Server: 12.52 sp1

OS: Centos 6.7 64 bit.

http://siteminder-ffs:8080/affwebservices/assertionretriever

Assertion Retrieval Service initialization FAILED. Please check Federation Web Services log file for more details.

The requested service accepts only HTTP POST requests.

Additional info: affwebserv.log

[9852/1723526000][Wed Dec 09 2015 01:24:00][agentcommon][INFO][sm-FedClient-00010] Creating agent connection using file : /root/CA/webagent_optionpack/config/WebAgent.conf

[9852/1723526000][Wed Dec 09 2015 01:24:01][agentcommon][INFO][sm-FedClient-00010] Registering the Configuration Manager with the Policy Server

[9852/1723526000][Wed Dec 09 2015 01:24:01][FWSAdministrationManager.java][ERROR][sm-FedClient-00050] Error initializing Federation Web Services: Failed to create agent configuration for : /root/CA/webagent_optionpack/config/WebAgent.conf

[9852/1723526000][Wed Dec 09 2015 01:24:01][FWSAdministrationManager.java][ERROR][sm-FedClient-00060] Federation Web services initialization FAILED. ()

[9852/1723526000][Wed Dec 09 2015 01:24:01][ManageNameIDService.java][INFO][sm-FedClient-01520] SAML2 NameID Management Service has been successfully initialized.

[9852/1723526000][Wed Dec 09 2015 01:24:19][agentcommon][INFO][sm-FedClient-00010] Administration Manager is trying to create configuration for the SiteMinder Agent

[9852/1723526000][Wed Dec 09 2015 01:24:19][agentcommon][INFO][sm-FedClient-00010] Creating agent connection using file : /root/CA/webagent_optionpack/config/WebAgent.conf

[9852/1723526000][Wed Dec 09 2015 01:24:20][agentcommon][INFO][sm-FedClient-00010] Registering the Configuration Manager with the Policy Server

[9852/1723526000][Wed Dec 09 2015 01:24:20][FWSAdministrationManager.java][ERROR][sm-FedClient-00050] Error initializing Federation Web Services: Failed to create agent configuration for : /root/CA/webagent_optionpack/config/WebAgent.conf

[9852/1723526000][Wed Dec 09 2015 01:24:20][FWSAdministrationManager.java][ERROR][sm-FedClient-00060] Federation Web services initialization FAILED. ()

WebAgent.conf:

# WebAgent.conf - configuration file for the Federation Web Services Application

#agentname="agent_name, IP_address"

HostConfigFile="/root/CA/webagent_optionpack/config/SmHost.conf"

#AgentConfigObject="agent_config_object_name"

AgentConfigObject="siteminder-ffs"

EnableWebAgent="YES"

ezrahn

Could you check the ACO object exists in the Policy Store and the SmHost.conf has the correct HCO + Policy Server IPs defined. Also ensure WebAgent.conf and SmHost.conf have read access for the user owning the Application Server process.

Regards

Hubert

Hubert,

It doesn't exists.

Since this is a brand new deployment, we basically have default ACOs defined:

ApacheDefaultSettings
	ASAWASDefaultSettings
	ASAWLSDefaultSettings
	AuthAzServiceDefaultSettings
	DominoDefaultSettings
	IISDefaultSettings
	iPlanetDefaultSettings
	SharePoint2010DefaultSettings
	SharePointDefaultSettings

What would be a reasonable one to pick to enable Partnership Federation (see: Steps to support SSO with SalesForce) ?

I tried to configure a new ACO in the Admin UI, and it's missing the agent name, etc, which is referred but commented out at the WebAgent.conf. Clearly I just don't know what I am doing with this. As I mentioned in the other thread, WAOP documentation seems to suggest that it's a standalone package that can be installed without a Web Agent. Is this correct ? It seemed that I still need to configure it like a WebAgent. Can you point out some steps or documentations that I need to follow?

Sorry for piggybacking someone's thread, but maybe we are on the same boat.

Hi ezrahn, I had issue with path environment variable. Hubert suggested me a lot many options but finally I found I was doing something wrong. After setting path env variable manually my issue got resolved.

You carry on with your bug.

Thanks!

Alok

Ezrahn, in waop guide every step mentioned very clear. You have to register the host of waop with PS and manually create webagent.conf and point smhost file. At registration you need hco and in webagent.conf you need aco. Hco and aco you need to define manually at PS.

Thanks Alok!

I tried using a predefined ACO 'AuthAzServiceDefaultSettings' and WAOP seems to be working.

http://siteminder-ffs:8080/affwebservices/assertionretriever

Assertion Retrieval Service has been successfully initialized.
The requested service accepts only HTTP POST requests.

I went ahead with the SAML Partnership federation testing with Salesforce, and now I am getting 403-Forbidden Request error after Salesforce sends the SAML AuthRequest to the sso endpoint: http://siteminder-ffs.bgcorp.com:8080/affwebservices/public/saml2sso

type Status report

message Request Forbidden. Transaction ID: 1691bb4f-acfd55ae-56f48e5b-c865902f-06601481-e1 failed.

description Access to the specified resource has been forbidden.

