Symantec IGA

  • 1.  Unable to retrieve user from the SM Token

    Posted Aug 01, 2017 04:33 AM

    Hi everyone,

    I am installing CA IM (14) with Siteminder (12.6): I configured my domain to protect a web resource. But when I am trying to log in and to pass through the authentication page, I have these errors lines in IM logs:

    Have you any idea please ?

     

    2017-08-01 10:29:35,629 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,629 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,629 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,687 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,687 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,687 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,717 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,717 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,717 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,732 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,732 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,732 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,764 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,764 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,764 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,779 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,779 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,779 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,811 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,811 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,811 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,826 WARN [ims.ui] (default task-15) orig SMTOKEN : -SM-{RC2}8HhlYOonQ2O0erujYfuUVxfbbExutkQbkqbrsmW4i47CIxjQwTtSqzTc6otaluIqyxxqDmd3Kto=
    2017-08-01 10:29:35,842 WARN [ims.ui] (default task-15) Unable to determine user from SiteMinder token: No items found
    2017-08-01 10:29:35,842 WARN [ims.ui] (default task-15) Retrying with a newer version of the SMTOKEN.
    2017-08-01 10:29:35,857 ERROR [ims.ui] (default task-15) Exception during page display:

    java.lang.NullPointerException
    at java.io.File.<init>(File.java:277)
    at org.apache.jsp.app.Arva1.index_jsp._jspService(index_jsp.java:260)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)



  • 2.  Re: Unable to retrieve user from the SM Token
    Best Answer

    Posted Aug 02, 2017 08:35 AM

    Customer has opened a support case and is working with CA Support.



  • 3.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Sep 11, 2017 04:49 AM

    I am  having the same issue, and I am using CA IM 14.1 with CA SSO 12.7.

     

    IM Logs:

    18:29:20,852 WARN  [ims.ui] (default task-8) Unable to determine user from SiteMinder token: No items found
    18:29:20,852 WARN  [ims.ui] (default task-8) Retrying with a newer version of the SMTOKEN.
    18:29:20,954 WARN  [ims.ui] (default task-8)  orig    SMTOKEN : -SM-{RC2}mfubJXaqaga+hFyLVnOTYoHYJ+ZOlOD4qUKftVsZFy4JW/yetqjNL5ozGVW1epvH
    18:29:20,957 WARN  [ims.ui] (default task-8) Unable to determine user from SiteMinder token: No items found
    18:29:20,957 WARN  [ims.ui] (default task-8) Retrying with a newer version of the SMTOKEN.
    18:29:21,058 WARN  [ims.ui] (default task-8)  orig    SMTOKEN : -SM-{RC2}mfubJXaqaga+hFyLVnOTYoHYJ+ZOlOD4qUKftVsZFy4JW/yetqjNL5ozGVW1epvH
    18:29:21,059 WARN  [ims.ui] (default task-8) Unable to determine user from SiteMinder token: No items found
    18:29:21,060 WARN  [ims.ui] (default task-8) Retrying with a newer version of the SMTOKEN.
    18:29:21,160 WARN  [ims.ui] (default task-8)  orig    SMTOKEN : -SM-{RC2}mfubJXaqaga+hFyLVnOTYoHYJ+ZOlOD4qUKftVsZFy4JW/yetqjNL5ozGVW1epvH
    18:29:21,161 WARN  [ims.ui] (default task-8) Unable to determine user from SiteMinder token: No items found
    18:29:21,161 WARN  [ims.ui] (default task-8) Retrying with a newer version of the SMTOKEN.
    18:29:21,264 WARN  [ims.ui] (default task-8)  orig    SMTOKEN : -SM-{RC2}mfubJXaqaga+hFyLVnOTYoHYJ+ZOlOD4qUKftVsZFy4JW/yetqjNL5ozGVW1epvH
    18:29:21,265 WARN  [ims.ui] (default task-8) Unable to determine user from SiteMinder token: No items found
    18:29:21,266 WARN  [ims.ui] (default task-8) Retrying with a newer version of the SMTOKEN.
    18:29:21,373 ERROR [ims.ui] (default task-8) Exception during page display:

    java.lang.NullPointerException
     at java.io.File.<init>(File.java:277)
     at org.apache.jsp.app.imcss.index_jsp._jspService(index_jsp.java:242)

     

    Additionally I am getting "Exception during page display" when viewing the public pages in IM.

     

    I am seeing this error only when accessing "/iam/im/pubsao/imcss/index.jsp?task.tag=CSPasswordQuestionServices" and NOT when accessing "/iam/im/pubsao/ui7/index.jsp?task.tag=CSPasswordQuestionServices".

    Do you have any pointers?



  • 4.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Sep 11, 2017 11:29 AM

    Lakshman,

     

    What is the webagent version which is frond-ending the IDM url ?

     

    This seems to me that webagent version compatibility issue with IDM and SMTOKEN encoding problem. But this was fixed from IDM 12.6 SP5 CR1.

     

    The root cause of the issue could be due to the SMTOKEN generated by the web agent is prefixed with -SM- which might cause IDM unable to understand/decode.

     

    Can you please capture the http trace and check it out the SMTOKEN name ? if it matches above scenario, try to remove the prefix -SM- manually from SMTOKEN and hit enter on the same browser session ? which would confirm the issue/cause.

     

    Regards

    Ashok



  • 5.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Sep 11, 2017 07:51 PM

    Ashok,

    Webagent version is 12.52-sp01-cr06.

    I don't think the issue is SMTOKEN prefixed with -SM-, because the same SMTOKEN works with "/iam/im/pubsao/ui7/index.jsp?task.tag=CSPasswordQuestionServices" default skin and I could see the page.

    After your suggestion, I tested removing -SM- from SMTOKEN and found the same results, ui7 url works an imcss url shows Exception during page display.



  • 6.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Sep 12, 2017 12:44 AM

    Ashok,

    I figured out "Exception during page display" issue.

    It was with the index.jsp file in imcss location. In earlier version a file object was used in index.jsp and in new version 14.0/14.1 file object was not used.

    When we replace the imcss/index.jsp file from old environment to new environment, the issue arises because of the file object.



  • 7.  Re: Unable to retrieve user from the SM Token

    Posted Nov 03, 2017 08:51 PM

    I'm having the same issue of the SMTOKEN; you mentioned you solved the problem with the jsp, did you solve also the problem with the SMTOKEN ?

     

    Also, when i try to reset a user password through the IAM UI i get the following error:

    Password Validation Failed: Corrupted buffer returned from server.

     

    IDM Version: 14.1



  • 8.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Nov 08, 2017 07:03 AM

    Problem with SMTOKEN was not resolved. Since it is a warning we managed to go with that.

    The change I made in JSP was related to branding changes.

    For password validation error, pls see your password composition policies and also look if your user store is forcing any password policies



  • 9.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Dec 10, 2017 11:06 PM

    I am also running into the similar issue in one of my recent setup and we are ignoring these errors as these are not causing real issue, This could be a potential product issue.

     

    I am using IDM 14.1 with SSO 12.52 SP1 CR06.



  • 10.  Re: Unable to retrieve user from the SM Token

    Broadcom Employee
    Posted Sep 12, 2017 11:52 AM

    I am glad you figured out the issue.  That was a good catch. I was running into the similar issue some months back but the root cause was SMTOKEN encoding problem due to the webagent-IDM compatibility.