AnsweredAssumed Answered

SP/IDP initiated journey is failing with 403 error

Question asked by PKSahu on Jun 6, 2016
Latest reply on Jun 17, 2016 by PKSahu

Hi All,

 

We have requirement to change the file ownership of CA component (CA SPS, CA Siteminder currently running with "root" ) to "smuser" and all process of SPS and CA siteminder should be running with "smuser" only not with "root".

 

we are successfully able to change file ownership from "root" to "smuser" for  CA SPS, while we change it in policy server user OS specific command ( chmod -R smuser:smgroups /apps/CA/) it changes properly policy server as well and process gets started with "smuser", but when we access any federated/partnership application it directly throws 403 forbidden error.  SPS logs  -

 

[06/04/2016][04:09:01][31771][1468935056][][agentcommon][][Administration Manager is returning data for ConfigManager ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 5, ]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: xyz.pqr.com/ Message: .]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for idp: abc.pqr.com/.]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SSO.java][processRequest][Transaction with ID: 542cb769-4b894776-7fdf0121-fb916320-ede301ba-49 failed. Reason: NO_PROVIDER_INFO_FOUND]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SSO.java][processRequest][No SAML2 provider information found for SP xyz.pqr.com/.]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][SSO.java][processRequest][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

[06/04/2016][04:09:01][31771][1468935056][][agentcommon][][Requesting data for ConfigManager ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]

[06/04/2016][04:09:01][31771][1468935056][][agentcommon][][Administration Manager is returning data for ConfigManager ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]

[06/04/2016][04:09:01][31771][1468935056][][agentcommon][][Requesting data for ConfigManager ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]

[06/04/2016][04:09:01][31771][1468935056][][agentcommon][][Administration Manager is returning data for ConfigManager ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /apps/CA/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]

[06/04/2016][04:09:01][31771][1468935056][542cb769-4b894776-7fdf0121-fb916320-ede301ba-49][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]

 

we were successfully implemented this scenario in QA ,only in production we are facing this issue, so we cannot do much changes in this environment. and the issue is only appearing for federated application, Please suggest me if anyone faced this issue before.

 

Thanks in advance.

 

Regards

Prashant

Outcomes