Symantec Access Management

  • 1.  SM Session Cookie not generated

    Posted Aug 09, 2016 04:58 PM

    We use Cert based authentication schema to access one of the SSO application. Currently, when logging into the application selecting the certificate, it will show us a custom message that the cert provided was invalid.

     

    Issue occurs for one account. The AD account for the user looks good, Certificate issuer is valid as mentioned in the Certificate mapping.

    There is no SM Session Cookie being generated.

     

     

    SM Trace Logs shows that the Authentication attempt failed. Below is the log file for the user.

     

    Can anyone help me with this. The issue occurs for only one account as of now.

     

     

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:1751][CSm_Auth_Message::AuthenticateUser][1c452691-e97f7dbb-d8772302-34860eb5-49f7189d-2cc][spsdmzagent-cert01-nj][/][][][/][Certificate Auth Domain-MCW-VM][ADUserDirVIP][][][][][][][][][][][][][Evaluating OnAuthAttempt policy...][][][][][][5][0][mcw-vm.coach.com_Coach_x509_or_form][][][][][][][][][06-04e22671-6228-4c37-b40b-6882d7b200f0][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1409][CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][Enter function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1447][CSmAz::IsOk][][][][][][/][Certificate Auth Domain-MCW-VM][][][][][][][][][][][][][][Start of user policy analysis for realm.][][][][][][][][][][][][][][][][][06-04e22671-6228-4c37-b40b-6882d7b200f0][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][0b-0abaa1d9-a0fa-4261-8f33-4adc9275269e][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1862][CSmAz::IsOk][][][][][][][][][][][][][][No applicable Policy found. ][][][][][][][IsOk? No.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1864][CSmAz::IsOk][][][][][][][][][][][][][false][][][][][][][][Leave function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:2311][CSmAz::IsOkGlobal][][][][][][][][][][][][][][][][][][][][][Enter function CSmAz::IsOkGlobal][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][03-f977b03f-e1de-450d-8117-5a88d4405214][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:2333][CSmAz::IsOkGlobal][][][][][][/][Certificate Auth Domain-MCW-VM][][][][][][][][][][][][][][Evaluating OnAuthAttempt global policies in the realm.][][][][][][][][][][][][][][][][OnAuthAttempt][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1409][CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][Enter function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1447][CSmAz::IsOk][][][][][][/][Certificate Auth Domain-MCW-VM][][][][][][][][][][][][][][Start of user policy analysis for realm.][][][][][][][][][][][][][][][][][06-04e22671-6228-4c37-b40b-6882d7b200f0][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1862][CSmAz::IsOk][][][][][][][][][][][][][][No applicable Policy found. ][][][][][][][IsOk? No.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:1864][CSmAz::IsOk][][][][][][][][][][][][][false][][][][][][][][Leave function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthorization.cpp:2347][CSmAz::IsOkGlobal][][][][][][][][][][][][][false][][][][][][][][Leave function CSmAz::IsOkGlobal][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:101][g_ServerTrace][][][][][][][][][][][][][][][][][][][][Cleaning up][SmSamlDataContext::~SmSamlDataContext: Cleaning up][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:4293][CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmObjCache.cpp:824][CSmObjCache::Fetch][][][][][][][][][][][][][][][][][][][][][Retrieve an object from the object cache.][][][][06-04e22671-6228-4c37-b40b-6882d7b200f0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][03-f977b03f-e1de-450d-8117-5a88d4405214][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][][][][0d-fa7553bd-e3e5-4212-98c7-13343245b1c7][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthCertorForm.cpp:200][SmAuthQuery][][][][][][][][][][][][][][][][][][][][][Enter function SmAuthQuery][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthCertorForm.cpp:272][SmAuthQuery][][][][][][][][][][][][][Sm_AuthApi_Success][][][][][][][][Leave function SmAuthQuery][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:4627][CSm_Auth_Message::SendReply][s1729036/r1036][spsdmzagent-cert01-nj][][][][/][Certificate Auth Domain-MCW-VM][ADUserDirVIP][][][][][][][][][][][][][** Status: Authentication Attempt Failed. ][][][][][][][][mcw-vm.coach.com_Coach_x509_or_form][][][][][][][][][06-04e22671-6228-4c37-b40b-6882d7b200f0][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:4631][CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Leave function CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:1848][CSm_Auth_Message::AuthenticateUser][][][][][][][][][][][][][ok][][][][][][][][Leave function CSm_Auth_Message::AuthenticateUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.046801]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][AgentAuth.cpp:317][CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][20][][][][][][][][Leave function CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.046801]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][Sm_Auth_Message.cpp:513][CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][20][][][][][][][][Leave function CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.046801]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthUser.cpp:1452][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Enter function CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][SmAuthUser.cpp:1504][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Leave function CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:11.798][16:11:11][2268][3016][CServer.cpp:5875][CServer::ProcessRequest][][][][][][][][][][][][][20][][][][][][][][Leave function CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.046801]