I am not seeing any log activities both in Tomcat logs and in affwebserv.log. Not quite there yet, but progress nonetheless!

Please use a different ACO.

- Create a Agent Object.

- Create a ACO, and map the Agent to DefaultAgentName in ACO.

- Create a HCO.

- (source ENV) Run smreghost using the above values on WAOP Server to generate a SmHost.conf (which I believe you have already performed).

- Create WebAgent.conf

- (source ENV) Deploy affwebservices.

Did you protect the /affwebservices/redirectjsp/redirect.jsp using a realm / policy domain?

Please use HTTPWatch or IEHTTPHeaders on your browser to see which URIs are being invoked. Then correlate these URIs from BrowserTraces, to WebAgentTrace logs and FWSTrace logs.

Regards

Hubert

Hi Hubert,

Thanks for the guide.

I have installed an Apache Web Agent, created an HCO, ACO, registered them, restarted them, everything is now running fine.

I have also enabled trace, and I can really see what's going on.

I first tested an SP initiated SSO, which generated the 403 shown above. I am still getting a 403, but it's not really due to the fact that redirect.jsp is protected. The trace log shows clearly that the SAML AuthRequest message was received, and parsed correctly. However the transaction failed because the agent couldn't find both the SP information nor the IDP information based on the Provider ID. This seems strange because it seemed that the partnership is setup properly. Later I found out that my Partnership setup was still in 'Defined' status, which I then activate. Still no luck.

I have the WA and WAOP installed in the same box, are they supposed to use the same webagent.conf and SmHost.conf ?

What else could be wrong with this? I have not secure the apache and tomcat communication (http instead of https), would this be an issue?

Here is partial trace snippets, a full snippet is very long, because it includes the raw and parsed SAML Request.

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 5, Failed to obtain Service Provider data by provider ID. Provider ID: https://user-8000-dev-ed.my.salesforce.com]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: https://user-8000-dev-ed.my.salesforce.com Message: Failed to obtain Service Provider data by provider ID. Provider ID: https://user-8000-dev-ed.my.salesforce.com.]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for idp: https://user-8000-dev-ed.my.salesforce.com.]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SSO.java][processRequest][Transaction with ID: 2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be failed. Reason: NO_PROVIDER_INFO_FOUND]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SSO.java][processRequest][No SAML2 provider information found for SP https://user-8000-dev-ed.my.salesforce.com.]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][SSO.java][processRequest][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

[12/10/2015][23:40:43][23110][147090288][][agentcommon][][Requesting data for ConfigManager ID /root/CA/webagent/config/SmHost.conf and SmAgentConfig ID /root/CA/webagent_optionpack/config/WebAgent.conf]

[12/10/2015][23:40:43][23110][147090288][][agentcommon][][Administration Manager is returning data for ConfigManager ID /root/CA/webagent/config/SmHost.conf and SmAgentConfig ID /root/CA/webagent_optionpack/config/WebAgent.conf]

[12/10/2015][23:40:43][23110][147090288][][agentcommon][][Requesting data for ConfigManager ID /root/CA/webagent/config/SmHost.conf and SmAgentConfig ID /root/CA/webagent_optionpack/config/WebAgent.conf]

[12/10/2015][23:40:43][23110][147090288][][agentcommon][][Administration Manager is returning data for ConfigManager ID /root/CA/webagent/config/SmHost.conf and SmAgentConfig ID /root/CA/webagent_optionpack/config/WebAgent.conf]

[12/10/2015][23:40:43][23110][147090288][2c68f9cf-8c88d91a-ea0da76e-d7d4679f-c3c35247-be][ErrorRedirectionHandler.java][redirectToE

The Apache WA always returns 500 on any URL. However, I don't see any meaningful info in apache error_log.

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSem::getSem] Attached to semaphore 1867787 using key 0x68087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSem::getSem] Attached to semaphore 1900556 using key 0x69087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSem::getSem] Attached to semaphore 1638404 using key 0x32087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSharedSegment::smalloc] Attached to shared memory segment 819201 using key 0x61087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSem::getSem] Attached to semaphore 1703942 using key 0x33087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSharedSegment::smalloc] Attached to shared memory segment 884739 using key 0x62087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSem::getSem] Attached to semaphore 1736711 using key 0x34087048

[10/Dec/2015:16:47:00] [Info] [CA WebAgent IPC] [23324] [CSmSharedSegment::smalloc] Attached to shared memory segment 917508 using key 0x63087048

[10/Dec/2015:16:47:00] [Information] SiteMinder Agent

        SiteMinder agent is running.

[10/Dec/2015:16:47:16] [Information] SiteMinder Agent

        SiteMinder agent is enabled.

[10/Dec/2015:16:47:16] [Information] SiteMinder Agent

        Configuration file path:

        '/usr/local/apache2/conf/WebAgent.conf'.