    [08/09/2016][16:11:11.813][16:11:11][2268][3804][SmDsLdapConnMgr.cpp:628][PingServer][][][][][][][][][][][][][][][cadir.global.coach.com][389][][][][][LDAP Server Ping Successful][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][3028][CServer.cpp:3166][CAgentAcceptHandler::HandleInput][][][][][][][][][][][][][][][][][][][][][Received connection request][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][3028][CServer.cpp:1818][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][172.27.21.4][47381][][][][][Enqueuing a High Priority Message, from IP 172.27.21.4 with Port No 47381. Current count is 1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:1382][ThreadPool::Run][][][][][][][][][][][][][][][172.27.21.4][47381][][][][][Dequeuing a High Priority message, from IP 172.27.21.4 with Port No 47381. Current count is 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:2075][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][172.27.21.4][47381][][][][][New connection attempt from client host][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:1965][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3159][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:1970][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00020] Handshake error: Failed to receive client hello. Client disconnected][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:2137][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-01070] Failed handshake with 172.27.21.4:47381][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:2143][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][172.27.21.4][47381][][][][][Handshake error with trusted host  with IP 172.27.21.4 on Port No 47381][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.000][16:11:12][2268][2976][CServer.cpp:3048][CAgentMessageHandler::HandleClose][][][][][][][][][][][][][][][172.27.21.4][47381][][][][][Ending client session #1745708][][][][][][][][][][][][][1745708][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:12.796][16:11:12][2268][3232][SmObjCache.cpp:522][CSmObjCache::Cleanup][][][][][][][][][][][][][][][][][][][][][Cleanup the object cache.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][3028][CServer.cpp:3166][CAgentAcceptHandler::HandleInput][][][][][][][][][][][][][][][][][][][][][Received connection request][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][3028][CServer.cpp:1818][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][172.27.21.5][42796][][][][][Enqueuing a High Priority Message, from IP 172.27.21.5 with Port No 42796. Current count is 1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:1382][ThreadPool::Run][][][][][][][][][][][][][][][172.27.21.5][42796][][][][][Dequeuing a High Priority message, from IP 172.27.21.5 with Port No 42796. Current count is 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:2075][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][172.27.21.5][42796][][][][][New connection attempt from client host][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:1965][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3159][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:1970][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00020] Handshake error: Failed to receive client hello. Client disconnected][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:2137][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-01070] Failed handshake with 172.27.21.5:42796][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:2143][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][172.27.21.5][42796][][][][][Handshake error with trusted host  with IP 172.27.21.5 on Port No 42796][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.498][16:11:13][2268][2976][CServer.cpp:3048][CAgentMessageHandler::HandleClose][][][][][][][][][][][][][][][172.27.21.5][42796][][][][][Ending client session #1745709][][][][][][][][][][][][][1745709][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:13.810][16:11:13][2268][3232][SmObjCache.cpp:522][CSmObjCache::Cleanup][][][][][][][][][][][][][][][][][][][][][Cleanup the object cache.][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3028][CServer.cpp:1818][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][172.27.21.6][53813][][][][][Enqueuing a Normal Priority Message, from IP 172.27.21.6 with Port No 53813. Current count is 1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][CServer.cpp:1382][ThreadPool::Run][][][][][][][][][][][][][][][172.27.21.6][53813][][][][][Dequeuing a Normal Priority message, from IP 172.27.21.6 with Port No 53813. Current count is 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][CServer.cpp:5689][CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][Enter function CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmAuthUser.cpp:1399][CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Enter function CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmAuthUser.cpp:1447][CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Leave function CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][Sm_Auth_Message.cpp:500][CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][AgentAuth.cpp:36][CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][guid not set][Receive request attribute 169, data size is 12][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][1470764480][Receive request attribute 199, data size is 10][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][1470773474][Receive request attribute 159, data size is 10][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][-8][Receive request attribute 165, data size is 2][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][128][Receive request attribute 166, data size is 3][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][1][Receive request attribute 148, data size is 1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][][Receive request attribute 149, data size is 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][<SMMON:ComponentRegistered xmlns:SMMON='http://netegrity.com/monitor'><Host HostId='10.80.14.26'><SmComponent CompPath='Agent;2228'></SmComponent></Host></SMMON:ComponentRegistered><SMMON:ComponentData xmlns:SMMON='http://netegrity.com/monitor'><Host HostId='10.80.14.26'><SmComponent CompPath='Agent;2228' Version='12.52QMR01'><Name>fedexpagent-njopwidmweb01</Name><Info>Product=WebAgent,Platform=APACHE22/Windows,Version=12.52QMR01,Update=HF01,Label=640,FileVersion=12.52.0101.640,UTC=1463931024,TZ=-8,Crypto=128</Info><ResourceCacheHits>236590</ResourceCacheHits><ResourceCacheMisses>29038</ResourceCacheMisses><UserSessionCacheHits>4021</UserSessionCacheHits><UserSessionCacheMisses>17207</UserSessionCacheMisses><IsProtectedCount>29038</IsProtectedCount><IsProtectedErrors>470</IsProtectedErrors><LoginCount>8802</LoginCount><LoginErrors>0</LoginErrors><LoginFailures>2583</LoginFailures><ValidationCount>8405</ValidationCount><ValidationErrors>0</ValidationErrors><ValidationFailures>0</ValidationFailures><AuthorizeCount>14969</AuthorizeCount><AuthorizeErrors>0</AuthorizeErrors><AuthorizeFailures>3982</AuthorizeFailures><CrosssiteScriptHits>0</CrosssiteScriptHits><BadURLCharsHits>0</BadURLCharsHits><BadCookieHitsCount>65</BadCookieHitsCount><ExpiredCookieHitsCount>965</ExpiredCookieHitsCount><IsProtectedAvgTime>521</IsProtectedAvgTime><LoginAvgTime>353</LoginAvgTime><ValidationAvgTime>345</ValidationAvgTime><AuthorizeAvgTime>267</AuthorizeAvgTime><ResourceCacheCount>15</ResourceCacheCount><UserSessionCacheCount>7</UserSessionCacheCount><ResourceCacheMax>750</ResourceCacheMax><UserSessionCacheMax>750</UserSessionCacheMax></SmComponent></Host></SMMON:ComponentData>][Receive request attribute 145, data size is 1682][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s1735021/r288][th-hkopwidmweb02][][][][][][][][][][][][][][][][][][FALSE][Receive request attribute 134, data size is 5][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][AgentAuth.cpp:326][CSm_Auth_Message::AnalyzeAgentAuthMessage][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Auth_Message::AnalyzeAgentAuthMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][AgentAuth.cpp:371][CSm_Auth_Message::AnalyzeAgentAuthMessage][][][][][][][][][][][][][true][][][][][][][][Leave function CSm_Auth_Message::AnalyzeAgentAuthMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][Sm_Auth_Message.cpp:4293][CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][Sm_Auth_Message.cpp:4631][CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Leave function CSm_Auth_Message::SendReply][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][AgentAuth.cpp:317][CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][110][][][][][][][][Leave function CSm_Auth_Message::ProcessAgentMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][Sm_Auth_Message.cpp:513][CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][110][][][][][][][][Leave function CSm_Auth_Message::ProcessMessage][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmAuthUser.cpp:1452][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Enter function CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][SmAuthUser.cpp:1504][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Leave function CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.013][16:11:14][2268][3016][CServer.cpp:5875][CServer::ProcessRequest][][][][][][][][][][][][][110][][][][][][][][Leave function CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.091][16:11:14][2268][3028][CServer.cpp:3166][CAgentAcceptHandler::HandleInput][][][][][][][][][][][][][][][][][][][][][Received connection request][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][3028][CServer.cpp:1818][CAgentMessageHandler::HandleInput][][][][][][][][][][][][][][][172.27.21.4][44862][][][][][Enqueuing a High Priority Message, from IP 172.27.21.4 with Port No 44862. Current count is 1][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:1382][ThreadPool::Run][][][][][][][][][][][][][][][172.27.21.4][44862][][][][][Dequeuing a High Priority message, from IP 172.27.21.4 with Port No 44862. Current count is 0][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:2075][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][172.27.21.4][44862][][][][][New connection attempt from client host][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:1965][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3159][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:1970][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00020] Handshake error: Failed to receive client hello. Client disconnected][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:2137][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Server-01070] Failed handshake with 172.27.21.4:44862][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

    [08/09/2016][16:11:14.091][16:11:14][2268][2988][CServer.cpp:2143][CAgentMessageHandler::DoWork][][][][][][][][][][][][][][][1



  • 2.  Re: SM Session Cookie not generated

    Broadcom Employee
    Posted Aug 09, 2016 06:21 PM

    Hi Kevin,

     

    In your trace log, I do not see certificate processing details by policy server.

    Did you have full policy server tracing turned on?

    When "cert provided was invalid." error appears, was it from siteminder or your web server?

    If error is from siteminder policy server, it should have shown more about what exactly it complained about, or what it compared with?

     

    Thanks,

     

    Hongxu



  • 3.  Re: SM Session Cookie not generated

    Posted Aug 09, 2016 06:54 PM

    Yeah, as Hongxu said, the log snippet does't capture the authentication transacation.

    It has only the authorization transactions ..



  • 4.  Re: SM Session Cookie not generated
    Best Answer

    Posted Aug 10, 2016 09:41 AM

    Sorry I missed the Authentication logs.

    I was able to find out the reason behind this issue. It was the Certificates Subject that was causing an issue. We have set the following to be sent for authentication.

     

    String Sent to Directory for Authentication

    (uid=CN-From-Cert)

     

    The certificate's Subject (CN) wasn't showing the UID but was displaying the Display Name which the Policy Server couldn't identify and Authenticate the user's cert.



  • 5.  Re: SM Session Cookie not generated

    Posted Aug 10, 2016 09:45 AM

    Right, in that case the user look up would fail from the directory resulting in failed authentication

     

    Please help to mark this question as answered if you don't have any further pertaining to this.